Privacy Policy

a) Account Information

When you register for an account, we collect your first name, last name, and email address. Passwords are hashed and stored securely by our authentication provider, Supabase — we never have access to your plain-text password.

b) Payment Information

Payments are processed by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment card data on our servers. We may receive and store non-sensitive payment metadata such as the last four digits of your card, card brand, expiration date, and billing country, solely for customer support and fraud prevention purposes.

c) User Content

When you use the Service, we process and temporarily store the following:

• Video files you upload for processing.
• Audio extracted from your videos (used for transcription).
• Transcripts, translations, captions, and related outputs generated from your content.
• Caption style preferences and workspace settings.

Uploaded source video files are automatically and permanently deleted from our storage systems (Cloudflare R2) within 48 hours of upload. Transcripts, translations, and captions are retained in your account until you delete them or close your account.

d) Usage and Technical Data

We automatically collect certain information when you access or use the Service:

• IP address and approximate geographic location (country/region).
• Browser type, version, and operating system.
• Pages visited, features used, and time spent on the Service.
• Referral URLs.
• Error logs and crash reports.
• Timestamps of actions taken within the Service.

This data is collected via server logs and Google Analytics (see Section 4).

e) Communications

If you contact us via email or through the Service, we retain records of your communications to provide support and improve the Service.

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Service.
• To process your videos, generate transcripts and translations, and deliver Service outputs.
• To process payments and manage your credit balance.
• To send transactional emails, including account verification, password resets, and transcription completion notifications.
• To respond to your inquiries and provide customer support.
• To detect, investigate, and prevent fraudulent transactions and other illegal activities.
• To enforce our Terms of Service and other policies.
• To comply with legal obligations, including responding to valid legal requests from authorities.
• To analyze usage patterns and improve the Service's features and performance.
• To send important notices about changes to the Service or these policies.

We do not sell your personal information to third parties. We do not use your video content to train our own AI models. Your content may be processed by third-party AI API providers (OpenAI, AssemblyAI) as described below, subject to their respective data practices.

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

Service Providers

We share data with trusted third-party service providers who assist in operating the Service. These providers are contractually obligated to use your data only as necessary to provide their services to us:

Legal Requirements

We may disclose your information if required to do so by law, regulation, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Capto, our users, or the public.

Business Transfers

If Capto is involved in a merger, acquisition, bankruptcy, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Source video files: automatically deleted within 48 hours of upload.
• Extracted audio files: deleted after transcription is complete.
• Transcripts, translations, and captions: retained until you delete them or close your account.
• Account data (name, email, credit balance): retained while your account is active and for a reasonable period after closure.
• Payment records: retained as required by financial and tax regulations (typically 7 years).
• Server and access logs: retained for up to 90 days.
• Support communications: retained for up to 3 years.

You may request deletion of your personal data at any time by contacting info@capto-ai.com. We will process deletion requests within 30 days, subject to any legal retention obligations.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted connections (HTTPS/TLS) for all data in transit.
• Industry-standard JWT-based authentication via Supabase.
• Row-level security on our database, ensuring users can only access their own data.
• Role-based access controls limiting internal access to user data.
• Automatic deletion of source video files within 48 hours.
• No storage of full payment card data on our servers.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at info@capto-ai.com.

Depending on your location, you may have the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal information.
• Erasure ('Right to be Forgotten'): Request deletion of your personal information, subject to legal retention requirements.
• Portability: Receive your personal data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your personal information in certain circumstances.
• Objection: Object to processing of your personal information for certain purposes.
• Withdrawal of Consent: Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at info@capto-ai.com. We will respond to all requests within 30 days. We may need to verify your identity before processing your request.

You will not be discriminated against for exercising any of your privacy rights.

If you are located in the European Economic Area (EEA), European Union (EU), or United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR.

Legal Bases for Processing. We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you have requested (e.g., processing your videos, managing your account and credits).
• Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, improving the Service, and ensuring security — where these interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with applicable laws and regulations.
• Consent: Where you have given explicit consent, such as for marketing communications (if any).

International Transfers. Your personal data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, where required.

Data Protection Authority. You have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have not handled your data lawfully. A list of EEA supervisory authorities is available at ec.europa.eu.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: The right to know what categories and specific pieces of personal information we collect about you, and how it is used and shared.
• Right to Delete: The right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell personal information to third parties.
• Right to Limit Use of Sensitive Personal Information: The right to limit use of sensitive personal information to what is necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at info@capto-ai.com with the subject line "CCPA Privacy Request." We will respond within 45 days.

Categories of Personal Information Collected. In the past 12 months, we have collected the following categories as defined by the CCPA: Identifiers (name, email, IP address); Commercial information (purchase history, credits); Internet or other electronic network activity (usage data); and Audio/visual information (uploaded video/audio content).

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information.

If you are a parent or guardian and believe we have inadvertently collected information from your child under 13, please contact us immediately at info@capto-ai.com.

Users between the ages of 13 and 18 may use the Service only with verifiable parental or guardian consent as described in our Terms of Service.

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential Cookies: Required for authentication, session management, and core Service functionality. Cannot be disabled without impacting your ability to use the Service.
• Analytics Cookies: Used by Google Analytics to collect anonymized information about how visitors use the Service. This helps us improve features and user experience.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive alerts when cookies are set. Note that disabling certain cookies may affect the functionality of the Service.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

We do not use cookies for advertising or behavioral tracking beyond what is described here.

Capto operates globally, and your information may be processed and stored in countries outside your country of residence, including the United States. These countries may have different data protection laws than your own.

By using the Service, you consent to the transfer of your information to countries outside your jurisdiction. Where required by law, we implement appropriate safeguards (such as Standard Contractual Clauses) to protect your information during international transfers.

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the revised policy on this page with an updated "Last Updated" date.
• Sending an email notification to the address associated with your account.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy inquiries within 30 days (or within the timeframe required by applicable law).