Storysnap, LLC (“Storysnap,” “we,” “us,” or “our”) is a US-based company headquartered in Boston, Massachusetts. We operate two brand websites and services: Testimonial Hero (testimonialhero.com), which produces customer and employee video testimonials, and Product Hype (producthype.com), which produces animated product and brand videos. This Privacy Policy applies to storysnap.com, testimonialhero.com, producthype.com, and any other website or service Storysnap operates that links to this Policy.
We've written this Policy to be straightforward. If something is unclear or you have a question, contact us at privacy@storysnap.com.
Storysnap has appointed Prighter Group as our EU and UK Representative under Article 27 of the EU and UK GDPR. If you are in the European Union, European Economic Area, or United Kingdom and wish to exercise your privacy rights, you can contact Prighter at https://app.prighter.com/portal/11580231050.
Storysnap has designated an internal Data Privacy Lead as the point of contact for privacy questions and requests. You can reach our Data Privacy Lead at:
Storysnap, LLC
Attn: Data Privacy Lead
56 Broad St., STE 14099
Boston, MA 02109
privacy@storysnap.com
Different categories of people interact with Storysnap in different ways. The data we collect, how we use it, and how long we keep it varies by category. Below we describe each category. California residents and residents of other US states with privacy laws can find additional disclosures in the US State Privacy Rights section.
When you visit storysnap.com, testimonialhero.com, producthype.com, or other Storysnap-operated sites, our servers automatically log certain information: IP address, general location, browser type, operating system, pages viewed, referring URL, and similar usage data. We use cookies and similar tracking technologies — see our Cookies Policy for details.
Why: Legitimate interest in operating, securing, and improving our websites; consent for non-essential cookies.
How long: Per the retention periods in our Cookies Policy; typically tied to cookie expiry.
If you contact us through a form, engage with our marketing, or are identified as a relevant business contact through professional research (e.g., LinkedIn) or third-party data providers, we collect contact data: name, job title, employer, work address, work email, work phone, and basic information about your role or industry.
Why: Legitimate interest in business development; consent where required for marketing communications.
How long: While you remain a relevant business contact or until you ask us to remove you. Marketing and CRM data is reviewed periodically and removed when no longer relevant.
If your company engages Storysnap to produce video content, we collect the contact and account information needed to deliver the services: account manager contacts, billing contacts, project information, and similar.
Why: Performance of our contract with your company; legitimate interest in account management.
How long: For the duration of the client relationship and a reasonable period thereafter for legal, accounting, and business continuity purposes. Client project data and deliverables are kept indefinitely by default so clients can continue accessing them through the Storysnap portal, and are deleted on request within 30 days. See “How long we keep your information” below.
Storysnap clients sometimes introduce their own customers or employees to Storysnap for video testimonial production. If you are featured in a testimonial produced for one of our clients, the data we process about you — name, contact details, employer and role, video and audio recordings, and likeness — is processed on behalf of that client.
Storysnap is a data processor for this data; our client is the data controller. We process this data only on the client's documented instructions and under the terms of our Data Processing Agreement with them. If you want to exercise your privacy rights regarding a testimonial you participated in, please contact the client (the company that engaged Storysnap to produce the video). If you reach out to Storysnap, we will forward your request to the controlling client and assist them in fulfilling it. We do not unilaterally modify or delete testimonial content except where the client is unresponsive within a reasonable timeframe or the request indicates an imminent safety concern.
Why we process: On the client's lawful basis, typically consent obtained through the release form you signed at the time of recording.
How long: Until the controlling client instructs us to delete, subject to your right to withdraw consent at any time.
If you are employed or engaged by Storysnap as a contractor, the personal data we process about you is governed primarily by our internal HR policies and your individual agreement with us, not by this Privacy Policy. Contact our Data Privacy Lead with questions.
Storysnap does not knowingly collect, process, or store special category personal data as defined under GDPR Article 9 (data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data for identification, etc.) in the normal course of business. If you believe special category data has been inadvertently included in content you have provided, contact us at privacy@storysnap.com.
We do not sell personal data. We share personal data only as needed to operate our business, deliver our services, and meet our legal obligations.
We use third-party service providers (“Subprocessors”) to host our infrastructure, deliver our services, and operate our business. Subprocessors that process personal data on our behalf do so under a written Data Processing Agreement that restricts their use of the data to providing services to Storysnap. Our current list of Subprocessors is published at our Trust Center at trust.storysnap.com.
We may share personal data with service providers and agents that perform functions on our behalf — for example, payment processors, communications platforms, or analytics providers. These parties are contractually restricted from using personal data for their own purposes.
We may disclose personal data when required by law, in response to lawful requests from public authorities, to enforce our agreements, or to protect the rights, property, or safety of Storysnap, our clients, our team, or others. Where lawfully permitted, we will notify the affected party before disclosure.
We may share aggregate, de-identified, or anonymized data with partners and service providers for analytical, marketing, or research purposes. Such data cannot reasonably be used to identify you.
Our websites may connect with third-party services such as LinkedIn, X (formerly Twitter), and Facebook. If you choose to share information from our sites through these services, your interaction with the third-party service is governed by that service's privacy policy.
Storysnap is headquartered in the United States and processes personal data primarily in the United States. The US has not received an adequacy decision from the European Commission under GDPR Article 45.
For personal data transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States, Storysnap relies on Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision 2021/914), the UK International Data Transfer Addendum (IDTA), and Swiss FADP modifications, as applicable. These safeguards apply both to Storysnap's own data flows and to the agreements we maintain with our Subprocessors.
For more information about a specific transfer mechanism, contact our Data Privacy Lead.
You have rights regarding the personal data we hold about you. The specific rights available depend on the laws that apply where you live.
Residents of other countries (e.g., Canada under PIPEDA, Brazil under LGPD) have rights under those laws to substantially similar standards. California residents and residents of other US states with privacy laws can find additional disclosures in the US State Privacy Rights section below.
To exercise any of these rights, submit a request through our data privacy request page at storysnap.com/data-request, email privacy@storysnap.com, or contact our EU and UK Representative Prighter if you are in the EU, EEA, or UK.
What to expect:
For requests regarding data Storysnap controls (e.g., your business contact data, your website visit data, your account data as a client), contact us directly.
For requests regarding Client Assets (video, audio, transcripts, or other content featuring you that was produced for one of our clients), Storysnap acts as a processor on the client's behalf. The client is the controller of that data. Storysnap cannot unilaterally delete or modify Client Assets. Direct your request to the client (the company that engaged Storysnap to produce the video). If you contact Storysnap, we will confirm receipt of your request and promptly forward it to the controlling client, and we will assist the client in fulfilling your request in accordance with our contractual obligations. Where the controlling client is unresponsive within a reasonable timeframe or the request indicates an imminent safety concern, Storysnap will determine appropriate next steps in consultation with applicable supervisory authorities or counsel.
This section provides additional disclosures for residents of California, Colorado, Connecticut, Texas, Utah, Virginia, and other US states with comprehensive privacy laws.
Depending on your state, you may have the right to:
Over the past 12 months, Storysnap has collected the following categories of personal information:
We do not knowingly collect categories of sensitive personal information beyond what is voluntarily shared in a testimonial recording on behalf of our clients.
Storysnap does not sell personal information, and we do not “share” personal information for cross-context behavioral advertising as defined under the CCPA. We have certified this commitment to our business clients in our Data Processing Agreement.
Submit a request through our data privacy request page at storysnap.com/data-request or contact privacy@storysnap.com. We will verify your identity using reasonable methods proportionate to the sensitivity of the data and the request, and we will respond within the timeframes required by applicable law (typically 45 days under CCPA, extendable by 45 additional days where necessary).
You may use an authorized agent to submit a request on your behalf. We will verify the agent's authority and may require you to confirm the request directly.
If we decline to act on your request, you may appeal our decision by contacting privacy@storysnap.com. We will respond to your appeal within the timeframes required by applicable law.
We keep personal data only as long as we need it for the purposes described in this Policy, or as required by law. Specific retention periods depend on the data category:
We use cookies and similar tracking technologies on our websites. Our Cookies Policy describes the specific cookies used, their purposes, and how you can accept or reject them. To view it, see our Cookies Policy.
You can manage non-essential cookies through our cookie consent banner on our sites, or through your browser settings.
Storysnap maintains technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure. Our security program includes:
No security program eliminates all risk. If we become aware of a personal data breach that is likely to affect your rights, we will notify you and any applicable supervisory authority in accordance with our legal obligations.
Storysnap's services are directed at businesses and business professionals. We do not knowingly collect or solicit personal information from children under 16 (or under 13 in the United States under COPPA). If we become aware that we have inadvertently collected personal data from a child without verified parental consent, we will delete that data as soon as reasonably possible. If you believe we may have collected information from a child, contact us at privacy@storysnap.com.
We may update this Privacy Policy from time to time as our services, applicable laws, or industry practices change. The “Last Updated” date at the top of this Policy reflects the date of the most recent change. For material changes, we will provide additional notice through our websites or by direct communication where appropriate.
If you have questions or concerns about this Privacy Policy or Storysnap's privacy practices, or if you would like to exercise your rights, please contact us:
Storysnap, LLC
Attn: Data Privacy Lead
56 Broad St., STE 14099
Boston, MA 02109
privacy@storysnap.com
EU and UK residents may also contact our EU and UK Representative, Prighter, at https://app.prighter.com/portal/11580231050.
You also have the right to lodge a complaint with your data protection supervisory authority. In the EU and EEA, your competent supervisory authority is determined by your country of residence; if no authority is identified, the lead supervisory authority is the Irish Data Protection Commission. In the UK, the supervisory authority is the Information Commissioner's Office (ICO).