Back

PRIVACY POLICY

Last updated: February 28, 2026

Overview

Capsule ("we", "our", or "the app") is a voice-first personal assistant that helps you capture and organize your thoughts. This Privacy Policy explains how we collect, use, and protect your information in compliance with GDPR, CCPA, and other privacy regulations.

Information We Collect

When you use Capsule, we may collect:

  • Voice recordings: Audio captured when you hold the button to record. Recordings are processed to transcribe your speech and are not stored permanently unless you choose to save them.
  • Transcriptions: Text versions of your voice recordings, stored securely to enable search and organization features.
  • Photos: Images you capture or upload for AI analysis and organization.
  • Account information: Email address and authentication data when you create an account. Upon signup, we send a welcome email to the address you provide via our transactional email provider (Resend). You may opt out of non-essential communications at any time by contacting us at privacy@capsl.life.
  • Subscription and payment status: Subscription tier (free, Capsule+, or Pro), payment status (active, failed, or canceled), and billing identifiers from our payment processor (Stripe). We do not store full card numbers; payment method details are held by Stripe under their own privacy policy.
  • Usage data: Anonymous analytics about how you use the app to help us improve the experience (with your consent).

AI Processing Services

Capsule uses third-party AI services to provide transcription and classification features. By using Cloud AI mode, you consent to your data being processed by these services:

  • OpenAI Whisper: Voice recordings are sent to OpenAI's servers for speech-to-text transcription. OpenAI processes the audio and returns the transcribed text. Audio is not retained by OpenAI after processing. OpenAI's privacy policy: openai.com/privacy
  • Anthropic Claude: Text and images are sent to Anthropic's servers for AI-powered classification into life lenses (Self, Home, Work, Health, Future). Anthropic does not use your data to train models. Anthropic's privacy policy: anthropic.com/privacy

Biometric Data Disclosure: Voice recordings may constitute biometric data under certain jurisdictions (e.g., Illinois BIPA, Texas CUBI, Washington state biometric law). When you use Cloud AI mode, your raw voice audio is transmitted to OpenAI's servers for transcription. Voice characteristics (pitch, cadence, accent) are inherent in audio data. OpenAI processes the audio solely for speech-to-text conversion and does not retain voice data after processing. By enabling Cloud AI transcription, you explicitly consent to this transmission and processing of your voice data. You may withdraw consent at any time by switching to Local-Only mode in your privacy settings.

Local-Only Mode: You can choose Local-Only mode during onboarding, which uses your device's built-in Web Speech API for transcription. In this mode, no voice data is sent to third-party AI providers. Note that local transcription may be less accurate and does not include AI classification features.

Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on the following legal bases:

  • Consent (Article 6(1)(a)): For AI processing via third-party providers, analytics tracking, and marketing communications.
  • Contract Performance (Article 6(1)(b)): To provide the Capsule service features you've signed up for.
  • Legitimate Interest (Article 6(1)(f)): For security, fraud prevention, and service improvement.

How We Use Your Information

Your information is used to:

  • Transcribe voice recordings into searchable text
  • Categorize and organize your captures using AI
  • Sync your data across devices (when signed in)
  • Improve the app based on anonymous usage patterns (with consent)
  • Send service-related notifications

Data Retention

We retain your data according to the following schedule:

  • Voice recordings: Deleted immediately after transcription completes. We do not store raw audio files.
  • Transcriptions and captures: Stored until you delete them or delete your account.
  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Analytics data: Anonymized and aggregated. Individual session data retained for 90 days.
  • AI processing logs: Our AI providers (OpenAI, Anthropic) do not retain your data after processing per their respective data retention policies.
  • Trial accounts: If your trial expires without upgrading, your account data is retained for 30 days before deletion. You may export your data at any time during this period.
  • Failed payment recovery: If a payment fails, your account is downgraded to the free tier. Your captures remain accessible. Stripe may retry the charge for up to 7 days per our billing settings. Account data is not deleted due to payment failure.
  • Orphaned media: Audio and image files in cloud storage that become unlinked from a capture record (e.g., due to a sync error) are automatically cleaned up within 30 days by our retention policy process.

Data Processors & DPA Status (GDPR Art. 28)

Under GDPR Article 28, we have Data Processing Agreements (DPAs) in place with all third-party processors who handle your personal data. The following processors are engaged in providing the Capsule service:

  • Anthropic (Claude AI): Processes text and images for AI classification into life lenses. DPA executed under Anthropic's standard data processing terms (available at anthropic.com/legal/privacy). Anthropic is certified under the EU-US Data Privacy Framework.
  • OpenAI (Whisper): Processes voice audio for speech-to-text transcription (Capsule+ and Pro tiers). DPA executed under OpenAI's data processing addendum (available at openai.com/policies/data-processing-addendum). OpenAI is certified under the EU-US Data Privacy Framework.
  • Supabase: Primary database and file storage provider. DPA available under Supabase's enterprise data processing terms. Supabase offers EU data residency and is GDPR-compliant.
  • Stripe: Payment processing and subscription management. Stripe is certified under the EU-US Data Privacy Framework and maintains a comprehensive DPA available at stripe.com/legal/dpa. Payment card data is processed by Stripe and never stored by Capsule.
  • Vercel: Application hosting and edge delivery. DPA available under Vercel's data processing addendum. Vercel is GDPR-compliant with EU data transfer safeguards.
  • PostHog: Anonymous product analytics (with your consent). PostHog is GDPR-compliant and offers EU cloud hosting. Data is anonymized before transmission.To withdraw analytics consent at any time, go to Profile → Privacy Settings and toggle off “Anonymous Analytics”. PostHog will immediately stop collecting new events, and you may request deletion of historical analytics data by contacting us at privacy@capsl.life.
  • Resend: Transactional email delivery (account notifications, verification emails). Resend is GDPR-compliant. Only your email address is shared for the purpose of delivering service emails.
  • Sentry: Error monitoring and crash reporting. Personal data in error reports is masked before transmission (user IDs are hashed, PII is scrubbed).

You may request a copy of any DPA by contacting us at privacy@capsl.life.

International Data Transfers (GDPR Chapter 5)

Your data may be transferred to and processed in the United States and other countries where our service providers operate. Post-Schrems II, EU→US transfers require an approved transfer mechanism. We rely on the following:

  • EU-US Data Privacy Framework (DPF): Anthropic, OpenAI, Stripe, and Vercel are certified under the EU-US DPF (successors to Privacy Shield), which the European Commission recognized as providing an adequate level of data protection in its July 2023 adequacy decision.
  • Standard Contractual Clauses (SCCs): For processors not covered by the EU-US DPF, we rely on the European Commission's Standard Contractual Clauses (2021/914) as the transfer mechanism. SCCs are incorporated into our DPAs with all relevant processors.
  • Technical safeguards: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) regardless of transfer mechanism.

Our primary data storage is provided by Supabase, which offers data residency options and complies with GDPR requirements. For EU users, data is stored in Supabase's EU region where technically feasible.

Data Storage & Security

Your data is stored securely using industry-standard encryption. Voice recordings are processed using secure AI services and are not retained after transcription unless you explicitly save them. We use Supabase for secure data storage with row-level security. By default, your captures are encrypted in transit (TLS 1.3) and protected by Row-Level Security. Users who enable Vault Mode receive additional AES-256-GCM encryption at rest.

Vault Mode: If you choose Vault Mode, your data is encrypted on your device using a key derived from your password. We cannot access your encrypted data - only you can decrypt it with your password and recovery phrase.

Health Information (PHI)

Captures classified under the "Health" lens may contain Protected Health Information (PHI). We treat this data with additional care:

  • When Vault Mode is enabled, health captures are encrypted on your device using AES-256-GCM via the Vault feature. Encryption keys are derived locally from your password and never leave your device. Without Vault Mode, health data is protected by standard transport encryption (TLS 1.3) and Supabase row-level security
  • We do not share health data with advertisers or third parties
  • Health data is only processed by AI for classification purposes (not diagnosis or medical advice)
  • Warning: Capsule is not a medical device and should not be used for medical diagnosis or treatment decisions

HIPAA Disclaimer: Capsule is not a HIPAA-covered entity and does not claim HIPAA compliance. We do not provide healthcare services or act as a business associate to any covered entity. While we apply additional safeguards to health-classified captures (encryption, consent gating, audit logging), users should not store protected health information (PHI) that requires HIPAA-level protections. If you need HIPAA-compliant storage, please use a dedicated healthcare platform.

Microphone Access

Capsule requires microphone access to record voice notes. The microphone is only active when you press and hold the capture button. We never record audio in the background or without your explicit action.

Third-Party Services

We use the following third-party services:

  • OpenAI Whisper: For speech-to-text transcription (Cloud AI mode only)
  • Anthropic Claude: For AI classification and image analysis (Cloud AI mode only)
  • Supabase: For secure data storage and authentication
  • Vercel Inc.: For hosting and deployment. Vercel processes request metadata (IP addresses, headers) as part of serving the application. See Vercel's Privacy Policy.
  • PostHog: For analytics (with your consent)
  • Stripe: For payment processing (subscription plans)
  • Resend: For transactional email delivery (account notifications, subscription updates, parental consent verification). Resend processes recipient email addresses and message content solely for delivery. See Resend's Privacy Policy.
  • Cloudflare Turnstile: For bot protection on forms (signup, waitlist). Turnstile verifies that interactions come from real users without traditional CAPTCHAs. It collects limited browser signals but does not track users across sites. See Cloudflare's Privacy Policy.
  • Sentry: For error tracking and performance monitoring. When errors occur, Sentry collects technical information (error messages, stack traces, browser type, and anonymized session data) to help us fix issues. Session replays are anonymized with all text masked and media blocked. User IDs may be included for debugging but emails and PII are never sent. Data is retained for 90 days. Sentry operates in the US; data transfers are protected by Standard Contractual Clauses (SCCs). See Sentry's Privacy Policy.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. However, you can opt out of sharing for targeted advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at privacy@capsl.life. We will respond within 45 days.

Do Not Sell or Share My Personal Information

Capsule does not sell your personal information. We do not sell, rent, or trade your data to third parties for monetary or other valuable consideration.

We respect the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, we will automatically treat it as a valid opt-out request for any data sharing for targeted advertising purposes.

To submit a Do Not Sell or Share request manually, you may contact us at privacy@capsl.life with the subject line "Do Not Sell Request." We will process your request within 15 business days and will not discriminate against you for exercising this right.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data. To exercise your right to rectification, please contact us at support@capsl.life or update your captures directly in the app.
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise these rights, use the in-app Settings or contact privacy@capsl.life.

Children's Privacy (COPPA)

Capsule is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@capsl.life.

If we discover that we have collected personal information from a child under 13, we will delete that information immediately. Users between 13 and 18 should have parental consent before using Capsule.

Cookies and Tracking

We use essential cookies for authentication and app functionality. Analytics cookies are only used with your explicit consent. For detailed information about our cookie practices, see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and sending you an email notification if you have an account. Your continued use of Capsule after changes constitutes acceptance of the updated policy.

Data Protection Officer

We have designated a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring compliance with GDPR and other applicable privacy regulations.

DPO Contact: dpo@capsl.life

You may contact our DPO directly for any questions regarding the processing of your personal data, to exercise your data protection rights, or to file a complaint about how we handle your information. We will respond within 30 days of receipt.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.

Contact Us

If you have any questions about this Privacy Policy or want to exercise your privacy rights, please contact us at: