Compliance
Dieser Inhalt ist in Ihrer Sprache noch nicht verfügbar.
Capgo is designed with privacy, security, and compliance in mind. This document explains what data is collected, how it’s used, and what measures are in place to protect your users’ privacy and ensure regulatory compliance when using Capgo’s live update service.
Data Collection Overview
Capgo collects minimal data necessary to provide the live update service effectively. The data collection is focused on operational requirements rather than user tracking or analytics.
What Data is Collected
Capgo collects only the data that is necessary to provide the live updates feature. When your app checks for updates or downloads new bundles, the following information is collected:
- App ID: A unique identifier for your app that is used to associate the app with the correct account
- App Version Code: The version code of the app that is used to determine which updates are compatible with the app
- App Version Name: The version name of the app that is used for display purposes
- Platform: The platform (iOS, Android) of the app that is used to determine which updates are compatible with the app
- Device ID: A unique identifier for the device that is used to deliver updates to a specific device and for billing purposes. This identifier is a random string that is created when the app is started for the first time and is reset with every app installation to comply with app store guidelines
- Bundle ID: The unique identifier for the bundle that is currently installed on the device
- Channel Name: The name of the channel that is selected to receive updates
- OS Version: The version of the operating system that is used to determine which updates are compatible with the device
- Plugin Version: The version of the Capacitor Live Update plugin that is used to deliver updates to the device
Additional Technical Data:
- Update check timestamps
- Download success/failure status
- Bundle installation status
- Rollback events and reasons
- IP address (for geolocation and CDN optimization)
What Data is NOT Collected
Capgo explicitly does not collect:
- Personal user information or credentials
- App usage analytics or user behavior data
- Content from your app or user-generated data
- Location data beyond general geographic region
- Persistent device identifiers for tracking
- Biometric or sensitive personal data
Data Usage and Purpose
The data collected by Capgo is used exclusively for:
Service Operation
- Determining which updates are available for specific app versions
- Optimizing content delivery through geographic CDN selection
- Ensuring compatibility between updates and device capabilities
- Managing update rollouts and channel assignments
Service Improvement
- Monitoring update success rates and identifying issues
- Optimizing download performance and reliability
- Improving the overall update delivery system
- Debugging and troubleshooting update failures
Security and Integrity
- Preventing abuse and ensuring service availability
- Validating update authenticity and integrity
- Protecting against malicious or corrupted updates
- Maintaining service security and stability
Data Storage and Retention
Storage Location
- Update bundles and metadata are stored on secure cloud infrastructure
- Data is distributed across multiple geographic regions for performance
- All data transmission is encrypted using industry-standard protocols (HTTPS/TLS)
Data Retention
- Update check logs are retained for operational purposes (typically 30-90 days)
- Bundle files are retained as long as they’re assigned to active channels
- Aggregated, non-personal metrics may be retained longer for service improvement
- Personal data, if any, is deleted according to applicable data protection laws
Data Security
- All data is encrypted in transit and at rest
- Access to data is restricted to authorized personnel only
- Regular security audits and monitoring are performed
- Industry-standard security practices are followed
- SOC 2 Certification: Capgo is currently undergoing SOC 2 Type II audit and will be certified soon, ensuring the highest standards of security, availability, and confidentiality. View our compliance status at trust.capgo.app
- Continuous Code Auditing: Every commit is automatically audited by SonarCloud for the plugin and backend, ensuring code quality, security vulnerabilities detection, and maintainability
- Vulnerability Scanning: Additional security scanning is performed by Snyk to detect and remediate security vulnerabilities in dependencies
- Infrastructure Security: Our hosting infrastructure is continuously monitored and verified through hosting security checks
- AI-Powered Code Review: Every pull request is reviewed by CodeRabbit AI to catch potential issues, security concerns, and maintain code quality standards
Privacy Controls
For App Developers
As a Capgo user, you have control over:
- Channel Management: Control which updates are distributed to which users
- Data Minimization: Configure what device information is shared
- Geographic Controls: Manage where your updates are distributed
- Retention Settings: Control how long update data is retained
For End Users
Your app users benefit from:
- Minimal Data Collection: Only essential data for update delivery is collected
- No Tracking: No cross-app or persistent user tracking
- Transparency: This privacy policy explains exactly what data is collected
- Security: All data transmission is encrypted and secure
Compliance and Legal
Data Protection Regulations
Capgo is designed to comply with major data protection regulations including:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- COPPA (Children’s Online Privacy Protection Act)
- Other applicable regional privacy laws
App Store Compliance
Capgo strictly adheres to app store guidelines and policies:
- Apple App Store: Complies with App Store Review Guidelines section 3.3.2, ensuring that live updates only modify the app’s behavior in ways that are consistent with the submitted app
- Google Play Store: Follows Google Play Developer Policy requirements for dynamic code loading and app updates
- Content Restrictions: Live updates cannot introduce functionality that wasn’t present in the original app submission or violate platform-specific content policies
- Security Requirements: All updates maintain the same security posture and permissions as the original app
Your Responsibilities
As an app developer using Capgo, you should:
- Include appropriate privacy disclosures in your app’s privacy policy
- Inform users about the use of live update services
- Ensure compliance with applicable laws in your jurisdiction
- Implement appropriate consent mechanisms if required
Privacy by Design
Capgo follows privacy-by-design principles:
Data Minimization
- Only collect data that is absolutely necessary for service operation
- Avoid collecting personal or sensitive information
- Use aggregated and anonymized data where possible
Purpose Limitation
- Use collected data only for the stated purposes
- Do not repurpose data for unrelated activities
- Maintain clear boundaries on data usage
Transparency
- Provide clear information about data collection and usage
- Make privacy practices easily accessible and understandable
- Regularly update privacy documentation
Contact and Questions
If you have questions about Capgo’s privacy practices or need to report a privacy concern:
- Review our full Privacy Policy at capgo.app/privacy
- View our security and compliance status at capgo.app/trust
- Contact our privacy team through the support channels
- Report any privacy-related issues through our security contact
Best Practices for Privacy
When implementing Capgo in your app:
- Be Transparent: Inform users about the live update functionality
- Minimize Data: Only enable data collection features you actually need
- Secure Implementation: Follow security best practices in your integration
- Regular Reviews: Periodically review your privacy practices and update policies
- User Control: Consider providing users with options to control update behavior
By following these practices and understanding Capgo’s privacy approach, you can provide your users with a secure, privacy-respecting live update experience.