← Back to Home

Privacy Policy

Last updated: April 16, 2026 · Effective date: April 16, 2026

Shanghai Snowball Digital Intelligence Technology Co., Ltd. ("Snowball," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website snowballtech.com, use our OnBoard™ products and services, or otherwise interact with us.

This Policy is issued in compliance with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

1. Data Controller

Shanghai Snowball Digital Intelligence Technology Co., Ltd. is the Data Controller for personal data processed under this Policy. If you have questions about this Policy or wish to exercise your rights, contact us at privacy@snowballtech.com.

2. Information We Collect

2.1 Information You Provide Directly

When you submit a form on our website (Book a Demo, Contact Us, Partner Inquiry, Whitepaper Download, or Newsletter Subscribe), we collect:

  • First name and last name
  • Work email address
  • Company / organization name
  • Job title or role
  • Product stage and interested module (for demo requests)
  • Region (for whitepaper downloads)
  • Partner type (for partner inquiries)
  • Message content and inquiry details
  • Marketing consent preferences

2.2 Information Collected Automatically

When you visit our website, we automatically collect limited technical information necessary for website operation and security:

  • IP address and approximate geolocation (country/region only)
  • Browser type, version, and operating system
  • Referrer URL and pages visited
  • Device type and screen resolution
  • Session timestamps

For details on cookies and similar technologies, see our Cookie Policy.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases:

  • Consent (Art. 6(1)(a)) — for marketing communications, newsletters, and non-essential cookies. You may withdraw consent at any time.
  • Contract performance (Art. 6(1)(b)) — to respond to demo requests, sales inquiries, and deliver content (e.g., whitepaper PDFs) you have requested.
  • Contract performance (Art. 6(1)(b)) — to respond to demo requests, sales inquiries, and deliver content (e.g., whitepaper PDFs) you have requested.
  • Contract performance (Art. 6(1)(b)) — to respond to demo requests, sales inquiries, and deliver content (e.g., whitepaper PDFs) you have requested.

4. How We Use Your Information

  • Respond to your inquiries, demo requests, and partner applications
  • Deliver whitepapers, technical content, and resources you request
  • Send you marketing communications if you have opted in
  • Improve our website, products, and services
  • Detect, prevent, and address security threats
  • Comply with legal obligations and enforce our Terms of Service

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Sharing and Disclosure

We do not sell your personal data in exchange for monetary consideration. We share your data only with the service providers listed below under contractual data protection obligations, where required by law, or in the limited circumstances described in this section. If you have consented to marketing cookies, limited technical identifiers may be shared with advertising platforms (e.g., LinkedIn) for measurement purposes — such sharing may qualify as "sharing" under CCPA/CPRA and can be withdrawn at any time via our cookie preferences.

5.1 Service Providers (Sub-processors)

We engage trusted third-party service providers to operate our business, bound by Data Processing Agreements (DPAs) compliant with GDPR Article 28. Our principal sub-processors include:

  • HubSpot, Inc. (CRM and marketing automation) — USA, transfers covered by Standard Contractual Clauses
  • Amazon Web Services (hosting and infrastructure) — EU regions used where possible
  • Google LLC — Google Analytics 4 (website analytics, IP-anonymized) — set only if analytics cookies are accepted
  • Google LLC — Google Analytics 4 (website analytics, IP-anonymized) — set only if analytics cookies are accepted
  • Google LLC — Google Analytics 4 (website analytics, IP-anonymized) — set only if analytics cookies are accepted

For an up-to-date list of sub-processors, contact privacy@snowballtech.com.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government request, or when necessary to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.

6. International Data Transfers

Snowball is headquartered in Shanghai, China, and our service providers may process data in other jurisdictions including the United States and the European Economic Area. When we transfer personal data outside the EEA/UK, we rely on:

  • European Commission adequacy decisions where available
  • Standard Contractual Clauses (SCCs) as approved by the European Commission
  • Supplementary measures (encryption in transit and at rest) to ensure equivalent protection

You may request a copy of the safeguards we apply by contacting privacy@snowballtech.com.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

  • Inquiry, demo request, and whitepaper download data: up to 24 months after last interaction
  • Marketing consent records: until consent is withdrawn, plus 3 years thereafter for legal evidence
  • Customer relationship data (after a commercial agreement is signed): for the duration of the contract plus 6 years
  • Website analytics data (aggregated): up to 14 months
  • Tax, accounting, and other legally mandated records: as required by applicable law (typically 6–10 years; longer where specific laws apply)

After retention periods expire, we securely delete or anonymize your data.

8. Your Rights Under GDPR

If you are located in the EEA, UK, or other jurisdictions with similar laws, you have the following rights:

  • Right of access (Art. 15) — obtain a copy of the personal data we hold about you
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data
  • Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your data
  • Right to restrict processing (Art. 18) — limit how we use your data
  • Right to data portability (Art. 20) — receive your data in a machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior lawful processing
  • Right to lodge a complaint — with your local supervisory authority (e.g., Ireland's DPC, France's CNIL, UK's ICO)

To exercise any of these rights, email privacy@snowballtech.com. We will respond within one month as required by GDPR Article 12(3).

9. California Privacy Rights (CCPA/CPRA)

California residents whose personal information we collect have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell personal information for monetary consideration; any cross-context behavioral advertising "sharing" occurs only with your explicit cookie consent and can be withdrawn at any time. To exercise these rights, email privacy@snowballtech.com.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including encryption in transit (TLS 1.3) and at rest, access controls with multi-factor authentication, regular security assessments, and incident response procedures. Snowball operates on certified infrastructure under ISO 9001 (Quality Management), ISO 14001 (Environmental Management), and ISO/IEC 27001 (Information Security Management).

11. Children's Privacy

Our website and services are intended for business audiences and not directed to children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when the most recent changes were made. Material changes will be communicated via email (where we have your email) or prominent website notice.

13. Contact Us

For questions about this Privacy Policy or our data practices:

  • Email: privacy@snowballtech.com
  • Postal address: Shanghai Snowball Digital Intelligence Technology Co., Ltd., Shanghai, China
Digital trust infrastructure for connected devices and credentials. Built on 13 years in digital credentials and cryptographic infrastructure.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureGoogle CastMatter
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogWhitepapersCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Snowball Technology. All rights reserved.
EN
|
ZH