capytal/privacy-policy
1
0
Fork 0
Code Issues Pull Requests Activity
Files
97f33f11b7e4fa779d418a2b2bc1ad30bd83cbe0
privacy-policy/PRIVACY_POLICY.md

21 KiB
Raw Blame History

title, created, modified
title created modified
Privacy Policy 2025-04-08T09:52:54-03:00 2025-04-24T11:23:47-03:00

Privacy Policy

This privacy policy describes how Capytal ("capytal.cc", "we", "us", "Capytal.cc") may collect personal information and to what degree when you use our websites and services ("Service", "Services"), such as when you:

  • Visit our website at https://capytal.cc;
  • Access our services under one of our domains: "capytal.cc", "capytal.company", and/or "lored.dev";
  • Access any website of ours that links to this privacy notice;
  • Use downloadable software provided by us;
  • Engage with us in other related ways, including any sales, marketing, or events.

[!tldr] Too Long; Didn't Read (TL;DR)

We do not sell your data to third parties and do not use personally identifiable information on our analytics tools. No data about you is accessed or used for marketing purposes without your explicit concent.

Capytal is developed and founded by people who care about privacy and data ownership, and we do our best to preserve your privacy and to comply with regulations such as GDPR, LGDP and CCPA. We carefully balance these values and responsibilities while still providing useful data to our developers and administrator to better understand our users and prioritize functionalities for them.

If you do not want to have any amount of Usage Data being collected by our analytics tools about yourself and you devices while accessing or using our Services, you are free to block requests to the "analytics.capytal.company" domain (browser extensions such as uBlock Origin are able to block them by default).

What We Collect Automatically

  • Hashed IP Logging: Hashed IP addresses may appear in log files. Logs older than 7 days are deleted. However your hashed IP address may be retained permanently if you are engaged in activities that we consider abuse of our Services (spamming, DDoS attacks, brute force attacks, etc).

  • HTTP Headers: Your browser sends us additional data in each HTTP request to access our Services, these are HTTP Headers. We may collect some of this data to customize and better serve our Services, for example: "Accept-Language" header to know what languages you prefer using; "Content-Type" header to know what format your browser accepts; "User-Agent" header which includes information about your browser type, device and operating system. Some of this data may also be processed and stored by our analytics tool, see Analytical and Usage Data for more information.

  • Analytics and Usage Data: We use a self-hosted script and analytics tool (Medama) to provide us additional Usage Data on how you use and interact with our Services. All Usage Data is anonymized by default, our analytics tool does not collect any personal data or personally identifiable information. More info on Analytical and Usage Data section.

  • Error and Crash Reports: We may collect information about errors that you encounter during the usage of our Servives, so our developers can fix bugs rapidly. Such reports in most cases are not personally identifiable information, and the collection of this data can be opted-out depending on which Service you are using.

Analytical and Usage Data

We use Medama, a self-hosted, privacy-aware and open-source analytics tool, to provide additional data on how you interact with our Services ("Usage Data"). All Usage Data is anonymized and cannot be pointed to you or any other specific user, regardless of if you are registered in one of our Services or not.

Our Medama instance is hosted and served under the "analytics.capytal.company" domain. You are free to block, using methods such as browser extensions or DNS rewrites, this domain to prevent Usage Data being collect by you. Currently, we do not provide a first-party method to disable Usage ata being collected by default.

The following Usage Data is collected to provide us insights on how users interact with our Services:

  • HTTP Headers: We collect some additional information your browser sends us when it accesses our Services. Some of this data includes: "Accept-Language" header to understand what languages our users use, which helps us prioritize language translations of our Services; "User-Agent" header which includes information about your browser type, device, and operating system to help us prioritize support of specific platforms and devices.

  • Location: Capytal collects what country you are accessing our Services from, this help us better understand what culture, languages, timezones, etc. we should consider while pricing, marketing, and developing our products. We do not use IP addresses or IP geolocation to determine your location, instead we determine your country based on your browser's timezone. We cannot determine your exact city or region, this is intentional to preserve the privacy of our users.

  • Accessibility Settings: We may collect information about accessibility settings of your browser or device when you access a page of our products or use one of our software. This helps us understand what accessibility concerns we should prioritize while developing our Services.

  • Page Events: When you access, interacts or exits a page in one of our Services, we collect that information. Information collected includes, but is not exhaustive to:

    • Timestamps of the event;
    • A randomly generated ID;
    • Event type ("load" or "unload");
    • Page URL;
    • Referrer URL;
    • Are you a new visitor or not;
    • Has you visited the same page before;
    • Timezone of your browser or system;
    • Time spent on a page in milliseconds;
    • Additional metadata about events (such as if you are logged on the Service or not; what page theme are you using; clicked links or buttons such as for downloading a file or contacting us).

We do not use IP addresses or Cookies to determine unique visitors. To preserve privacy and nor rely on personal identifiable information, our analytics tool uses a browser cache-based approach to track unique visitors of our Services. If you visit one of our Services websites, your browser will cache our tracking script, and reuses it on the future instead of requesting to our servers again. This allows us to differentiate between new and returning visitors, and does not allow us to identify individual users.

What Personal Data We Collect

Capytal just collects personally identifiable information ("PII") when you disclose it to us while using our Services. We do not collect PII and Usage Data in a matter that one can be associated with another. All Usage Data collected automatically, as mentioned above, is anonymized and cannot be associated with a specific user.

Identity & Access

In order to create an account in our Services, we require some personal information such as:

  • Username: Your username is used to allow you to log in to our Services.
  • Password: A password to securely access our Services may be required. We store a hashed version password derivate from yours.
  • Email: We may require an email address to be able to access our Services and to contact you. We never sell your email to third-parties.
  • Service specific additional data: You may disclose to us additional data required to use one of our Services. This includes, for example, but is not exhaustive to:
    • Messages, posts and chats;
    • Images, videos, and other user-generated content;
    • Technical information, such as log files or hardware specification, may be requested in Services focused on bug tracking and report;
    • Your public SSH keys, used on, for example, our Forge service.

We do not sell your personal information to third parties, and we don't use your name and content in marketing statements without your permission either.

Third Party Integrations

We may collect information that you disclose to us when you connect a third party account or service with our Services. You may disconnect and break the integration with us and a third party account/service at any moment. Examples of this includes, but are not exhaustive to: logging into our services via "Login With" buttons (known as OAuth Providers, such as Google, Facebook, SimpleLogin); connecting social media accounts such as Bluesky, X (formerly Twitter), Instagram, etc.; integrate your Patreon or Ko-Fi accounts to provide paywalled content to your supporters.

Federated Services

Our Services may collect data from similar federated services which interact and share data with our Services. Said data, most of the cases, is user-generated content such as messages, chats, public content, etc., and may or may not contain personally identifiable information. Examples of federated includes, but are not exhaustive to: ActivityPub-compatible services, such as Mastodon instances; real-time communication systems compatible with the Matrix specification.

Voluntary Correspondence

We collect and keep information that you disclose to us when you write to us a question, ask for help, open a support ticked or open a bug report. That's so we can have a history of past information to reference if you reach in the future.

What We Use Your Personal Information For

  • Core functionality: Some of our Services require personal information to work properly. In some cases, you can substitute information for pseudonymous. Most Services on Capytal require some degree of personal information to provide core functionality.
  • Moderation and Protection: Your information might be collected in automatically-generated log files to detect malicious activity, to aid moderation of other users, or to detect bots that are improperly programmed.

How We Secure Your Data

Capytal employs a variety of security measures to protect personal information from being breached by malicious actors. These measures include hashing, encryption, containerization and other industry-standard measures.

All data transmitted from our servers to your browser is encrypted via SSL/TLS by default.

When We Access or Share Your Information

At Capytal, our default practice is to not access or share your information to third-parties. The only times we access your information is to help troubleshoot or fix software bugs, with your permission, and to investigate potential abuse if necessary. Sharing of your information with third-parties is just practiced when necessary to provide our Services or when required under applicable law. In more details, this means that the only times we access or share your information are:

  • To troubleshoot or fix a software bug, with your permission. If at any point we need to access your account to help you with a support ticked, issue report, or answer a question, we will ask for your consent before proceeding.

  • To investigate, prevent or take action regarding abuse and restricted uses of our Services. We access a user's account when investigating potential abuse, however, this is a measure of last resort. Capytal has a duty to protect the privacy and safety of yours and our users, and the people reporting issues to us. We apply our best to balance those responsibilities throughout the process on a case-by-case basis. If it is discovered that you are using our Services for a restricted purpose, we will report the incident to the appropriate authorities.

  • Your information may be requested by legal authorities when required under applicable law, and used for legal and regulatory responsibilities if necessary. We cannot deny the access to your information when appropriate law enforcement authorities have the necessary warrant or court order requiring us to share your data. Unless legally prevented, we will always inform you when such requests are made.

Some information and data, such as username, posts, and user-generated content, may be shared publicly by you while using our Services. This includes cases such as, for example: creating a public bug report on our Forge Service with data about your system; publishing a book or biography which includes information about yourself; commenting a history and personal experience on a public forum. It is up to you to not share personally identifiable information on these public channels, we do not take responsibility for personal or confidential information being shared by you accidentally or not on these public Services.

Third Party Services

We rely on some third party services which provides us necessary functionality and infrastructure to run and serve our Services and products. Your data may be processed by such third parties:

Third Party Integrations

Our Services may be able to communicate and integrate with third party services and software at your consent. This means that we can collect information from these third parties, and they can collect information about you from our Services. This includes, for example: logging into our services via an OAuth provider (a.k.a. "Login With" buttons) such as Google, Facebook, SimpleLogin; connecting your Bluesky account to automatically have posts published for you; connecting your Patreon or Ko-Fi account to provide paywalled content to your supporters via our Services. We do not have control over how third parties may process or store information you disclose to them when you enable said third-party integrations, we recommend you read and check their respective privacy policy when enabling such integrations.

Embedded and Referenced Content

Embedded content from other providers may be available in our Service, these providers may track your interaction with their and our content. For example, if you click in an embedded video from YouTube, Google will track your interaction with the video.

Similarly, content and other third party services may be referenced via hyperlinks. Accessing said third party content may end with your data being shared with the respective third party. We do not have control over on how and what data is handled and processed when you access third party services referenced inside our Services. It is recommended that you check what content you are accessing and review their respective Privacy Policies before interacting and accessing them.

Federated Services

Some Capytal Services may be federated, meaning that some information (such as messages, chats, public account data) are shared with any similar services. This includes, but is not exhaustive to: Services that are compatible with the ActivityPub social networking protocol; ForgeFed federation protocol for software forges; and services compatible with the Matrix specification for real-time communication systems.

Your Rights With Respect to Your Information

Whether your area has enacted or not the  European Union's General Data Protection Regulation (GDPR)Brazil's General Personal Data Protection Law (Portuguese: Lei Geral de Proteção de Dados Pessoais) (LGPD)California Consumer Privacy Act (CCPA), or similar law or regulation, you have the following rights if permissible by law:

  • The Right of Access / The Right to Know: You have the right to know what information is collected, used, shared or sold. We outline this information in this privacy policy.

  • The Right to Ratification / The Right to Correction: You have the right to change any personal information about you on our Services that you see as invalid, false or misleading.

  • The Right to Complain: You have the right to make a complaint regarding how we handle and process your personal information with the appropriate supervisory authority.

  • The Right to Restrict Processing: You have the right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we do not sell your personal data, and do not use it for marketing purposes without your explicit consent).

  • The Right to Object: You have the right, in certain situations and if applicable by law, to object to how or why your personal information is processed.

  • The Right to Portability: You have the right to request and receive the information and data we have about you and the right to use and transmit it to another party.

  • The Right to not be subject to Automated Decision-Making: You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. However, this right limited, if the decision is necessary for performance of any contract between you and Capytal, is allowed by applicable law, or is based on your explicit consent.

  • The Right to Non-Discrimination: You have the right to not be charged a different amount to use our Services, offer you different discounts, or give you a lower level of customer service because you exercised your data privacy rights. However, the exercise of specific rights (such as the right "to be forgotten") may, by virtue, prevent you from using our Services.

  • The Right to Erasure / "To be Forgotten": You have the right to request that your personal information be deleted and erased from our servers and our Services. Note that you may need to provide us some personal information that we can go and search for and delete. Fulfillment of this right may prevent you from using our Services, since our applications and software may no longer work with necessary data missing. In such cases, the request may result in your account being closed, and access to our Services features stopped.

Many of these rights can be exercised by logging into and directly updating your account information in our Services. If you have any questions, need assistance, or have requests to exercise these rights, please contact us at privacy@capytal.cc.

Versions of This Policy

We provide translated versions of this policy in different languages, so users of our Services can understand how we collect, process and secure their data regardless of their native language. The Brazilian Portuguese version of this Policy applies specifically to users under the jurisdiction of the Federative Republic of Brazil, otherwise, the English version (the version you are currently accessing) applies to all other users under any other jurisdiction. Versions provided in different languages than the mentioned before, are provided for accessibility purposes and have been provided by our community, these versions are not written for legal purposes and have not been verified to be used in Court.

Copies of this Policy are also available on our Forge, these copies are formatted differently to provide better version management and comparison of the Policy versions.

Changes to This Privacy Policy

We reserve the right to make changes to this privacy policy at any time to comply with relevant regulations and reflect new practices.

In the case of significant changes to this Policy, we will notify you via email and announce it on our company blog and social media accounts. We may notify you in advance if we think the change is important enough and that it changes its values of privacy and practices. It is recommended to check this page often, referring to the date of the last modification listed at the bottom. You can also check for differences between the Policy past versions on our Forge.

If you object any of the changes to the Policy, you must cease using this Website and any of the Services provided by Capytal that this Policy applies on. By accessing this Website or our Services, you agree with the terms described by this Policy.

Unless stated otherwise, the current privacy policy listed in this page (https://capytal.cc/privacy?lang=en-US) applies to all data we collect about you.

For any questions, privacy concerns, or exercising of your rights, contact us via email at privacy@capytal.cc

Reference in New Issue View Git Blame Copy Permalink