Try Snimio
Privacy policy

Your inbox.
Your data.

We tell you exactly what we collect, what we don't, and how we handle every byte. No legal traps.

Last updated · 2026-06-01 · Effective · 2026-06-01

1. Who we are

Snimio is operated by Flowix B.V., registered at Madridstraat 15, 1175 RK Lijnden, the Netherlands. Chamber of Commerce (KvK) number available on request. For privacy questions, reach us at privacy@flowix.io.

2. What we do not collect

This is the most important section, so it comes first.

  • We do not collect, scan or train on the content of your emails.
  • We do not embed third-party trackers, pixels, or analytics in the Snimio app.
  • We do not sell, rent or share your data with advertisers, ever.
  • We do not retain copies of your inbox on our servers. Your mail lives on your device.

3. What we do collect

Account data

When you create a Snimio account we store your email address, hashed password, plan, country (for tax) and the timestamp you signed up. That's it.

OAuth tokens

If you connect Gmail or Outlook, we store an encrypted refresh token so Snimio can sync on your device. The token is bound to your device and rotated on every refresh.

Inference metadata (no content)

When Snimio asks Claude to draft a reply, we log the model used, the response time and the token count. We do not log the prompt or the reply. This metadata is retained for 30 days for incident response, then deleted.

Billing data

Handled by our payment processor (Stripe). We see your country, plan and last-4 of the card, never the full PAN or CVV.

4. How long we keep it

  • Account data: as long as your account is active, plus 90 days after deletion (for accidental-deletion recovery).
  • OAuth tokens: rotated continuously, deleted within 24 hours of you disconnecting an account.
  • Inference metadata: 30 days.
  • Billing data: 7 years (statutory retention for invoicing in NL).

5. Your rights under GDPR

You can, at any time, without explaining yourself:

  • Request a copy of all data we hold about you (we reply within 14 days).
  • Ask us to correct anything inaccurate.
  • Ask us to delete your account and all associated data.
  • Object to any processing or withdraw consent.
  • File a complaint with the Dutch DPA (Autoriteit Persoonsgegevens).

Send any request to privacy@flowix.io. We never ask for ID, we authenticate via your account email.

6. Sub-processors

The complete list, updated whenever it changes:

  • Anthropic (Claude API), AI inference, EU routing, zero-retention API used. Email content passes through encrypted; nothing stored.
  • Hetzner (Falkenstein, DE), backend hosting.
  • Stripe, payments. Handles card data.
  • Postmark (EU), transactional email (password reset, billing receipts).

7. International transfers

All processing happens inside the EU/EEA. Our Anthropic API contract specifies EU-only routing. If that ever changes, we'll notify you 30 days in advance.

8. Language auto-detection

On your first visit, the site makes a single anonymous request to api.country.is to detect your country and set a matching site language (NL, DE, FR, ES or EN). Only your IP is shared with this service to return a country code, and only on the first page load before you choose a language. We do not store or pass on your IP. You can override the detected language at any time with the language switcher in the top-right.

9. Cookies on this website

The Snimio website uses a single first-party cookie for your language preference. No tracking, no analytics, no ad cookies. See cookies for the full list.

10. Changes to this policy

If we make material changes, we email all account holders and post a notice here at least 30 days before the change takes effect.

Have a privacy question? Email privacy@flowix.io. A real human reads every message, usually within a working day.