Privacy Policy

Effective date: May 15, 2026 · Controller (operator services): Service Automations LLC, d/b/a CapchaCloud (“we,” “us”) · Texas, USA

1. Who we are

CapchaCloud provides identity, consent capture, and related evidence services operated by Service Automations LLC. The CapchaCloud brand is part of the ServiceAutomations.ai family.

2. Information we collect

• Account data: identifiers and profile details from OAuth / passwordless sign-in (for example email, name, subject identifiers from your IdP).
• Technical data: IP-derived signals, timestamps, device/browser metadata, Cloudflare edge telemetry where available, and security logs needed to operate and protect the service.
• Consent & capture payloads: data your integration submits for hashing and storage (for example consent context, optional transcripts, webhook routing metadata).
• Billing data: processed by Stripe when you subscribe; we receive subscription status mirrored to your tenant record. We do not store full card numbers.

3. How we use information

To provide, secure, and improve the service; authenticate users; detect abuse; maintain audit trails for operations; comply with lawful requests where required; and communicate service-related notices.

4. Legal bases (summary)

Where EU/UK frameworks apply to operator data (your account with us), we rely on performance of contract, legitimate interests in securing the platform (balanced against your rights), and consent where we expressly ask for it. This summary is informational—not a legal determination for your organization. For End User data you route through integrations, see the DPA (we act as Processor on your instructions).

5. Sharing & subprocessors

We use infrastructure and service providers—for example Cloudflare (compute, storage, database, queues, Turnstile, hosted AI inference for the in-dashboard assistant and the public support chat), Stripe (payments), and OAuth providers you enable. The authoritative list is the Subprocessors Policy. We do not sell personal information.

6. Retention

Retention objectives and DSAR procedures are described in the Data retention & deletion policy. Retention may be shortened by deletion workflows subject to legal holds and backup latency. Retention objectives are not a guarantee against compelled production or operational incident.

7. Security

We implement technical and organizational measures we believe are appropriate for the risk. See the Trust Center and DPA Annex 2. No method of transmission or storage is 100% secure. We do not warrant uninterrupted or error-free operation.

8. International transfers

Data may be processed on Cloudflare’s global network. Mechanisms for cross-border transfers are described in DPA §11 and Data residency.

9. Your choices

Depending on region, you may have rights to access, correct, delete, or object to certain processing of operator data. Many controls are available through the dashboard (including account deletion where offered). Submit privacy and DSAR requests to support@serviceautomations.ai with a clear subject line (see Data retention & deletion policy). We may need to verify requests.

10. Children

The service is not directed to children under the age where parental consent is required in your jurisdiction.

11. Changes

We may update this policy; material changes will be signaled through reasonable means (for example posting an updated effective date).

12. Contact

All privacy, security, billing, legal, and DSAR inquiries (single inbox): support@serviceautomations.ai — please use a clear subject line (e.g. “Privacy”, “DSAR”, “Security”). For product help you may also use the live support assistant (hosted inference; not legal advice).

Legal notices and privacy/security requests: support@serviceautomations.ai — Attention: Service Automations LLC, Legal Department, Texas, USA. A physical notice address may be provided to contracting customers where required.