CaptapiCaptapi
Sign inStart Free

Privacy Policy

Last updated: May 29, 2026

1. Information We Collect

Account information

When you sign up, we collect your email address and a securely hashed password. If you sign in with Google, we receive your email and basic profile information from Google.

Usage data

We log each API request with: timestamp, endpoint, response status, latency, credits consumed, and the source URL you submitted. We do not store the response payloads returned to you (transcripts, comments, etc.) for longer than 24 hours (cache).

Billing information

Payments are processed by Stripe. We never see or store your full credit card number — only a Stripe customer ID and the last four digits.

2. How We Use Your Information

  • Authenticate your API requests and dashboard sessions.
  • Bill you correctly and provide usage analytics.
  • Detect abuse, debug issues, and improve the Service.
  • Send transactional emails (password resets, billing receipts).

3. Data Sharing

We do not sell your data. We share data only with the following sub-processors, all of whom have signed DPAs:

  • Supabase — authentication & database hosting
  • Stripe — payment processing
  • Apify — scraping infrastructure
  • OpenAI — AI summarization (input transcripts only; OpenAI does not train on API data per their policy)
  • Upstash — caching & rate limiting
  • Sentry — error tracking (no request bodies sent)

4. Data Retention

  • Request logs: 90 days for analytics & abuse detection
  • Cache: 24 hours, automatically purged
  • Account data: retained until account deletion
  • Billing records: 7 years for tax / accounting compliance

5. Your Rights (GDPR / CCPA)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing or restrict it

To exercise these rights, email privacy@captapi.com.

6. Security

API keys are stored as SHA-256 hashes — we cannot recover lost keys. All traffic is encrypted in transit (TLS 1.2+). Database backups are encrypted at rest. We follow industry best practices but cannot guarantee absolute security.

7. Cookies

We use only essential cookies for authentication and CSRF protection. We do not use third-party advertising or behavioral tracking cookies.

8. International Transfers

Your data may be processed in the EU, US, or other regions where our sub-processors operate. Where applicable, we rely on Standard Contractual Clauses (SCCs) for cross-border transfers.

9. Changes to This Policy

We may update this Policy occasionally. Material changes will be emailed to you. Continued use after changes means you accept the updated Policy.

10. Contact

Questions or concerns? Email privacy@captapi.com.