Last updated November 24, 2024
At Captide, Inc. ("Captide," "we," "us," or "our") your privacy is our top priority. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our platform, services, and related offerings (collectively, the "Services").
By accessing or using the Services, you agree to be bound by the practices described in this Privacy Policy. If you do not agree with any aspect of this Privacy Policy, you should discontinue using our Services immediately.
This Privacy Policy is designed to help you understand:
- What information we collect about you and why;
- How we use and protect your information;
- Your rights and choices regarding your information.
We are committed to complying with all applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), where applicable. Captide may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or the features of our Services. Any updates will be communicated to you through appropriate means, such as email or notifications on our platform.
If you have any questions or concerns about this Privacy Policy, please contact us at legal@captide.co.
Section 1. Information We Collect
At Captide, we collect various types of information to provide and improve our services, fulfill our contractual obligations, and comply with legal requirements. This section outlines the categories of personal and business-related information we collect and the methods used to collect them.
1.1 Personal Identifiers
We collect information that identifies you as an individual, including:
- Name: First and last name.
- Email Address: Used for communication and account access.
- Phone Number: Optional, for customer support and account verification.
1.2 Business Information
We collect information related to your business to enable and enhance your use of our platform:
- Business Name: To associate your account with your business.
- Business Address: For communication and account management.
1.3 Technical Data
We automatically collect technical information when you use our platform, including:
- IP Address: To identify your device and ensure secure access.
- Device and Browser Information: Type of device, operating system, and browser version.
- Cookies and Tracking Data: Information collected via cookies and similar technologies to improve user experience and analyze platform usage.
1.4 Payment Information
Payment processing is handled securely by Stripe, and we do not store sensitive payment details. However, we may collect:
- Billing Information: Name, address, and email for invoicing and receipts.
- Transaction Data: Details of payments made on our platform.
1.5 User-Generated Data
We collect information generated through your interactions with our platform, such as:
- Session Data: Usage patterns, login activities, and interactions with platform features.
- Feedback and Support Requests: Data provided when contacting our support team.
Section 2. Sources of Information
At Captide, we collect information to provide and improve our services, ensure platform functionality, and deliver a seamless user experience. The ways we collect information include:
2.1 Information You Provide Directly
We collect personal and business-related information that you provide when you:
- Sign Up or Register: When creating an account, we collect details such as your name, email address, business name, and other profile-related information.
- Communicate with Us: When you contact our support team, submit feedback, or participate in surveys, we gather the details shared during those interactions.
- Provide Payment Details: Payment information is securely handled by Stripe. While Captide does not store sensitive payment data, we collect necessary billing details (e.g., email and billing address) to facilitate transactions.
2.2 Automated Data Collection
We collect certain information automatically when you interact with our platform, including:
- Usage Data: We track session details such as pages visited, features used, and time spent on the platform.
- Device Information: This includes your device type, operating system, browser type, and screen resolution to ensure platform compatibility.
- IP Address and Geolocation Data: We use IP address data to infer approximate location and enhance security features.
2.3 Cookies and Similar Technologies
We use cookies, tags, and similar tracking mechanisms to improve user experience and gather insights:
- Essential Cookies: Necessary for the platform’s basic functionality.
- Analytics Cookies: Provided by services like Google Analytics to monitor platform performance and user behavior.
- Preference Cookies: To remember your settings and improve personalized experiences.
You can manage or disable cookies through your browser settings. However, please note that some features of the platform may not function properly without cookies.
2.4 Third-Party Authentication Services
If you use third-party login services (e.g., "Sign in with Google"), we collect basic profile information such as your name and email address as permitted by the provider’s privacy policy.
2.5 Information from Other Sources
In some cases, we may collect information from publicly available sources, partners, or third-party services to enhance platform functionality or verify account details. For example:
- Public Databases: To confirm business details or ensure compliance with regulatory requirements.
- Service Providers: To enhance account security or integrate features that benefit user experience.
2.6 Tracking Technologies on Emails
When we send emails, we may use tracking mechanisms to understand email open rates, link clicks, and overall engagement. This helps us tailor our communication and improve our offerings.
Section 3. How We Use Your Information
Captide collects and uses the information collected to deliver a seamless, personalized, and secure experience on our platform. Below is a detailed overview of how we use your information.
3.1 Account Management and Personalization
- To create, manage, and maintain user accounts and business profiles.
- To provide customized features, settings, and recommendations based on your interactions and preferences.
3.2 Service Delivery and Improvement
- To operate, improve, and maintain the functionality and performance of our platform.
- To analyze user behavior and usage patterns to enhance service offerings and user experience.
- To troubleshoot technical issues and implement updates, patches, and system improvements.
3.3 Analytics and Reporting
- To monitor and analyze usage trends, including traffic, session behavior, and feature engagement.
- To generate anonymized insights for internal research and development purposes.
3.4 Communication with Users
- To send administrative communications such as account notifications, security alerts, and updates regarding our Terms of Service or Privacy Policy.
- To respond to user inquiries, support requests, and feedback.
- To send promotional messages, newsletters, or marketing communications (subject to user preferences and opt-out options).
3.5 Payment Processing
- To facilitate secure transactions through third-party payment processors (e.g., Stripe). Note that Captide does not store or access sensitive payment data directly.
3.6 Legal Compliance and Risk Management
- To comply with applicable laws, regulations, and legal processes.
- To detect, prevent, and address fraudulent, unauthorized, or unlawful activities.
- To enforce our Terms of Service and other legal agreements.
3.7 Security and Fraud Prevention
- To monitor for potential security threats and unauthorized access to our platform.
- To protect the integrity and confidentiality of user accounts and data.
Section 4. Sharing and Disclosure of Information
At Captide, we are committed to protecting your information and only sharing it under circumstances that align with this Privacy Policy. Below, we outline how and why your information may be disclosed to third parties:
4.1 Third-Party Service Providers
We share your information with trusted third-party service providers to help us operate our business, deliver our services, and meet our obligations to users. These providers are contractually obligated to safeguard your information and only use it as necessary to perform specific tasks on our behalf. Examples include:
- Payment Processors: Payment transactions are handled by Stripe, which processes your financial data in compliance with their security and privacy policies. Captide does not store or directly access sensitive payment information.
- Analytics Platforms: We use tools like Google Analytics and Retool to understand user interactions with our platform and improve the user experience. These platforms use aggregated and anonymized data where possible.
- Cloud Hosting and Storage: Your information is securely stored and managed in systems like Azure and MongoDB.
- Customer Support Tools: Service providers that facilitate communication or issue resolution may process your contact details and support requests.
4.2 Legal Requirements and Lawful Requests
We may disclose your information to comply with applicable legal obligations or to respond to lawful requests from public and government authorities. This includes:
- Complying with subpoenas, court orders, or other legal processes.
- Responding to requests from regulatory or law enforcement agencies.
- Protecting Captide’s legal rights, privacy, safety, or property, and that of our users or others.
4.3 Business Transfers
In the event of a business transaction, such as a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor organization. In such cases, we will ensure that your information remains protected in accordance with this Privacy Policy and notify you of any significant changes.
4.4 Aggregated and De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you. For instance, we may share statistical insights about platform usage with partners or the public for marketing or research purposes.
4.5 User-Authorized Sharing
In cases where you explicitly authorize us to share your information, we will do so in accordance with the consent you provide. For example, you might allow us to share information with a partner organization for a joint initiative.
4.6 Prohibition on Unauthorized Sharing
We do not sell your personal information to third parties, nor do we share your data for joint marketing purposes unless explicitly authorized by you.
Section 5. Data Storage and Security
Captide employs industry-leading practices and technologies to ensure that your personal and business information is stored and managed securely.
5.1 Data Storage
- Storage Locations: Your data is stored on secure servers hosted by trusted third-party providers, including Azure and MongoDB, located within data centers that comply with stringent security standards.
- Data Segmentation: We use data segregation techniques to isolate and protect user data, ensuring no unauthorized cross-access between accounts or systems.
- Backup Procedures: Regular backups of critical data are performed to ensure resilience against accidental loss or corruption. Backups are encrypted and securely stored.
5.2 Security Measures
- In Transit Encryption: All data transmitted between your devices and our servers is encrypted using Transport Layer Security (TLS) protocols to prevent unauthorized interception.
- At Rest Encryption: Sensitive data stored on our servers is encrypted using Advanced Encryption Standard (AES-256) to protect it from unauthorized access.
- Access Controls:
- Only authorized personnel with legitimate business needs are granted access to user data.
- Role-based access controls (RBAC) ensure that individuals can only access the data necessary for their specific responsibilities.
- Access to systems and data is monitored and logged.
- Firewalls and Intrusion Detection:
- Our infrastructure is protected by firewalls and intrusion detection systems (IDS) that monitor and block unauthorized access attempts.
- Real-time monitoring and alerting mechanisms help us identify and respond to potential threats promptly.
- Regular security audits and penetration testing are conducted to identify and address vulnerabilities.
- Updates and patches are applied promptly to minimize exposure to security risks.
- Data Minimization: We limit the collection and retention of data to what is necessary for providing and improving our services and complying with legal obligations.
5.3 Third-Party Security
All third-party service providers, including Azure and MongoDB, undergo rigorous security evaluations to ensure they meet our security and compliance standards. We have agreements in place with all service providers to ensure they handle your data securely and in compliance with applicable laws. At Captide, we continuously monitor the performance and security of our third-party service providers to ensure ongoing compliance and protection.
5.4 Incident Response
We employ tools and practices to detect and respond to potential security incidents promptly. In the event of a data breach or security incident, we will:
- Investigate the scope and cause of the incident.
- Mitigate any further risks.
- Notify affected users as required by applicable laws and regulations.
Following an incident, we perform a thorough review to strengthen our systems and processes to prevent future occurrences.
5.5 User Responsibilities
Users are responsible for maintaining the confidentiality of their account credentials. We recommend using strong, unique passwords and enabling two-factor authentication (if available). If you suspect unauthorized access or activity in your account, contact us immediately at support@captide.co.
Section 6. Data Retention Policy
This section outlines how long we retain your data and the criteria we use to determine retention periods. We aim to balance operational needs with your privacy rights and comply with applicable data protection laws.
6.1 Retention Periods
- Active Users: Personal and account-related information is retained as long as the user’s account remains active. Payment data is stored by Stripe in accordance with their retention policies.
- Inactive Accounts: If your account remains inactive for 24 consecutive months, we will delete or anonymize all personal data associated with your account, except as required for legal compliance or legitimate business purposes.
- Analytics Data: Anonymized or aggregated data used for analytics and service improvement is retained indefinitely, as it does not identify individuals.
- Transaction Records: Payment transaction records are retained for up to 7 years to comply with legal, accounting, and tax obligations.
6.2 Criteria for Retention
The length of time we retain your data is determined by the following:
- Purpose of Collection: Data is retained only as long as necessary to fulfill the purposes for which it was collected, such as providing the service or complying with legal requirements.
- Legal Obligations: Certain data may need to be retained to meet regulatory, tax, or accounting obligations.
- Business Needs: Retention may be required to maintain operational efficiency, resolve disputes, or enforce our agreements.
6.3 Deletion and Anonymization
Personal data is securely deleted or anonymized when it is no longer needed for the purposes outlined above. Anonymized data, which cannot be used to identify you, may be retained indefinitely for research, analytics, and service improvement.
6.4 User Rights Regarding Retention
You have the following rights related to data retention:
- Access and Deletion Requests: You can request access to your personal data or request deletion of your data at any time by contacting us at legal@captide.co.
- Retention Disputes: If you believe your data is being retained unnecessarily, you may raise your concerns with us, and we will review your request in accordance with applicable laws.
6.5 Exceptions to Retention Policy
We may retain certain data for longer periods if:
- Retention is necessary to comply with legal obligations, such as court orders or regulatory requirements.
- Data is required for legitimate business purposes, such as resolving disputes or enforcing agreements.
Section 7. Your Rights and Choices
7.1 Access and Update Your Personal Information
You have the right to access and update your personal information at any time.
- Accessing Your Information: You can view the information we have collected about you by logging into your Captide account or by submitting a formal request to us.
- Updating Your Information: You can update personal details such as your name, email address, and business information directly through your account settings. For other updates, contact us at support@captide.co.
7.2 Manage Marketing Communications
We respect your preferences regarding how we communicate with you.
- Opting Out of Marketing Emails: You can opt out of marketing and promotional emails by clicking the "Unsubscribe" link included in these emails or by contacting us at support@captide.co.
- Transactional Emails: Please note that even if you opt out of marketing emails, you will continue to receive transactional communications necessary for the administration of your account, such as payment receipts and account notifications.
7.3 Cookie Management
You have the right to control how cookies and similar technologies are used. You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies; however, this may impact the functionality of the Captide platform.
7.4 Data Portability
You have the right to request a copy of the personal information you have provided to us in a structured, commonly used, and machine-readable format. This data can also be transferred to another service provider at your request, where technically feasible.
7.5 Right to Delete Your Information
You can request that we delete the personal information we have collected about you, subject to certain exceptions:
- Retention Exceptions: We may retain your information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, or as otherwise required by law.
- Request Deletion: To request deletion of your data, please contact us at legal@captide.co. We will process your request in accordance with applicable laws.
Section 8. Cookies and Tracking Technologies
We use cookies and other tracking technologies to enhance your experience on our platform, analyze usage patterns, and ensure the proper functioning of our services. This section outlines the types of cookies we use, the purposes they serve, and how you can manage your preferences. By using our platform, you consent to our use of cookies and tracking technologies as described in this section. For questions or concerns about our use of cookies, please contact us at legal@captide.co.
8.1 What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They allow us to recognize your browser or device and collect information about your interactions with our platform.
8.2 Types of Cookies We Use
- Essential Cookies: These cookies are necessary for the basic functionality of our platform, such as enabling you to log in, navigate secure areas, and process payments.
- Performance/Analytical Cookies: These cookies collect aggregated and anonymized data on how users interact with our platform, allowing us to improve its functionality and user experience.
- Functional Cookies: These cookies remember your preferences and choices, such as language settings or display preferences, to provide a personalized experience.
- Advertising and Targeting Cookies: These cookies are used to deliver relevant advertisements to you and track the effectiveness of our marketing campaigns. They may also limit the number of times you see an ad.
- Third-Party Cookies: These cookies are placed by third-party services we use, such as analytics and advertising platforms, to enhance your experience and support the functionality of our platform.
8.3 How We Use Cookies
We use cookies and similar technologies for the following purposes:
- To ensure the proper functioning of our platform.
- To analyze and understand user behavior for improving our services.
- To remember your preferences and settings for a personalized experience.
- To deliver targeted advertisements and measure their effectiveness.
- To secure your interactions on our platform, such as during payment processing.
8.4 Managing Your Cookie Preferences
You have control over how cookies are used on your device. Below are the ways you can manage your preferences:
- Browser Settings: Most web browsers allow you to manage or block cookies through their settings. You can typically find these options under the "Privacy" or "Security" section of your browser's settings menu. Note that blocking cookies may impact your ability to use certain features of our platform.
- Cookie Banners: When you first visit our platform, you may see a cookie banner allowing you to accept or manage your cookie preferences. You can revisit and update your choices at any time by accessing the cookie settings in your account or browser.
- Third-Party Tools: You can opt out of targeted advertising by visiting opt-out platforms like the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA).
Section 9. International Users and Compliance
To ensure compliance with relevant data protection laws, we adhere to the following practices for international users:
9.1 Compliance with the General Data Protection Regulation (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, Captide processes your personal data in accordance with the GDPR. This includes:
- Lawful Bases for Processing: Captide only processes personal data where we have a lawful basis, such as (1) your consent, (2) performance of a contract, (3) compliance with legal obligations, and (4) legitimate interests where these are not overridden by your rights.
- Data Subject Rights: As an EEA, UK, or Swiss user, you have the right to (1) access your personal data, (2) correct inaccuracies in your personal data, (3) request erasure of your personal data ("right to be forgotten"), (4) restrict or object to certain types of data processing, (5) request your personal data in a structured, machine-readable format, and (5) withdraw your consent at any time where processing is based on consent.
- Cross-Border Data Transfers: Personal data transferred outside the EEA, UK, or Switzerland is safeguarded through (1) Standard Contractual Clauses approved by the European Commission and (2) supplementary measures, where necessary, to ensure adequate protection.
9.2 Compliance with the California Consumer Privacy Act (CCPA)
For California residents, Captide complies with the CCPA and its amendments. This includes:
- Consumer Rights: California residents have the right to (1) know the categories and specific pieces of personal information we collect, (2) request deletion of their personal data, subject to certain exceptions, (3) opt out of the "sale" or "sharing" of personal information (as defined by the CCPA), and (4) non-discrimination for exercising their privacy rights.
- Transparency: Captide provides detailed information about how we collect, use, and share your personal information, as outlined in this Privacy Policy.
9.3 Data Transfers and Safeguards
For users accessing Captide from outside the United States, we:
- Data Hosting: Store personal data securely on servers located in the United States, utilizing industry-standard encryption and access control measures.
- International Transfer Mechanisms: Ensure all data transfers comply with applicable laws, such as (1) adopting contractual safeguards for data transfers to third countries without adequate data protection laws, and (2) implementing organizational and technical measures to uphold data protection standards.
9.4 Compliance with Other Regional Laws
Captide is committed to adhering to relevant data privacy regulations, including but not limited to:
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA): Ensuring consent-based processing and providing access rights to personal data.
- Australia’s Privacy Act: Protecting personal information under Australian Privacy Principles.
- Other National and Regional Laws: Addressing local requirements as applicable, such as South Africa’s Protection of Personal Information Act (POPIA).
9.5 Your Responsibilities as an International User
By using Captide’s services, you:
- Acknowledge that your personal data may be transferred to, stored, or processed in the United States or other jurisdictions.
- Consent to the transfer of data as described in this Privacy Policy.
- Agree to comply with any applicable local laws governing your use of our services.
Section 10. Payments and Financial Data
This section explains how payment information is collected, processed, and protected during transactions on our platform.
10.1 Third-Party Payment Processing
We utilize Stripe, a trusted third-party payment processor, to manage all transactions. Stripe adheres to stringent security standards, including PCI DSS (Payment Card Industry Data Security Standard) compliance. By using Stripe, we ensure that your financial data is processed securely and in accordance with industry best practices.
- Payment card information (e.g., cardholder name, card number, expiration date, CVV)
- Bank account details for direct payments
- Billing addresses
- Confirmation of payment status (e.g., successful, pending, failed)
- Limited billing information (e.g., name, email, and billing address for invoice generation)
We do not directly collect, store, or have access to sensitive payment details, such as your full credit card number or banking information. For more information about how Stripe manages your data, please review Stripe’s Privacy Policy.
10.2 Financial Data Security
To protect the limited financial information we process, Captide employs the following measures:
- Encryption: All payment-related data transmitted to and from our platform is encrypted using HTTPS protocols.
- Access Controls: Only authorized personnel have access to billing information stored for operational purposes (e.g., invoices).
- Regular Audits: We perform routine checks and audits to ensure compliance with security standards.
10.3 Payment Data Use
The financial data we receive is used for the following purposes:
- Processing transactions and confirming payments
- Generating and sending invoices and receipts
- Managing refunds and chargebacks
- Complying with legal and regulatory obligations
10.4 User Responsibilities
To further enhance the security of your financial transactions, we recommend the following:
- Use secure payment methods and ensure your internet connection is encrypted (e.g., avoid public Wi-Fi during transactions).
- Regularly monitor your financial statements for unauthorized charges and promptly report any suspicious activity.
10.5 Compliance and Legal Requirements
We retain transaction records for as long as necessary to comply with applicable financial, tax, and regulatory requirements. Retention periods vary depending on jurisdiction and the type of data involved.
Section 11. Children’s Data
Captide’s platform and services are not intended for children under the age of 18. We do not knowingly collect, use, or disclose personal data from minors under the age of 18. If you are under 18, please do not use our platform, provide any personal information, or engage with our services.
If we become aware that we have inadvertently collected personal data from a minor under the age of 18, we will take immediate steps to delete the data from our records and systems. Parents or legal guardians who believe that their child has provided us with personal data are encouraged to contact us promptly using the information provided in the Contact Information section of this Privacy Policy.
By using our platform, you affirm that you are at least 18 years of age or are using the platform under the supervision of a parent or guardian who consents to this Privacy Policy.
We are committed to complying with applicable laws, including the Children’s Online Privacy Protection Act (COPPA) in the United States, and similar laws in other jurisdictions, to ensure the protection of children’s data.
Section 12. Policy Updates and Notifications
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.
12.1 Notification of Changes
When significant updates are made to this Privacy Policy, we will notify you in a timely and transparent manner through one or more of the following methods:
- Email Notification: If you have provided us with your email address, we will send a notification to inform you about the changes to the Privacy Policy.
- Platform Notifications: A notification will be displayed on our platform’s dashboard or login screen to alert you of any changes.
12.2 Effective Date of Changes
All changes to this Privacy Policy will include an updated “Effective Date” at the top of the document. Any updates will become effective immediately upon posting or as otherwise communicated in the notice, unless otherwise specified by law.
12.3 Your Responsibility to Review Changes
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. By continuing to use our platform or services after any updates to this Privacy Policy, you acknowledge and accept the revised terms.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise any of your data protection rights, please contact us at legal@captide.co. We are here to help ensure that your privacy is protected and that your inquiries are addressed promptly and effectively.