Privacy Policy

1. Who we are

clapsnap.me is operated by ClapSnap Oy, Helsinki, Finland. We are the data controller for personal data collected through the Service.

2. Data we collect

• Account data: email address, display name, date of birth.
• Collection data: cards collected, physical mint requests, print history.
• Usage data: login timestamps, drop interactions, wishlist items.
• Communications: if you opt-in, your email for drop announcements.

3. How we use it

• To operate your Collector Passport and fulfil print orders.
• To send transactional emails (verification codes, order confirmations).
• To send marketing emails only when you have explicitly opted in.
• To detect and prevent fraud or abuse.

4. Legal basis (GDPR)

We process your data on the basis of contract performance (account + orders), legitimate interest (security, anti-fraud), and consent (marketing emails).

5. CAPTCHA

We use Cloudflare Turnstile for bot protection during registration. Turnstile does not use cookies or behavioural tracking and is GDPR-compliant. See Cloudflare's Privacy Policy.

6. Data retention

Active account data is retained for as long as the account exists. When you delete your account, personal identifiers (email, name, avatar) are removed immediately. Transaction history is retained for 7 years for accounting purposes.

7. Your rights

Under GDPR you have the right to access, rectify, erase, and port your data, as well as to withdraw consent at any time. Contact us at privacy@clapsnap.me.

8. Cookies

We set a single authentication cookie (cs_token) — httpOnly, secure in production, 7-day expiry. No third-party tracking cookies are used.

9. Contact

Data protection questions: privacy@clapsnap.me