SnapDocUltra - Privacy Policy

Privacy Policy

Effective date: April 17, 2026

Last updated: April 17, 2026

Who we are

"Company," "we," "us," or "our" means Grova Wellbeing LLC.

Privacy Contact: contact@snapdocultra.com

Mailing Address: 30 N Gould St, Ste R, Sheridan, WY 82801

Scope

This Privacy Policy describes how we collect, use, disclose, retain, and protect information when you:

  • visit our Sites;
  • create an account;
  • purchase subscriptions or digital products;
  • participate in communities/cohorts;
  • use our tools/utilities; and
  • interact with our ads, emails, and customer support.

Data minimization (explicit statement)

We collect personal data that is reasonably necessary and proportionate to achieve the purposes described in this Privacy Policy. We do not intentionally collect categories of personal data that are not needed for these purposes.

Information we collect

The exact data collected depends on how you use the Services.

Information you provide directly

  • Account and profile information: name (optional or required depending on feature), email address, login/authentication data (typically handled by an authentication provider), country/region, language preference, and community profile details you choose to share.
  • Purchases and subscription context: products purchased, subscription level, entitlement status, transaction IDs, refunds status, and chargeback status. We generally do not store full payment card details when using a merchant-of-record checkout.
  • User Content: community posts, comments, messages, reviews/testimonials (if enabled), uploads you submit (if enabled), feedback, and survey responses.
  • Customer support communications: messages you send us, attachments, and records of support requests and outcomes.

Information collected automatically

  • Device and log data: IP address, browser type, device identifiers, operating system, approximate location inferred from IP, pages viewed, clicks, referral URLs, timestamps, and error logs.
  • Learning and engagement data (when logged in): courses started/completed, quiz attempts and scores, progress tracking, preferences, saved items.
  • Cookies and similar technologies: see "Cookies, Advertising, and Tracking" below. Consent rules for non-essential cookies are stricter in certain jurisdictions (e.g., UK/EU).

How we use information

We use information for purposes such as:

  • providing and operating the Services (authentication, delivering content/tools, enabling communities, tracking entitlements);
  • personalization and recommendations (including scoring/assessment features where offered);
  • payments, subscriptions, and access management (often via the merchant of record);
  • customer support and operational communications;
  • marketing and cross-sell (where permitted, with opt-out);
  • advertising and affiliate monetization (subject to your choices and law); and
  • safety, integrity, and legal compliance (fraud prevention, enforcement, security, legal requests).

De-identified / aggregated data

We may create de-identified or aggregated data from personal data (for example, by removing direct identifiers and applying technical and organizational measures designed to reduce re-identification risk). We may use and retain de-identified or aggregated data for analytics, research, product improvement, security, and operational purposes, to the extent permitted by applicable law.

Data retention

We retain personal data only as long as reasonably necessary for the purposes described in this Privacy Policy, including account maintenance, service delivery, dispute resolution, enforcing Terms, security logging, fraud prevention, and legal compliance.

Data TypeRetention Period
Account data (contact details, profile, settings)While your account is active and for up to 24 months after closure, unless a longer period is required for security, dispute resolution, or legal compliance.
Transaction records (invoices, refunds, chargebacks, tax-related records)Up to 7 years, or longer if required by tax, accounting, or payment-network rules.
Logs and security recordsUp to 12 months, unless a longer retention period is reasonably necessary for fraud prevention, incident response, or legal claims.
Support records (tickets, communications)Up to 24 months after the matter is closed, unless we need to retain them longer for training, dispute resolution, or legal compliance.
Marketing consent logs and preference recordsFor as long as needed to honor your preferences and demonstrate compliance, and generally no longer than 5 years after your last relevant interaction unless the law requires more.

We may retain de-identified/aggregated data longer (or indefinitely), as described above.

Cookies, Advertising, and Tracking

Cookie categories (structural enhancement)

We use cookies, pixels, SDKs, and similar technologies. The mix may vary depending on which Sites/Services you use and your settings.

  • Strictly necessary cookies. Used for essential functions such as security, authentication, load balancing, and fraud prevention. These are generally required for the Sites/Services to function.
  • Functional cookies. Used to remember preferences (e.g., language) and enable enhanced features.
  • Analytics cookies. Used to understand usage, performance, and improve the Services.
  • Advertising cookies. Used to measure ad performance and (where enabled) personalize ads or support cross-context behavioral advertising, depending on jurisdiction and your choices.

In the UK, the Information Commissioner's Office states that organizations must provide clear information about cookies and obtain consent for cookies that are not strictly necessary.

Consent banners and jurisdiction-based controls

Where legally required (for example, in the EU/EEA and UK for non-essential cookies), we will request consent before placing non-essential cookies. We may use a consent management platform to record and honor your choices.

If we use Google tags to measure user behavior for users in the EEA, Google requires that we pass end-user consent choices and obtain legally valid consent for certain cookie/storage uses and ad personalization.

You can manage cookie choices through our banner where available, through your browser settings, or by contacting us at contact@snapdocultra.com.

Advertising and affiliate disclosures

We may display ads and use affiliate links. Ad networks and measurement partners may receive cookie identifiers and event data, subject to your consent choices and applicable law.

Jurisdiction-Specific Rights and International Data Transfers

California privacy rights, "sale/share," and Global Privacy Control

If you are a California resident and we are a covered business, you may have rights including access/know, deletion (with exceptions), correction, and the right to opt out of "sale" or "sharing" of personal information.

Some advertising-related disclosures and identifier sharing may be considered "sharing" (and sometimes "selling") under California privacy law definitions, depending on how our advertising is configured.

The California Attorney General states that Global Privacy Control (GPC) is one option for consumers to submit opt-out requests, and covered businesses must honor it as a valid request to stop the sale or sharing of personal information.

Where required, we honor supported opt-out preference signals such as GPC and accept privacy requests submitted to contact@snapdocultra.com.

California automated decision-making technology (ADMT) notice and opt-out concepts

Because the Services may include recommendation engines and scoring, California's regulatory framework on automated decision-making technology (ADMT) may apply depending on our specific use cases and whether we are subject to the CCPA/CPRA.

The California Privacy Protection Agency states that the Agency adopted regulations that implement consumers' rights to access and opt out of businesses' use of ADMT, with an effective date of January 1, 2026.

Where applicable, we will provide:

  • information about whether and how we use automated tools for recommendations/scoring;
  • what inputs are considered and what outputs are intended to do (and not do); and
  • a way to submit access or opt-out requests by contacting us at contact@snapdocultra.com.

EU/EEA lawful basis mapping (structural enhancement)

If you are subject to GDPR/UK GDPR, we process personal data only where a lawful basis applies (such as contract necessity, consent, legitimate interests, and legal obligation).

A simplified mapping may include:

Processing PurposeTypical Lawful Basis (EU/EEA/UK)
Account creation, delivering ServicesPerformance of a contract
Subscription access management and supportPerformance of a contract; legitimate interests
Security and fraud preventionLegitimate interests; legal obligation (where applicable)
Marketing emailsConsent (where required) or legitimate interests (where permitted, with opt-out)
Non-essential cookies / ad personalizationConsent (where required)
Legal compliance, tax, disputesLegal obligation; legitimate interests

International data transfers and safeguards

We are U.S.-based and may process and store information in the United States and other countries.

Where required for transfers of personal data from the EU/EEA to countries without an adequacy decision, we may rely on recognized safeguards such as the European Commission's Standard Contractual Clauses (SCCs) adopted under Commission Implementing Decision (EU) 2021/914, and additional measures as appropriate.

We also use contractual and organizational safeguards with vendors (for example, data processing agreements where required).

India DPDP Act notice and grievance handling

If you are in India, processing of digital personal data may be governed by India's Digital Personal Data Protection Act, 2023 (DPDP).

DPDP indicates that consent should be free, specific, informed, unconditional, and unambiguous with a clear affirmative action, limited to personal data necessary for the specified purpose, and that withdrawal should be as easy as giving consent.

DPDP also provides for readily available means of grievance redressal by a data fiduciary or consent manager.

For privacy or grievance requests, contact contact@snapdocultra.com or write to Grova Wellbeing LLC, 30 N Gould St, Ste R, Sheridan, WY 82801.

Reviews, testimonials, and endorsements compliance

If we display reviews or testimonials, we prohibit fake or deceptive reviews and certain review suppression practices.

The Federal Trade Commission announced a final rule addressing fake reviews and testimonials, and the Federal Register publication describes prohibitions including fake reviews, certain insider reviews without disclosure, and certain review suppression practices. The FTC also provides guidance and resources on consumer reviews/testimonials compliance. The FTC's endorsement guidance addresses disclosure of material connections in endorsements and testimonials.

Export controls and sanctions compliance (Terms alignment)

Users may not use the Services in violation of U.S. sanctions or export control laws. The U.S. Department of the Treasury's Office of Foreign Assets Control describes sanctions compliance obligations for U.S. persons and related restrictions, and the U.S. Department of Commerce Bureau of Industry and Security maintains the Export Administration Regulations (EAR).