Loading...
Effective date: 2025-05-02
CapyFin ("CapyFin", "we", "us", or "our") is a company registered in Malta with address at Burmarrad Road, Level 2, The Fort Hardrocks Business Park, Naxxar, NXR 6345, Malta.
This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website and related services (collectively, the "Service"), including our subscription products and API.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
When you create an account or sign in, we collect:
You can sign in using email/password or using third-party OAuth providers (for example, Google or LinkedIn). When you sign in with an OAuth provider, we receive information from that provider such as your name, email address, and a provider-specific identifier. We use this to create or link your account and authenticate you.
We do not intentionally request sensitive profile data from OAuth providers (such as contacts). The exact data shared depends on the provider and your provider settings.
If you purchase a subscription, payments are processed by our third-party payment processor (Stripe). We do not store your full payment card details on our servers.
We may receive limited payment-related information from Stripe as needed to provide subscriptions, billing, handle disputes, and provide support (for example, payment status, billing country, card brand, and partial card identifiers like the last 4 digits).
We collect minimal usage information to understand how the Service is used and to keep it secure. This may include:
We use IP addresses primarily to deliver the Service, maintain security, and derive visitor country for country-level analytics. We do not use precise location data.
Please note that our infrastructure providers (for example, content delivery, security, and hosting providers) may also process IP addresses and may retain IP addresses in their server or security logs for limited periods under their own policies, such as for abuse prevention, performance, and reliability.
If you use the API, we may log API requests for security, reliability, and billing, such as request timestamps, endpoints called, response status codes, and identifiers needed to attribute usage to your account or API key.
We also use monitoring/logging tools (for example, Better Stack) to help detect errors and maintain reliability. Our application logs are configured to avoid including direct personal identifiers (such as names and emails) where feasible. Some technical metadata may still be processed to troubleshoot and secure the Service.
We use Personal Data and Usage Data to:
If you are in the EU/EEA (or where GDPR otherwise applies), we process Personal Data under one or more of the following legal bases:
We use a limited set of cookies and similar technologies to run the Service, keep you signed in, and process payments. We do not run ads and we do not use advertising cookies.
Cookies we may use include:
You can control cookies through your browser settings. If you disable certain cookies, parts of the Service (such as login or payments) may not work properly.
If we ever introduce non-essential cookies or similar technologies that require consent under applicable law, we will request your consent before using them.
We use trusted vendors to help us operate the Service. These vendors may process information on our behalf as Processors (subprocessors). They are authorized to process information only as needed to provide services to us.
Subprocessor list (may change): We may update this list from time to time as our infrastructure evolves. We will update this Privacy Policy (or an associated page) when we make material changes to our subprocessors.
We may disclose information if we believe it is reasonably necessary to comply with a legal obligation, protect the security of the Service, prevent fraud or abuse, or protect the rights, property, or safety of CapyFin, our users, or others.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to applicable law.
We do not sell your Personal Data. We do not rent or trade Personal Data. We do not share Personal Data for cross-context behavioral advertising.
We retain Personal Data only as long as necessary to provide the Service and for legitimate and lawful business purposes.
Some service providers (for example, security and hosting providers) may retain server and security logs under their own retention policies.
We are based in Malta. Our service providers may process information in countries outside your country of residence, including outside the EU/EEA. Where required, we use appropriate safeguards for international transfers, such as contractual protections (for example, standard contractual clauses) and working with providers that support GDPR-compliant transfer mechanisms.
We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
If GDPR applies, you may have the right to request access to, rectification of, deletion of, or restriction of processing of your Personal Data, and to object to processing. You may also have the right to data portability.
Where we rely on consent, you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise your rights, email us at info@capyfin.com. We may ask you to verify your identity before responding.
If you are a California resident, you may have rights to know, access, correct, or delete certain Personal Data. We do not sell Personal Data and we do not share Personal Data for cross-context behavioral advertising.
To make a request, email info@capyfin.com. We may need to verify your identity before completing your request.
Some browsers offer a "Do Not Track" signal. There is no widely adopted standard for how to interpret DNT, and we do not respond to DNT signals with a different data-processing behavior. However, we do not run ads and we do not track users across third-party websites for behavioral advertising. You can still control cookies through your browser settings, noting that essential cookies are required for login and payments.
If you are in the EU/EEA, you have the right to lodge a complaint with your local supervisory authority. As we are based in Malta, our lead supervisory authority is the Office of the Information and Data Protection Commissioner (IDPC).
We would appreciate the opportunity to address your concerns first, so please contact us at info@capyfin.com.
The Service may contain links to third-party websites. We do not control and are not responsible for their content or privacy practices. We encourage you to read the privacy policies of any third-party websites you visit.
The Service is not intended for children under 18. We do not knowingly collect Personal Data from children under 18. If you believe a child has provided us Personal Data, please contact us and we will take appropriate steps.
We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the effective date above. If changes are material, we may provide additional notice through the Service or by email.
If you have questions or requests regarding this Privacy Policy, contact us:
By email: info@capyfin.com