Privacy Policy

1. Introduction

At CapturN ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our voice-to-text application and services (the "Service").

CapturN operates with no backend infrastructure for storing your notes or voice data. Everything stays on your device or syncs directly to your own Notion or Google accounts. We have zero visibility into your content and zero access to your notes.

We are committed to transparency and building a service that respects your privacy. We do not collect, store, or sell your personal data. Your voice recordings and transcriptions are processed solely to provide you with the Service and are sent directly to your connected services.

2. Information We Collect

2.1 Information You Provide

• Voice Recordings: When you use the voice capture feature, your voice is recorded temporarily for transcription purposes only
• Authentication Tokens: When you connect to Notion or Google Calendar, we receive OAuth tokens to authenticate and access these services on your behalf
• Email Address: We collect your email address for account management, waitlist registration, and important service communications

2.2 Automatically Collected Information

• Device Information: Device type, operating system, app version
• Usage Data: App features used, frequency of use, and error logs (anonymized)
• Technical Data: IP address (for security purposes only), crash reports

2.3 Information We Do NOT Collect or Store

CapturN has no backend for user content. All your data flows directly from your device to your connected services (Notion, Google Calendar). We never have access to:

• Your voice recordings (deleted immediately after transcription)
• Your transcribed voice notes or content
• Your Notion database content
• Your Google Calendar events
• Any personal information beyond what's listed above

3. How We Use Your Information

We use the collected information solely to:

• Provide the Service: Process your voice recordings, transcribe them, and sync data with your connected services
• Authenticate Connections: Maintain secure connections to Notion and Google Calendar using OAuth tokens
• Improve the Service: Analyze anonymized usage patterns to improve features and fix bugs
• Communicate with You: Send service-related notifications, updates, and support messages
• Ensure Security: Detect and prevent fraudulent activity, abuse, and security threats
• Comply with Legal Obligations: Respond to legal requests and prevent harm

4. How We Process Your Voice Data

4.1 Voice Recording Process

When you record a voice note:

1. Your voice is recorded locally on your device
2. The recording is sent to a transcription service (OpenAI Whisper API for Pro users, or native device transcription for free users)
3. The transcribed text is returned to your device
4. The original voice recording is immediately deleted (we operate with no backend storage for your content)
5. The transcribed text is processed by AI to extract structured information
6. The structured data is sent directly to your Notion workspace or stored locally in the app
7. We never retain any copy of your voice recording or transcribed text on our servers

Important: Even when using OpenAI Whisper for Pro transcription, the audio file only transits through the service for processing and is not stored by us. Your content never touches our backend infrastructure.

4.2 Offline Functionality

When you use CapturN offline, all voice recordings and transcriptions are processed and stored locally on your device. When you reconnect to the internet, the structured data is synced to your connected services. The original recordings remain on your device until you delete them.

5. Third-Party Services and Data Sharing

We integrate with third-party services to provide our functionality. Your data is shared with these services only as necessary to provide the Service:

5.1 Notion

When you connect your Notion account:

• We use the official Notion Public API to read your database structures and write new entries
• Your transcribed and structured notes are sent directly to your Notion workspace
• We only access databases you explicitly authorize during setup
• Notion's Privacy Policy governs how they handle your data: https://www.notion.so/privacy
• You can revoke access at any time through your Notion integrations settings

5.2 Google Calendar (Pro Only)

When you connect your Google Calendar:

• We use the official Google Calendar API to read your calendar events and create new events
• We access your calendar data only when you use the automated scheduling feature
• Calendar data is used to detect conflicts and find optimal time slots
• We do not store your calendar events on our servers
• Google's Privacy Policy governs how they handle your data: https://policies.google.com/privacy
• You can revoke access at any time through your Google Account permissions

5.3 OpenAI (Pro Only)

Pro users benefit from OpenAI's Whisper API for transcription:

• Voice recordings are sent to OpenAI for transcription
• OpenAI does not retain audio recordings or transcriptions beyond processing
• OpenAI's API Data Usage Policy: https://openai.com/policies/api-data-usage-policies

5.4 Other Service Providers

We may use additional service providers for:

• Payment Processing: Stripe or similar services for subscription payments (they handle payment information directly; we never see your credit card details)
• Analytics: Anonymized usage analytics to improve the Service
• Hosting: Cloud infrastructure providers for app hosting and delivery
• Email Services: For sending transactional emails and service notifications

6. Google API Services User Data Policy

CapturN's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request access to Google user data necessary to provide the automated scheduling feature
• We use Google user data only to provide or improve user-facing features
• We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable law, or as part of a merger/acquisition with user notice
• We do not use Google user data for serving advertisements
• We do not allow humans to read Google user data unless: (a) we have user consent, (b) it's necessary for security purposes, (c) to comply with applicable law, or (d) the data is aggregated and anonymized

7. Data Retention and Deletion

We retain different types of data for different periods:

• Voice Recordings: Deleted immediately after transcription (typically within seconds)
• Transcribed Content: Not stored on our servers; only on your device and in your connected services
• Authentication Tokens: Stored securely until you revoke access or delete your account
• Account Information: Retained until you delete your account
• Usage Data: Anonymized analytics retained for up to 2 years to improve the Service
• Logs and Technical Data: Retained for up to 90 days for security and debugging purposes

When you delete your account, we immediately delete or anonymize all personal information associated with your account, except where we must retain data to comply with legal obligations.

8. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Secure Authentication: OAuth 2.0 for third-party service connections
• Secure Storage: Authentication tokens are stored encrypted on your device
• Access Controls: Strict access controls to any system components
• Regular Audits: Regular security audits and updates
• No Data Retention: Your voice recordings and content are never stored on our servers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Data Portability: Request a copy of your data in a machine-readable format
• Objection: Object to certain processing of your personal information
• Withdraw Consent: Withdraw consent for processing based on consent

9.2 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to restriction of processing
• Right to lodge a complaint with a supervisory authority
• Right to be informed about international data transfers

9.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed and to whom
• Right to opt-out of the sale of personal information (Note: We do not sell your personal information)
• Right to non-discrimination for exercising your CCPA rights

9.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@capturn.app. We will respond to your request within 30 days. You can also:

• Delete your account directly from the app settings
• Revoke Notion access through your Notion integrations settings
• Revoke Google access through your Google Account permissions

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws through:

• Standard contractual clauses approved by the European Commission
• Ensuring third-party service providers comply with applicable data protection laws
• Implementing appropriate safeguards for international transfers

11. Children's Privacy

CapturN is not intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@capturn.app, and we will delete the information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Sending an email to the address associated with your account
• Posting a notice in the app
• Updating the "Last Updated" date at the top of this policy

Your continued use of the Service after we make changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@capturn.app
Website: https://capturn.app

For data protection inquiries from EEA users, you may also contact our Data Protection Officer at: dpo@capturn.app

14. Legal Basis for Processing (GDPR)

For users in the EEA, we process your personal information based on the following legal grounds:

• Contract: Processing necessary to provide the Service you requested
• Consent: You have given explicit consent for specific processing activities
• Legitimate Interests: Processing necessary for our legitimate interests (e.g., improving the Service, security)
• Legal Obligation: Processing necessary to comply with legal requirements