Note: This document is based on legal counsel review and is pending final approval.
This Privacy & Data Processing Agreement describes how SN Utils B.V. ("we", "us", or "our") collects, uses, and protects your personal data when you use the SN Utils browser extension and related services. This agreement applies to both individual users and businesses.
The data processed on our systems is extremely limited. Our browser extension runs entirely on your local device, within your browser, using your existing ServiceNow session and permissions.
For clarity, the following categories of data never leave your device, under any plan or configuration:
The data that we process (and which might include your personal data) is processed only to the limited extent and purposes described in Section 2.
Our personal data processing is limited to what is strictly necessary for operating the service. Payment is processed entirely by our third-party payment provider and subject to their terms.
License checks occur at most once per day and concern the following data:
| Data | Purpose |
|---|---|
| Email address | User identification and license verification |
| IP address | Transport security (standard HTTPS) |
License data is held on your own ServiceNow instance. The Store App communicates with SN Utils servers for validation without transmitting any user-level personal data or instance information. SN Utils receives no personal data in this configuration as part of the standard validation flow.
For organisations with strict regulatory or security requirements, a fully disconnected setup is available. In this configuration, SN Utils operates entirely on your ServiceNow instance without any backend communication — no external calls are made and no personal data is transmitted to SN Utils. Contact support@snutils.com for more information.
We process additional data only to the extent that you actively choose to enable optional features, and only for the purpose of providing them:
| Data | Feature | Purpose |
|---|---|---|
| AI prompts | AI code generation | Transmitted to AI sub-processor for code generation |
| Code snippets | Cloud sync* | Backup and cross-instance reuse |
| Slash commands | Cloud sync* | Backup and cross-instance reuse |
| Extension settings | Cloud sync* | Preference sync |
| Daily usage counts | Usage analytics | Aggregate ROI calculations |
*Optional cloud sync data is encrypted in transit and at rest. You can disable any optional feature or delete associated data at any time through the extension settings.
We use the following third-party sub-processors in connection with the Service:
| Provider | Role / Data Processed | Region |
|---|---|---|
| Supabase | Database and authentication — License and account data | EU / US |
| Vercel | Website hosting | EU / US |
| Stripe | Payment processing — Payment and billing data | US |
| OpenAI / Anthropic / Google | AI code generation — AI prompts (optional feature only) | US |
| Website analytics | EU / US | |
| Google / Microsoft / Mozilla / Apple | Web extension marketplaces | US |
We may engage new sub-processors from time to time as the Service evolves. Where we intend to add a new sub-processor, we will provide reasonable advance notice by email or through a notice on our website. If you have a legitimate objection to the new sub-processor on data protection grounds, you may raise it by contacting support@snutils.com within 14 days of the notice. We will work with you in good faith to address any reasonable concern. If no resolution can be reached, you may terminate your subscription in accordance with the Service Terms, and we will issue a pro-rata refund for any unused prepaid period.
All our sub-processors are bound by data processing agreements compliant with applicable privacy laws. Where data is transferred outside the EU/EEA, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required under GDPR.
4.1 Security Measures. To the extent we process your data on our systems, we commit to securing them by implementing technical and organisational measures consistent with applicable industry standards, including but not limited to:
For more information on our security setup, please see our Security page.
4.2 Personal Data Breaches. Should we be impacted by a data breach affecting your personal data, we will notify you without undue delay.
4.3 Security Inquiries. Security inquiries and vulnerability reports can be directed to security@snutils.com.
The rights available to individuals in connection with personal data processed through the Service depend on the nature of the relationship between us.
If you are accepting the Terms and using the Service as an individual, we act as the data controller in respect of your personal data. You may exercise your rights under applicable law (including, for EU/EEA residents, the rights of access, rectification, erasure, portability, objection, and restriction under the GDPR) directly against us by contacting support@snutils.com.
You may also lodge complaints with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
If you are accepting the Terms on behalf of a legal entity, that legal entity is the data controller in respect of the personal data of its employees, as uploaded on the Service. We will then act as a data processor on the data controller's behalf.
Individual users should direct any requests to exercise their data subject rights to the entity that holds the subscription. We will support data controllers in responding to data subject requests, including by providing access to relevant data, assisting with erasure or portability requests, and implementing restrictions on processing, within a reasonable timeframe and to the extent technically feasible.
If you are an EU/EEA resident, your rights include:
If you are a California resident, your rights include:
SN Utils B.V. is based in the Netherlands. Some of our sub-processors may process data outside the EU/EEA. Where data is transferred outside the EU/EEA, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required under GDPR. See Section 3 for the full list of sub-processors and their processing regions.
SN Utils is designed for professional use by adults in corporate environments. We do not knowingly collect information from children under 16.
We may update this Privacy & Data Processing Agreement from time to time. We will notify you of material changes by email or through a notice on our website and by updating the "Last Updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the updated agreement.
For privacy-related inquiries, data subject requests, or to report a concern:
SN Utils B.V.
Email: support@snutils.com
Security: security@snutils.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
By using SN Utils, you acknowledge that you have read and understood this Privacy & Data Processing Agreement.