1. Who we are
SnapAgency LLC d/b/a "WhatSnap Agency" ("SnapAgency," "we," "us," "our") is a Wyoming limited liability company at 30 N Gould Street, Suite R, Sheridan, WY 82801, United States.
We provide a done-for-you ("DFY") managed messaging service: we configure and operate messaging lines (licensed from our affiliate iSnap LLC) on behalf of our Clients to enable them to send and receive iMessage, SMS, and WhatsApp messages bridged to GoHighLevel and other supported CRMs.
This Privacy Policy explains how we collect, use, share, and protect personal data when you (a) visit our marketing pages, (b) become a Client or prospective Client, (c) authorize a person to administer your account, (d) communicate with us, or (e) — if you are a Recipient of a message sent by a Client through our Services — interact with that Client's messaging activity.
2. Our role: joint controller for the messaging program
Because SnapAgency operates the messaging program for Client (Line selection, send timing, deliverability tuning, content recommendation, replacement of suspended Lines), we exercise material decisions about the means of processing the messages Client sends. We therefore consider ourselves joint controllers with Client under GDPR Article 26 (and the analogous concept in the California Privacy Rights Act and other U.S. state privacy laws) with respect to:
- the message content sent or received in connection with the DFY engagement;
- the recipient personal data (phone number, profile name where exposed by the channel) that flows through the configured Lines;
- the operational metadata (timestamps, delivery status, channel) that we use to manage Line health.
For data we collect about Clients, prospects, employees, and visitors in our ordinary business operations, we are an independent controller.
A more detailed allocation of responsibilities between SnapAgency and Client is set out in a Joint-Controller Arrangement included with the Master Services Agreement (or available on request at [email protected]).
2.1 What this means for Recipients
If you are a Recipient and you received a message routed through our Services, the business that sent the message is the primary party responsible for its content. SnapAgency assisted in operating that messaging program but the editorial decisions about who to contact and what to say were made by the Client and approved by them. To exercise privacy rights, you may contact either the Client directly or SnapAgency at [email protected]; we will reasonably cooperate to action your request.
3. Categories of personal data we collect
3.1 From Clients and prospects (we are controller)
- Account and billing: name, business email, phone, billing address, last four of payment card (full card data handled by Stripe), Order Form data.
- Identity verification and onboarding: business registration documents required for 10DLC and other carrier/platform registrations, beneficial-owner information, government ID where required for KYC (deleted on completion of verification per Section 7).
- Communications: support tickets, recorded onboarding and account-review calls (with notice), emails.
3.2 From the DFY messaging program (we are joint controller with Client)
- Message content (text bodies, attachments) sent or received on Lines provisioned to Client.
- Recipient personal data: phone number, profile identifiers exposed by the channel (e.g., iMessage Apple-ID display name, WhatsApp profile name where applicable).
- Operational metadata: timestamps, delivery and read receipts (where available), channel, Line used, error and bounce signals.
- Client's contact records and tags that flow through the GoHighLevel bridge.
3.3 Automatically (from website visits)
IP address, browser, OS, device identifiers, page-views, referral source, cookies (see Section 9).
3.4 From third parties
- iSnap LLC — Line-health signals (carrier delivery codes, Line status, throughput, suspensions).
- WhatSnap LLC — where the WhatSnap platform sits between SnapAgency and the messaging channels, the platform shares operational signals with us.
- Carrier and aggregator partners — registration and compliance signals related to Client's campaigns.
- GoHighLevel — sub-account and conversation data as configured by Client.
- Stripe — payment status and limited card data (BIN, last four, brand).
3.5 Sensitive personal data
We do not knowingly collect sensitive personal data. We do not provide HIPAA-regulated services unless a Business Associate Agreement is separately executed.
4. How we use personal data
We use personal data to:
- Operate the DFY service — configure, monitor, maintain, and replace Lines; bridge messages to GoHighLevel; tune deliverability;
- Manage Client accounts — provisioning, billing, support, account reviews;
- Comply with carrier, platform, and regulatory requirements — including 10DLC registration, sender-ID compliance, and responding to carrier or platform inquiries about Client traffic;
- Detect and prevent abuse — fraud, AUP violation, account takeover, regulatory risk;
- Improve our service — aggregated, de-identified analytics; trend analysis on Line-health to refine our deliverability practices;
- Market our service — to existing and prospective Clients, with opt-out as required by law;
- Comply with legal obligation, enforce our agreements, and defend claims.
For data processed under our joint-controller role, the legal bases under GDPR (where applicable) are contract performance (Art. 6(1)(b)) for the Client and legitimate interests (Art. 6(1)(f)) for SnapAgency's operational role, subject to the upstream consent that the Client warrants under the Master Services Agreement. For data we use as controller, see the legal-basis matrix in the WhatSnap LLC Privacy Policy, applied mutatis mutandis.
We do not use Client Data, message content, or Recipient personal data to train general-purpose machine-learning models. Aggregated, de-identified statistics may be used for service improvement.
5. How we share personal data
5.1 Our affiliate iSnap LLC
We share Line-configuration data, operational signals, and Recipient telephone numbers with iSnap LLC in our capacity as licensee of iSnap's Lines. iSnap is our affiliate, processes data under its own [Privacy Policy], and is bound by a written data-processing arrangement between us.
5.2 WhatSnap LLC
The WhatSnap platform that underpins the DFY service is operated by WhatSnap LLC, our affiliate. WhatSnap LLC processes message content as a processor on our (joint-controller) instructions in this engagement.
5.3 Other service providers
- Cloud hosting and infrastructure
- Database / storage
- Payment processing (Stripe)
- Transactional email and notifications
- Customer-support tooling
- Error monitoring and observability
- Product analytics for marketing site
- Tax compliance
- Carrier APIs (Twilio, where Client elects)
- Background-check / KYC providers (only at onboarding, where required for 10DLC)
A current subprocessor list is maintained at whatsnap.ai/legal/subprocessors.
5.4 Carriers, aggregators, and messaging platforms
Outbound messages must be transmitted through the relevant carrier and platform; we have no separate privacy relationship with these third parties beyond their standard terms.
5.5 Professional advisors and corporate transactions
Legal, accounting, audit, banking, insurance advisors; counterparties in any M&A or financing transaction (subject to commitments at least as protective as this Policy).
5.6 Law enforcement and legal process
We may disclose personal data when required by law, regulation, court order, subpoena, or other legal process, or to protect rights, property, or safety.
5.7 We do not sell personal data for money
Same as WhatSnap LLC's Privacy Policy §5.7.
6. Security
Same baseline as WhatSnap LLC's Privacy Policy §6 (TLS in transit, encryption at rest where supported, role-based access control, MFA on production access, logging and monitoring, vulnerability scanning, third-party annual penetration testing where commissioned, documented incident response). Where SnapAgency personnel access Client's GoHighLevel sub-account, access is scoped to the minimum needed and is logged.
Breach notification: as required by applicable law, including notification to Client as joint controller without undue delay.
7. Retention
| Data category | Retention period |
|---|---|
| Account and billing data for Clients | Life of account + thirty-six (36) months after closure |
| Message content and attachments (DFY processing) | Duration of the engagement; on termination, deleted or anonymized within ninety (90) days unless retention required by law, audit, regulator, or active legal hold |
| Recipient phone numbers and metadata | Same as message content |
| KYC and onboarding documents | Until verification complete plus statutory retention (typically 5 years for AML purposes) |
| Recorded calls (with notice) | Twenty-four (24) months from the call |
| Billing and tax records | Seven (7) years |
| Security and audit logs | Raw: ninety (90) days; aggregated: longer |
| Support tickets | Five (5) years from last interaction |
| Marketing data | Until unsubscribe; suppression record retained indefinitely |
| Aggregated, de-identified data | May be retained indefinitely |
Deletion requests are honored within the period required by applicable law (typically 30–45 days); some data may persist in encrypted backups until rotated under the backup-retention policy.
8. Your rights
Same set of rights as the WhatSnap LLC Privacy Policy §8 (GDPR/UK GDPR access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to supervisory authority; CCPA/CPRA right to know, correct, delete, opt-out of sale/sharing, limit sensitive PI use; rights under Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware state laws). Requests to [email protected].
For Recipient requests about messaging activity managed under the DFY engagement, the request may be made to either us or to the Client; we will coordinate with the Client to action it.
9. Cookies
Cookies on the SnapAgency marketing site behave the same as on the WhatSnap LLC site — strictly necessary, functional, analytics, and marketing categories. EU/UK visitors will see a cookie banner enabling granular consent. Global Privacy Control honored. See WhatSnap LLC Privacy Policy §9 for further detail.
10. International transfers
Same posture as WhatSnap LLC's Privacy Policy §10 — US-based primary infrastructure, EU SCCs (Module 2 controller-to-processor, Module 3 processor-to-processor, Module 4 processor-to-controller for the reverse flow where applicable), UK IDTA, Swiss equivalents. Available on request from [email protected].
11. Children
The Services are B2B and not directed to children under sixteen (16). We do not knowingly collect personal data from children.
12. Automated decision-making
We do not engage in solely automated decision-making that produces legal or similarly significant effects on individuals.
13. Direct marketing by SnapAgency to Recipients
SnapAgency does not initiate marketing messages to Recipients on its own behalf. All marketing messages routed through the Services originate from Client and are approved by Client. Recipients should direct unsubscribe requests to the Client (per the opt-out instructions in the message) or to [email protected]; we will coordinate with Client to ensure the opt-out is honored on every Line.
14. Changes
Same as the WhatSnap LLC Privacy Policy §14: non-material changes effective on posting; material changes with thirty (30) days' notice to Client's account administrator.
15. Contact
SnapAgency LLC — Attn: Privacy 30 N Gould Street, Suite R Sheridan, WY 82801 United States
If you are an EU/UK resident, you may also lodge a complaint with your local supervisory authority. We invite you to contact us first.
