← Dashboard · Trust Center · Compliance · Pricing · Terms of Service

Privacy Policy

Effective date: May 1, 2026 · CapchaCloud (operated in connection with ServiceAutomations.ai)

No compliance guarantee. We describe our practices and security-oriented controls in good faith. We do not warrant or guarantee that our processing satisfies GDPR, HIPAA, PCI-DSS, SOC 2, or any other law or framework. You remain responsible for how you use the service and for meeting your own legal obligations.

1. Who we are

CapchaCloud provides identity, consent capture, and related evidence services. The offering may be branded or administered alongside ServiceAutomations.ai. Contact paths published on serviceautomations.ai govern operational inquiries.

2. Information we collect

Account data: identifiers and profile details from passwordless / OAuth sign-in (for example email, name, subject identifiers from your IdP).
Technical data: IP-derived signals, timestamps, device/browser metadata, Cloudflare edge telemetry where available, and security logs needed to operate and protect the service.
Consent & capture payloads: data your integration submits for hashing and storage (for example consent context, optional transcripts, webhook routing metadata).
Billing data: processed by Stripe when you subscribe; we receive subscription status mirrored to your tenant record.

3. How we use information

To provide, secure, and improve the service; authenticate users; detect abuse; maintain audit trails for operations; comply with lawful requests where required; and communicate service-related notices.

4. Legal bases (summary)

Where EU/UK frameworks apply, we rely on performance of contract, legitimate interests in securing the platform (balanced against your rights), and consent where we expressly ask for it. This summary is informational—not a legal determination for your organization.

5. Sharing & subprocessors

We use infrastructure and service providers—for example Cloudflare (compute, storage, database, queues, Turnstile, optional AI inference), Stripe (payments), and OAuth providers you enable (e.g. Google, Apple). A high-level list appears in our Trust Center; details and change notices are in our Subprocessors policy. We do not sell personal information.

6. Retention

We retain information as needed to operate the service and meet security objectives described on our site (including long-retention objectives for certain consent artifacts where configured). Retention may be shortened by deletion workflows (such as account deletion) subject to legal holds and backup latency. Retention objectives are not a guarantee against compelled production or operational incident.

7. Security

We implement technical and organizational measures we believe are appropriate for the risk (including transport security, access controls, hashing/separation where described in product docs). No method of transmission or storage is 100% secure. We do not warrant uninterrupted or error-free operation.

8. International transfers

Data may be processed on Cloudflare’s global network. Mechanisms for cross-border transfers depend on your jurisdiction and contractual terms.

9. Your choices

Depending on region, you may have rights to access, correct, delete, or object to certain processing. Many controls are available through the dashboard (including account deletion where offered). We may need to verify requests.

10. Children

The service is not directed to children under the age where parental consent is required in your jurisdiction.

11. Changes

We may update this policy; material changes will be signaled through reasonable means (for example posting an updated effective date).

12. Contact

Use the contact method published on serviceautomations.ai for privacy inquiries.