Capsule
Terms of ServiceLog in

Legal

Privacy Policy

Last updated: May 30, 2026  ·  Effective: May 30, 2026

We built Capsule for developers who care about reliability and trust. That means being equally transparent about how we handle your data.

1. Overview

Capsule, Inc. ("Capsule", "we", "us", "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what data we collect when you use the Capsule platform and developer tools (the "Service"), how we use it, and your rights regarding that data. By using the Service you agree to the practices described here.

2. Data We Collect

We collect the following categories of data: • Account data: name, email address, hashed password, and billing information provided at registration. • Session data (Customer Data): AI agent execution traces, tool call logs, LLM inputs and outputs, and any other data you choose to capture using the Capsule SDK. This data is owned by you — see Section 5 for details. • Usage data: API request logs, dashboard activity, feature usage, error reports, and session metadata (timestamps, duration, status, token counts). • Device and technical data: IP address, browser type, operating system, and referrer URL collected automatically when you visit the Capsule website or dashboard. • Communications: support tickets, emails, and feedback you send us.

3. How We Use Your Data

We use the data we collect to: • Provide, operate, and improve the Service. • Authenticate your identity and secure your account. • Process billing and send invoices. • Send transactional emails (account creation, password reset, usage alerts). • Send product updates and announcements — you can opt out at any time. • Investigate and resolve security incidents or Terms of Service violations. • Comply with legal obligations. We do not use your Customer Data (agent session captures) to train machine learning models, and we do not sell your personal data to third parties.

4. Customer Data (Agent Sessions)

Customer Data — the agent execution sessions, traces, and logs you capture via the Capsule SDK — belongs to you. Capsule processes it only to provide the Service: storing, indexing, and displaying it in your dashboard, and making it available via our API. Customer Data is logically isolated per account. Our employees access Customer Data only with your explicit permission (e.g., to resolve a support request) or when required by law. You can delete your Customer Data at any time from the dashboard or via the API.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share data with: • Service providers: cloud infrastructure (storage, compute), payment processors, and email delivery services — bound by confidentiality obligations and only given access to data they need to perform their function. • Legal requirements: we may disclose data when required by law, court order, or to protect the rights, property, or safety of Capsule, our users, or the public. • Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to equivalent privacy protections. • With your consent: we may share data for other purposes when you give explicit permission.

6. Data Retention

We retain account data for the lifetime of your account. Session captures and Customer Data are stored according to your plan limits and any retention settings you configure. After account deletion, Customer Data is purged within 30 days and account data within 90 days, unless we are required to retain it longer by law. Aggregated, anonymized usage statistics may be retained indefinitely.

7. Security

Capsule implements industry-standard security controls including encryption in transit (TLS 1.2+), encryption at rest, network isolation, access controls with least-privilege principles, and audit logging. We pursue SOC 2 Type II compliance. However, no system is completely secure. If you discover a vulnerability, please report it responsibly to security@capsule.dev. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

8. Cookies and Tracking

We use essential cookies to maintain your authenticated session and remember preferences. We use analytics cookies (such as basic usage counters) to understand how the Service is used — no advertising networks are used. You can disable non-essential cookies in your browser settings, though this may affect functionality. We do not use tracking pixels or cross-site tracking technologies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data: • Access: request a copy of the personal data we hold about you. • Correction: request correction of inaccurate data. • Deletion: request deletion of your personal data ("right to be forgotten"). • Portability: receive your data in a machine-readable format. • Restriction: request that we restrict processing of your data. • Objection: object to processing based on legitimate interests. • Withdraw consent: where processing is based on consent, withdraw it at any time. EU/EEA and UK residents have additional rights under GDPR/UK GDPR. California residents have rights under CCPA. To exercise any of these rights, contact privacy@capsule.dev. We will respond within 30 days.

10. International Data Transfers

Capsule is operated from servers that may be located outside your country of residence. By using the Service you consent to the transfer of your data to these locations. For transfers from the EU/EEA or UK, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by applicable data protection law.

11. Children

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we learn that we have inadvertently collected such data, we will delete it promptly. If you believe a child has provided us personal data, please contact privacy@capsule.dev.

12. Data Processing Agreement

If you use Capsule to process personal data on behalf of your end users (e.g., your AI agents interact with user data), Capsule acts as a data processor and you act as the data controller. Enterprise customers may request our standard Data Processing Agreement (DPA) at legal@capsule.dev. The DPA governs our obligations as processor under GDPR and equivalent regulations.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated by email or a prominent notice in the dashboard at least 14 days before taking effect. The current version is always available at capsule-five-delta.vercel.app/privacy. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. Contact and Data Controller

Capsule, Inc. is the data controller for personal data collected through the Service. For privacy-related questions, requests, or complaints, contact us at privacy@capsule.dev. If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

Terms of Service·privacy@capsule.dev·© 2026 Capsule, Inc.