Privacy Policy

Last updated: 5 May 2026

This Privacy Policy describes how Capitis ("we," "us," or "our") collects, uses, and shares information about you when you use our website at capitis.app and our API services (collectively, the "Services").

What we collect

When you sign up and use Capitis, we collect:

• Account information. Your email address, name (if provided via Google or GitHub), and authentication metadata necessary to maintain your session.
• Usage data. API request logs, click events, and conversion attribution records that you send us through your integration.
• Hashed identifiers. When you use the identity-graph features, we receive HMAC-SHA256 hashes of identifiers you've submitted. We never receive the raw values.
• Billing information. Processed and stored by our payment processor (Stripe). We do not store your payment card details.

How we use information

• To operate, maintain, and improve the Services.
• To send transactional email (sign-in links, account notifications, billing).
• To enforce our Terms of Service and prevent abuse.
• To comply with legal obligations.

Subprocessors

We use the following subprocessors to operate Capitis:

• Hostinger — VPS hosting infrastructure
• Stripe, Inc. — payment processing and billing
• Resend — transactional email delivery
• ImprovMX — inbound email forwarding
• Google LLC — OAuth sign-in (if you choose Google)
• GitHub, Inc. — OAuth sign-in (if you choose GitHub)

A current list of subprocessors is maintained on this page. We will update it when we add or change subprocessors.

Data retention

We retain account information for as long as your account is active. We retain billing records as required by tax law (typically 7 years). We retain usage logs for 90 days for operational purposes.

Your rights

If you are in the EU/EEA, UK, or California, you have rights under GDPR / UK GDPR / CCPA including the right to access, correct, delete, or export your data. To exercise these rights, email privacy@capitis.app.

Cookies

We use only essential cookies for authentication. We do not use tracking or advertising cookies.

Children

Capitis is not directed at children under 16. We do not knowingly collect data from children.

Changes

We may update this policy. Material changes will be announced via email at least 30 days before they take effect.

Contact

Privacy questions: privacy@capitis.app

[Company name placeholder — replace with the legal entity once registered]

[Business address placeholder]