Privacy Policy
Effective date: May 25, 2026
1. Overview
This Privacy Policy describes how SNcode ("we", "us"), owned and operated by Pavlo Gusar, handles information in connection with SNcode (the "App"). SNcode is designed with a local-first architecture: the vast majority of your data never leaves your device.
2. What we collect on our servers
When you sign in with Google, Google shares the following profile information with us. We store only the minimum required to operate your account and track usage:
- Email address — used to identify your account and send essential service communications
- Full name — used to personalise your in-app profile display
- Profile photo — used to display your avatar within the App
- User ID — a unique identifier linked to your account
- Token usage counts — aggregate totals used for quota tracking and billing purposes
We do not collect, store, or have access to your ServiceNow credentials, conversation content, attached files, or any other data you process through the App.
3. Sign-in provider — Google
SNcode uses Google OAuth 2.0 for authentication. When you sign in, Google authenticates your identity and shares your email address, full name, and profile photo with us. We do not receive your Google password or any other Google account data.
Google processes your authentication data under their own privacy policy. We strongly recommend reviewing the Google Privacy Policy to understand how Google handles your data during the sign-in process.
4. Data stored locally on your device
The following data is stored only on your device and is never transmitted to our servers:
- ServiceNow instance URLs and API credentials
- Conversation and chat history
- Attached files and documents
- Script execution history and outputs
- Application settings and preferences
5. Data sent to Anthropic (AI requests)
When you send a message in SNcode, the content of that message — including any attached file excerpts you include — is sent directly to the Anthropic Claude API to generate a response. This communication goes from your device to Anthropic; it is not routed through or stored on our servers.
Anthropic processes this data under their own privacy policy and terms of service. We strongly recommend reviewing the Anthropic Privacy Policy before sending sensitive data. Avoid pasting credentials, personally identifiable information, or confidential business data into chat messages unless you are comfortable with those appearing in an Anthropic API request.
AI output limitations
Large language models can produce incorrect, incomplete, or misleading output. All AI-generated code, scripts, and recommendations must be reviewed by a qualified human before execution or deployment. We are not responsible for decisions or actions taken based on AI-generated content.
6. How we use your data
We use the data we collect solely to:
- Authenticate your account and maintain your session
- Track token usage for quota enforcement and billing
- Send essential service communications (e.g., account or billing notices)
- Comply with applicable legal obligations
We do not sell your data to third parties. We do not use it for advertising.
Legal basis for EU/EEA users (GDPR): We process your account data (email address, full name, profile photo, user ID) on the basis of contract performance — this information is necessary to create and operate your account. We process token usage counts on the basis of legitimate interests in enforcing usage quotas and operating a sustainable service. Where required by law, processing rests on a legal obligation.
7. Data sharing
We do not share your personal data with third parties except in the following limited circumstances:
- Service providers who help us operate our infrastructure (e.g., authentication, payment processing), bound by confidentiality obligations
- When required by law, court order, or a valid government request
- In connection with a merger, acquisition, or sale of assets, where your data would transfer subject to the same privacy protections
International transfers: Our service providers — including Google (authentication) and payment processors — may be located in the United States or other countries outside the European Economic Area. Where required, these transfers are conducted under appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
8. Data retention
We retain your account data (email, user ID, token usage) for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within a reasonable period, unless retention is required by law.
9. Your rights
EU / EEA residents (GDPR)
Under the General Data Protection Regulation you have the right to:
- Access — obtain a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data where no overriding legal reason exists to retain it
- Restriction — ask us to pause processing while a dispute is resolved
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Lodge a complaint — contact your local data protection supervisory authority if you believe we are processing your data unlawfully
California residents (CCPA)
Under the California Consumer Privacy Act you have the right to:
- Know — request disclosure of the categories and specific pieces of personal information we have collected about you
- Delete — request deletion of your personal information, subject to certain exceptions
- Correct — request correction of inaccurate personal information
- Opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising
- Non-discrimination — we will not deny you services, charge you different prices, or provide a different quality of service because you exercised any of these rights
To exercise any of these rights, email support@sncode.dev. We will respond within 30 days, or sooner where required by applicable law.
10. Children
SNcode is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the latest revision was made. We will notify users of material changes through the App or email.
12. Contact
For privacy questions or data requests, email support@sncode.dev.