Compliance

Capgo is designed with privacy, security, and compliance in mind. This document explains what data is collected, how it’s used, and what measures are in place to protect your users’ privacy and ensure regulatory compliance when using Capgo’s live update service.

Data Collection Overview

Capgo collects minimal data necessary to provide the live update service effectively. The data collection is focused on operational requirements rather than user tracking or analytics.

What Data is Collected

Capgo collects only the data that is necessary to provide the live updates feature. When your app checks for updates or downloads new bundles, the following information is collected:

• App ID: A unique identifier for your app that is used to associate the app with the correct account
• App Version Code: The version code of the app that is used to determine which updates are compatible with the app
• App Version Name: The version name of the app that is used for display purposes
• Platform: The platform (iOS, Android) of the app that is used to determine which updates are compatible with the app
• Device ID: A unique identifier for the device that is used to deliver updates to a specific device and for billing purposes. This identifier is a random string that is created when the app is started for the first time and is reset with every app installation to comply with app store guidelines
• Bundle ID: The unique identifier for the bundle that is currently installed on the device
• Channel Name: The name of the channel that is selected to receive updates
• OS Version: The version of the operating system that is used to determine which updates are compatible with the device
• Plugin Version: The version of the Capacitor Live Update plugin that is used to deliver updates to the device

Additional Technical Data:

• Update check timestamps
• Download success/failure status
• Bundle installation status
• Rollback events and reasons
• IP address (for geolocation and CDN optimization)

Hinweis

You can verify the data that is collected by inspecting the source code of the Capacitor Live Update plugin, which is open-source and available on GitHub. Capgo does not collect personally identifiable information (PII) such as names, email addresses, phone numbers, or persistent device identifiers that can be used to track individual users across apps.

What Data is NOT Collected

Capgo explicitly does not collect:

• Personal user information or credentials
• App usage analytics or user behavior data
• Content from your app or user-generated data
• Location data beyond general geographic region
• Persistent device identifiers for tracking
• Biometric or sensitive personal data

Data Usage and Purpose

The data collected by Capgo is used exclusively for:

Service Operation

• Determining which updates are available for specific app versions
• Optimizing content delivery through geographic CDN selection
• Ensuring compatibility between updates and device capabilities
• Managing update rollouts and channel assignments

Service Improvement

• Monitoring update success rates and identifying issues
• Optimizing download performance and reliability
• Improving the overall update delivery system
• Debugging and troubleshooting update failures

Security and Integrity

• Preventing abuse and ensuring service availability
• Validating update authenticity and integrity
• Protecting against malicious or corrupted updates
• Maintaining service security and stability

Data Storage and Retention

Storage Location

• Update bundles and metadata are stored on secure cloud infrastructure
• Data is distributed across multiple geographic regions for performance
• All data transmission is encrypted using industry-standard protocols (HTTPS/TLS)

Data Retention

• Update check logs are retained for operational purposes (typically 30-90 days)
• Bundle files are retained as long as they’re assigned to active channels
• Aggregated, non-personal metrics may be retained longer for service improvement
• Personal data, if any, is deleted according to applicable data protection laws

Data Security

• All data is encrypted in transit and at rest
• Access to data is restricted to authorized personnel only
• Regular security audits and monitoring are performed
• Industry-standard security practices are followed
• SOC 2 Certification: Capgo is currently undergoing SOC 2 Type II audit and will be certified soon, ensuring the highest standards of security, availability, and confidentiality. View our compliance status at trust.capgo.app
• Continuous Code Auditing: Every commit is automatically audited by SonarCloud for the plugin and backend, ensuring code quality, security vulnerabilities detection, and maintainability
• Vulnerability Scanning: Additional security scanning is performed by Snyk to detect and remediate security vulnerabilities in dependencies
• Infrastructure Security: Our hosting infrastructure is continuously monitored and verified through hosting security checks
• AI-Powered Code Review: Every pull request is reviewed by CodeRabbit AI to catch potential issues, security concerns, and maintain code quality standards

Privacy Controls

For App Developers

As a Capgo user, you have control over:

• Channel Management: Control which updates are distributed to which users
• Data Minimization: Configure what device information is shared
• Geographic Controls: Manage where your updates are distributed
• Retention Settings: Control how long update data is retained

For End Users

Your app users benefit from:

• Minimal Data Collection: Only essential data for update delivery is collected
• No Tracking: No cross-app or persistent user tracking
• Transparency: This privacy policy explains exactly what data is collected
• Security: All data transmission is encrypted and secure

Compliance and Legal

Data Protection Regulations

Capgo is designed to comply with major data protection regulations including:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• COPPA (Children’s Online Privacy Protection Act)
• Other applicable regional privacy laws

App Store Compliance

Capgo strictly adheres to app store guidelines and policies:

• Apple App Store: Complies with App Store Review Guidelines section 3.3.2, ensuring that live updates only modify the app’s behavior in ways that are consistent with the submitted app
• Google Play Store: Follows Google Play Developer Policy requirements for dynamic code loading and app updates
• Content Restrictions: Live updates cannot introduce functionality that wasn’t present in the original app submission or violate platform-specific content policies
• Security Requirements: All updates maintain the same security posture and permissions as the original app

Your Responsibilities

As an app developer using Capgo, you should:

• Include appropriate privacy disclosures in your app’s privacy policy
• Inform users about the use of live update services
• Ensure compliance with applicable laws in your jurisdiction
• Implement appropriate consent mechanisms if required

Tipp

No Additional Privacy Implementation Required: Capgo is designed to be privacy-compliant by default. You don’t need to implement any additional privacy controls or data handling mechanisms in your app code. The minimal data collection and privacy-by-design approach means that integrating Capgo typically doesn’t require changes to your existing privacy declarations or policies.

Privacy by Design

Capgo follows privacy-by-design principles:

Data Minimization

• Only collect data that is absolutely necessary for service operation
• Avoid collecting personal or sensitive information
• Use aggregated and anonymized data where possible

Purpose Limitation

• Use collected data only for the stated purposes
• Do not repurpose data for unrelated activities
• Maintain clear boundaries on data usage

Transparency

• Provide clear information about data collection and usage
• Make privacy practices easily accessible and understandable
• Regularly update privacy documentation

Contact and Questions

If you have questions about Capgo’s privacy practices or need to report a privacy concern:

• Review our full Privacy Policy at capgo.app/privacy
• View our security and compliance status at capgo.app/trust
• Contact our privacy team through the support channels
• Report any privacy-related issues through our security contact

Tipp

Remember to update your own app’s privacy policy to reflect the use of Capgo’s live update service and any data collection that may occur as part of the update process.

Best Practices for Privacy

When implementing Capgo in your app:

1. Be Transparent: Inform users about the live update functionality
2. Minimize Data: Only enable data collection features you actually need
3. Secure Implementation: Follow security best practices in your integration
4. Regular Reviews: Periodically review your privacy practices and update policies
5. User Control: Consider providing users with options to control update behavior

By following these practices and understanding Capgo’s privacy approach, you can provide your users with a secure, privacy-respecting live update experience.