Privacy Policy

Last updated: February 16, 2026

CAPT ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how the CAPT Chrome Extension collects, uses, and safeguards your information.

1. Information We Collect

1.1 Data Stored Locally

The CAPT extension stores the following data locally in your browser using Chrome's storage API:

  • Email contacts: Email addresses you choose to save, along with optional metadata (source URL, page title, notes, tags)
  • Auto-tag rules: Custom tag configurations you create
  • Extension settings: Your preferences and configuration options
  • URL queue: URLs you add for bulk processing

This data is stored entirely on your device and is not transmitted to our servers unless you explicitly use premium features requiring server communication.

1.2 Data Collected by Premium Features

If you upgrade to a premium plan, we collect:

  • Email address: Required for authentication via magic link
  • Subscription and billing status: Managed by Stripe. We do not receive or store card details
  • Usage limits/quotas: Aggregated counters such as total contacts saved or queue items processed. We do not collect browsing history or the list of pages you visit

1.3 Data We Do Not Collect

We do not collect:

  • Your browsing history
  • Personal identification beyond your email address
  • Location data

We do not collect the content of the web pages you visit. Emails and metadata are stored locally only when you choose to save a contact.

CAPT processes page content locally to detect email patterns. It does not transmit page data to our servers unless you explicitly use premium account features.

2. How We Use Your Information

2.1 Local Data

Data stored locally is used exclusively to:

  • Provide the core functionality of the extension (detecting, storing, and exporting contacts)
  • Apply your custom auto-tag rules
  • Process your URL queue
  • Remember your preferences

2.2 Account Data (Premium Users)

For premium users, we use your email address to:

  • Authenticate your account via secure magic links
  • Send transactional emails (login links, subscription confirmations)
  • Provide customer support

We do not send marketing emails without your explicit consent.

3. Data Storage and Security

3.1 Local Storage

Your contact database and settings are stored using Chrome's chrome.storage.local API. This data:

  • Remains on your device
  • Is not accessible to other extensions or websites
  • Is cleared if you uninstall the extension or clear browser data

3.2 Server Storage (Premium Users)

Account data for premium users is stored on secure servers with:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Regular security audits and updates
  • Access controls limiting who can view data

3.3 Authentication Flow

After clicking a magic link, a CAPT web page may send a one-time authentication message to the extension to complete sign-in. This communication is used solely for authentication and does not transmit any browsing or personal data.

4. Third-Party Services

We use the following third-party services:

4.1 Stripe (Payment Processing)

For premium subscriptions, we use Stripe to process payments. Stripe handles all payment card information. We never see or store your full card details. See Stripe's Privacy Policy.

4.2 No Analytics or Tracking

We do not use any analytics, tracking, or advertising services within the extension. Your browsing activity is not monitored or reported.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties.

We may share information only in the following circumstances:

  • With your consent: When you explicitly authorize us to share data
  • For payment processing: Necessary information shared with Stripe to process transactions
  • Legal requirements: If required by law or to respond to valid legal process

6. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of data we hold about you
  • Rectification: Correct any inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Object: Object to certain processing of your data
  • Withdraw consent: Withdraw previously given consent at any time

For local data, you can exercise these rights directly by:

  • Using the export feature to download your contacts
  • Clearing data within the extension settings
  • Uninstalling the extension to remove all local data

For account data, contact us at the email below.

7. Data Retention

7.1 Local Data

Local data is retained until you delete it or uninstall the extension.

7.2 Account Data

We retain account data for active subscriptions. After subscription cancellation:

  • Your account data is retained for 30 days (grace period for reactivation)
  • After 30 days, data is anonymized or deleted
  • Payment records are retained as required by law (typically 7 years for tax purposes)

8. Children's Privacy

CAPT is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

If you are located outside France, please note that your account data may be transferred to and processed in France, where our servers are located. By using premium features, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting a notice in the extension
  • Updating the "Last updated" date at the top of this page

Continued use of the extension after changes constitutes acceptance of the updated policy.

11. Chrome Web Store Compliance

This extension complies with the Chrome Web Store Developer Program Policies, including:

  • Single purpose: Contact extraction and management
  • Permissions are requested only to provide the features described (page scanning, queue processing, local storage, exports)
  • Transparent data usage: All data collection is disclosed in this policy
  • User control: Users can view, export, and delete their data at any time

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

We aim to respond to all requests within 30 days.