Privacy Policy

Friendly Labs, Inc. · Effective March 2, 2025 · Last Updated March 2, 2025

Friendly Labs, Inc. ("Friendly Labs," "we," "us," or "our") operates Snip, an AI permissions gateway available as a mobile application and web service at https://getsnip.app (collectively, the "Service"). Snip enables users to securely connect their personal accounts—such as Google Calendar and Apple Reminders—and grant controlled access to AI agents through a granular, user-approved permissions system.

This Privacy Policy describes how we collect, use, store, share, and protect your information when you use the Service. By using Snip, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create a Snip account, we collect:

  • Your email address
  • Your name (if provided)
  • Authentication credentials for your Snip account

1.2 Connected Service Credentials

When you connect a third-party account (such as Google Calendar), we collect and store:

  • OAuth access tokens and refresh tokens, which allow Snip to interact with the connected service on your behalf
  • Basic profile information associated with the connected account (such as your email address and display name)

1.3 Google User Data

When you connect your Google account, Snip may access the following data depending on the permissions you grant:

  • Google Calendar data: Calendar event details including event titles, descriptions, dates, times, locations, attendees, and event metadata.

Snip accesses this data only to fulfill operations that you have explicitly approved. Event data retrieved from Google APIs is temporarily cached on our servers for up to 24 hours to facilitate the completion of approved operations, after which it is automatically deleted.

1.4 Device and Local API Data

When you use Snip's device-native integrations (such as Apple Reminders), data is accessed directly on your device. This data is not transmitted to or stored on our servers unless required to fulfill an approved operation.

1.5 Usage and Analytics Data

We collect anonymized usage data to improve the Service, including:

  • App interaction patterns (screens visited, features used)
  • Device type, operating system version, and app version
  • Crash reports and performance metrics

We use third-party analytics services to process this data. These services do not receive your connected account credentials or personal data from your connected services.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Authenticate your identity, connect your third-party accounts, route operation requests from AI agents, and deliver approval notifications to your device.
  • Facilitate AI agent operations: When an AI agent requests an action (such as creating a calendar event), Snip retrieves the necessary data from your connected account, presents the request for your approval, and executes the approved operation on your behalf.
  • Maintain and improve the Service: Analyze anonymized usage patterns to identify bugs, improve performance, and develop new features.
  • Communicate with you: Send transactional notifications related to your account and pending approval requests.

We do not use your Google user data to:

  • Serve advertisements or enable targeted advertising
  • Sell or transfer data to third parties for advertising purposes
  • Determine creditworthiness or for lending purposes

3. How AI Agents Access Your Data

Snip acts as a controlled intermediary between AI agents and your connected accounts. Here is how this works:

  1. You connect an account (e.g., Google Calendar) and define which operations an AI agent is allowed to request.
  2. An AI agent sends a request to Snip's API for a specific operation (e.g., "create a calendar event").
  3. You receive a notification on your device describing the requested operation and its details.
  4. You approve or deny the request.
  5. If approved, Snip executes the operation using your stored credentials and returns the result to the AI agent.

AI agents receive only the data necessary to complete the requested operation. For read operations (such as listing upcoming events), the agent receives the event data as returned by the connected service, including titles, descriptions, times, and attendees. For write operations (such as creating an event), the agent receives a confirmation of the completed action.

You may also choose to enable auto-approval for specific operations or agents, allowing approved actions to be executed without requiring manual confirmation for each request. This provides a smoother experience without needing to open the app for every operation. You can revoke or modify auto-approval settings at any time through the Snip app, and doing so takes effect immediately.

AI agents do not have direct access to your OAuth credentials, and they cannot perform operations that you have not explicitly granted permission for.

4. How We Store and Protect Your Data

4.1 Data Storage

  • OAuth tokens are stored on our servers using encryption with unique initialization vectors per credential set.
  • Event data retrieved from connected services is cached temporarily (up to 24 hours) to complete operations and is then automatically purged.
  • Account information is stored in our database hosted on secure, access-controlled infrastructure.

4.2 Security Measures

We implement the following measures to protect your data:

  • Encryption of OAuth credentials at rest using industry-standard algorithms
  • TLS encryption for all data in transit between your device, our servers, and third-party APIs
  • Access controls restricting server and database access to authorized personnel
  • Audit logging of all operations performed through the Service
  • Separate storage of encryption keys and initialization vectors

4.3 Data Retention

  • OAuth tokens: Retained for as long as you maintain an active connection to the associated service. Tokens are deleted when you disconnect a service or delete your account.
  • Cached event data: Automatically deleted within 24 hours of retrieval.
  • Account information: Retained for as long as you maintain a Snip account.
  • Analytics data: Retained in anonymized form and is not linked to your connected service data.

5. How We Share Your Information

We do not sell, rent, or trade your personal information or Google user data to any third party.

We may share information in the following limited circumstances:

  • With AI agents, at your direction: When you approve an operation, the result (including event data for read operations) is returned to the requesting AI agent. This occurs only with your explicit, per-request approval.
  • With connected service providers: We transmit API requests to services like Google on your behalf using your stored credentials, in order to fulfill approved operations.
  • With analytics providers: We share anonymized, aggregated usage data with analytics services to improve the Service. These providers do not receive your connected account data or credentials.
  • As required by law: We may disclose information if required by applicable law, regulation, legal process, or governmental request. Where legally permitted, we will provide you with advance notice before such disclosure.
  • In a business transfer: If Friendly Labs is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Your Rights and Choices

6.1 Disconnect a Service

You can disconnect any connected service at any time through the Snip app. Disconnecting a service will:

  • Revoke Snip's access to that service
  • Delete the stored OAuth tokens for that service
  • Remove any cached data associated with that service

6.2 Delete Your Account and Data

You may request deletion of your Snip account and all associated data by contacting us at support@frens.lol. Upon receiving your request, we will:

  • Delete your account information
  • Delete all stored OAuth tokens and credentials
  • Purge any cached data from connected services
  • Complete the deletion within 30 days of your request

6.3 Revoke Google Access

In addition to disconnecting through Snip, you can revoke Snip's access to your Google account at any time by visiting your Google Account Permissions page.

6.4 Manage Permissions

You can view and modify the permissions granted to each AI agent at any time through the Snip app. You can revoke individual operation permissions or remove an agent's access entirely.

7. Third-Party Services

Snip integrates with third-party services (such as Google Calendar and Apple Reminders) to provide its functionality. Your use of these services is governed by their respective terms of service and privacy policies. We encourage you to review:

Snip's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Children's Privacy

Snip is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at support@frens.lol, and we will promptly delete such information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to how we handle your data, we will notify you through the Service or by other means prior to the changes taking effect. Your continued use of the Service after such notification constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Friendly Labs, Inc. Email: support@frens.lol Website: https://getsnip.app