Privacy Policy

Learn how CapKit protects your video content and personal information with industry-standard security, transparent data practices, and complete privacy controls. Your data belongs to you.

Effective Date: 1st November 2025

Last Updated: 7th November 2025

At CapKit, your privacy is our top priority. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our AI-powered video caption generation service.

1. Information We Collect

1.1 Account Information

  • Personal Information: Name, email address
  • Authentication Data: Account credentials (password or OAuth tokens), two-factor authentication settings
  • Profile Information: User preferences, account settings, avatar URL (if using OAuth)

1.2 Video Content

  • Video Files: Original videos you upload for caption generation
  • Processed Videos: Videos with captions applied (with or without watermark depending on your plan)
  • Transcriptions: AI-generated text transcriptions of your video audio
  • Translations: Translated transcriptions (if translation feature is used)
  • Video Metadata: File names, sizes, durations, upload timestamps, processing status
  • Caption Templates: Custom caption styles and configurations you create

1.3 Usage and Activity Data

  • Service Usage: Login times, video processing requests, and account activity
  • Technical Data: IP addresses, device information, browser type, and operating system
  • Processing Metrics: Video processing times, transcription accuracy data, export counts
  • Communication Records: Support requests, feedback, and correspondence with us

1.4 Subscription and Payment Data

  • Billing Information: Processed through our payment provider Paddle (we do not store credit card details)
  • Subscription Status: Current plan, trial status, billing period, usage limits
  • Usage Tracking: Number of videos processed per month, remaining quota
  • Transaction Records: Payment history, subscription changes, refund requests

2. How We Use Your Information

2.1 Service Provision

  • Account Management: Creating and maintaining your account
  • Video Processing: Transcribing audio, generating captions, applying styles, and rendering output videos
  • Content Storage: Storing your original and processed videos securely in cloud storage
  • Template Management: Saving and applying your custom caption templates
  • Usage Tracking: Monitoring video quotas and enforcing plan limits

2.2 Communication

  • Service Notifications: Account alerts, processing completion notifications, and system updates
  • Usage Alerts: Notifications when approaching or exceeding video quotas
  • Support Services: Responding to your questions and providing assistance
  • Marketing Communications: Product updates and feature announcements (you can opt out)

2.3 Security and Fraud Prevention

  • Account Security: Detecting and preventing unauthorized access
  • Service Integrity: Monitoring for abuse, fraud, and policy violations
  • System Security: Maintaining and improving our security measures

2.4 Service Improvement

  • Analytics: Understanding how users interact with our service (aggregated and anonymized)
  • Performance Monitoring: Identifying and fixing processing issues
  • Transcription Quality: Improving AI transcription accuracy
  • Feature Development: Developing new features based on user needs

3. Data Security and Protection

3.1 Security Measures

  • Encryption in Transit: TLS 1.3 for all data transmission between your device and our servers
  • Encryption at Rest: Video files and transcriptions stored with industry-standard encryption
  • Access Controls: Role-based access controls and authentication requirements
  • Rate Limiting: Request rate limiting and abuse prevention

3.2 Video Content Access

  • Processing Requirements: We access video content to perform transcription and caption generation
  • Temporary Processing: Videos are processed in secure, isolated environments
  • Storage Security: Videos stored in Cloudflare R2 with restricted access controls
  • Pre-signed URLs: Time-limited, secure URLs for video uploads and downloads (1-hour expiry)

3.3 Third-Party Services

  • AI Transcription Providers: We use third-party AI services (including Groq and OpenAI) for audio transcription. Audio extracted from your videos is sent to these services for processing.
  • Cloud Storage: Video files are stored using cloud storage providers (including Cloudflare) with industry-standard security.
  • Payment Processing: Payment processing handled by Paddle. Review Paddle’s privacy policy at https://www.paddle.com/legal/privacy

3.4 Infrastructure Security

  • Secure Infrastructure: Servers with security controls and monitoring
  • Regular Updates: Security patches and system updates
  • Backup Systems: Regular backups for data recovery and service continuity

4. Information Sharing and Disclosure

4.1 General Policy

  • No Sale of Data: We never sell, rent, or trade your personal information or video content
  • Limited Sharing: We share information only as described in this policy
  • User Control: You control your video content and can delete it at any time

4.2 Service Providers

  • AI Transcription: Audio extracted from your videos is sent to AI service providers for transcription
  • Cloud Storage: Video files are stored with cloud storage providers
  • Payment Processing: Billing information processed through Paddle
  • Data Processing Agreements: All providers operate under strict data processing agreements
  • Limited Access: Providers receive only the minimum data necessary for their services
  • Legal Compliance: We may disclose information when required by law
  • Court Orders: We comply with valid court orders and legal processes
  • Emergency Situations: We may disclose information to prevent imminent harm or illegal activity

5. Data Retention and Deletion

5.1 Video Content

  • Active Videos: Videos are retained while your account is active and within storage limits
  • Processed Videos: Available for download until you delete them or your account is closed
  • Automatic Deletion: Videos may be automatically deleted based on plan limits and retention policies
  • User Deletion: You can delete individual videos at any time through your dashboard

5.2 Account Data

  • Active Accounts: Account data retained while your account is active
  • Trial Expiration: After trial expiration without subscription, data retained for 30 days
  • Subscription Cancellation: After cancellation, data accessible for 30 days before deletion
  • Account Deletion: All data permanently deleted within 60 days of account closure

5.3 Transcriptions and Templates

  • Transcriptions: Stored alongside videos; deleted when video is deleted
  • Caption Templates: Retained until you delete them or close your account
  • Backups: Backups retained for 60 days for recovery purposes
  • Legal Holds: We may retain data longer when required by law
  • Dispute Resolution: Data may be retained during active legal proceedings
  • Transaction Records: Payment and subscription records retained for tax and accounting purposes

6. Your Rights and Choices

6.1 Access and Control

  • Account Access: You can access and modify your account information at any time
  • Video Management: You can view, download, and delete your videos
  • Template Management: You can create, edit, and delete caption templates

6.2 Data Rights

  • Data Export: You can download your videos and transcriptions at any time
  • Correction Rights: You can correct inaccurate personal information
  • Deletion Rights: You can delete individual videos or close your account entirely
  • Access Requests: You can request a copy of all personal data we hold about you

6.3 Communication Preferences

  • Email Notifications: You can manage email notification preferences in your account settings
  • Processing Notifications: Receive alerts when video processing is complete
  • Marketing Communications: You can opt out of non-essential communications
  • Usage Alerts: Configure notifications for quota usage

7. International Data Transfers

7.1 Data Processing

  • Storage Locations: Video files stored in cloud infrastructure (globally distributed)
  • Processing Locations: Video processing and transcription may occur in various regions
  • Cross-Border Transfers: Data may be transferred internationally for processing
  • Adequacy Decisions: We ensure adequate protection for international transfers

7.2 Safeguards

  • Encryption: All data is encrypted during transfer and storage
  • Access Controls: Strict access controls limit data exposure
  • Compliance: We comply with applicable data transfer regulations

8. Children’s Privacy

8.1 Age Restrictions

  • Minimum Age: Our service is not intended for users under 18
  • Age Verification: We may verify age during account registration
  • Parental Consent: We do not knowingly collect data from minors without consent

8.2 Discovery of Minor Data

  • Immediate Action: We delete accounts of users under 18 when discovered
  • Parental Contact: We may contact parents/guardians when appropriate
  • Data Deletion: All associated data is permanently deleted

9. Security Measures

9.1 Technical Safeguards

  • Encryption: Industry-standard encryption for all sensitive data
  • Access Controls: Role-based access controls and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and secure networks

9.2 Organizational Safeguards

  • Employee Training: Regular security training for all staff
  • Background Checks: Security clearance for employees with data access
  • Incident Response: Comprehensive incident response and breach notification procedures

9.3 Infrastructure Security

  • Cloud Infrastructure: Secure cloud infrastructure with monitoring and logging
  • Access Restrictions: Limited access to production systems and data
  • Security Audits: Regular security reviews and vulnerability assessments

10. Cookies and Tracking

  • Essential Cookies: Required for authentication and basic service functionality
  • Preference Cookies: Store your settings and preferences
  • Analytics Cookies: Help us understand service usage (anonymized)
  • Browser Controls: You can control cookies through browser settings
  • Opt-Out Options: You can opt out of non-essential cookies
  • Third-Party Cookies: We minimize third-party cookie usage

11. Third-Party Services and Integrations

11.1 AI Transcription Services

  • Service Providers: We use AI transcription services including Groq and OpenAI
  • Data Shared: Audio extracted from your videos
  • Purpose: Converting speech to text for caption generation
  • Data Retention: Subject to third-party provider data retention policies
  • Privacy Policies:

11.2 OAuth Authentication

  • Service Providers: Optional third-party authentication (Google, etc.)
  • Data Received: Name, email address, profile picture
  • Purpose: Simplified account creation and login
  • Your Control: You can disconnect OAuth authentication and use email/password instead

11.3 Payment Processing (Paddle)

  • Service Provider: Paddle.com Market Limited
  • Data Shared: Billing information, subscription details
  • Purpose: Processing payments and managing subscriptions
  • Data Retention: Subject to Paddle’s policies and tax requirements
  • Privacy Policy: https://www.paddle.com/legal/privacy

11.4 Cloud Storage

  • Service Providers: We use secure cloud storage providers including Cloudflare
  • Data Stored: Your video files (original and processed)
  • Purpose: Secure, scalable video storage and delivery

12. Data Breach Notification

12.1 Incident Response

  • Immediate Action: We investigate and contain breaches immediately
  • Risk Assessment: We assess the impact and risk to user data
  • Notification Timeline: We notify affected users within 72 hours when required

12.2 Breach Communication

  • User Notification: Direct notification to affected users
  • Regulatory Reporting: Compliance with breach notification laws
  • Remediation Steps: Clear guidance on protective actions users can take

13. Changes to This Policy

13.1 Policy Updates

  • Regular Review: We review and update this policy regularly
  • Material Changes: Significant changes are communicated clearly
  • Effective Date: Updates take effect on the specified date

13.2 User Notification

  • Email Notification: We email users about policy changes
  • In-App Notifications: Important changes are highlighted in the app
  • Website Updates: The current policy is always available on our website

14. Contact Information

For questions about this Privacy Policy or your data, please contact us:

15. Regulatory Compliance

15.1 GDPR Compliance (EU Users)

  • Legal Basis: We process data based on contract performance, legitimate interests, and consent
  • Data Controller: Akash Rajpurohit
  • Your Rights: Access, rectification, erasure, data portability, and objection to processing
  • Complaints: You may lodge complaints with your local data protection authority

15.2 CCPA Compliance (California Users)

  • Data Collection Notice: See Section 1 for categories of data collected
  • No Sale of Data: We do not sell your personal information
  • Your Rights: Right to know, delete, and opt-out of data sales (though we don’t sell data)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

15.3 Content Responsibility

  • Your Content: You are responsible for ensuring you have rights to all video content you upload
  • Copyright Compliance: Do not upload copyrighted material without authorization
  • Content Moderation: We may review content to ensure compliance with our policies

By using CapKit, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy.