Data Processing Agreement

Last updated: September 20, 2023

Definitions

Privacy and security of your visitor data

We take many measures to protect and secure your data through backups, redundancies, and encryption. When you use our service to measure your website stats, Capgo will collect information about your visitors.

You entrust us with your site data and we take that trust to heart. You agree that Capgo may process your data as described in our data policy and for no other purpose. We do our best to deserve that trust by being open about who we are, how we work, and keeping an open door to your feedback.

You own all right, title, and interest to your website data. We obtain no rights from you to your website data. We do not collect and analyze personal information from web users and use these behavioral insights to sell advertisements. When using Capgo, you 100% own and control all of your website data. We don't sell or share your site data to any third-parties, and we don't abuse your visitor's privacy.

The purpose of Capgo is updates the Capacitor, this can still be done without tracking, collecting or storing any personal data or personally identifiable information (PII), without using cookies and while respecting the privacy of your website visitors.

By using Capgo, all the site measurement is carried out absolutely anonymously. We minimize data collection in general. We measure only the most essential data points and nothing else. All the metrics we do collect fit on one single page.

We do not attempt to generate a device-persistent identifier because they are considered personal data under GDPR. We do not use cookies, browser cache nor the local storage. We do not store, retrieve nor extract anything from visitor's devices. The data we process cannot be used to identify any single individual.

The group of data subjects affected by the processing of their data under this agreement includes end-users of the controller's websites which make use of the service provided by the processor.

You can find more information about our processing of your visitor data and what types/categories of data we collect on your behalf in our publicly available data policy. Data Policy.

Organizational and technical security measures

For encryption, we use https in transit and the hashing process at rest. Our hashing process is much stronger than encryption. Encryption implies that there's a key that can decrypt and reveal the raw data. In our database the raw IP address and User Agent are rendered completely inaccessible to anyone, including ourselves. In addition to this, we use strict firewall rules and private encrypted networking. We keep offsite backups with replication including strong bcrypt passwords.

Capgo is fully open source software which means that our source code is available and accessible on GitHub so anyone can check it out and audit it. You can read it, inspect it and review it to understand how it works and to ensure it keeps the data private and secure. This gives you and everyone else full transparency on how we handle the website traffic data.

With more than 500+ GitHub stars, there are a lot of eyes on our code and it is this transparency and openness that means that open source products can be more trustworthy than proprietary and closed source products. Our software is updated several times per week and on our GitHub page we also have a way for people to report any security vulnerabilities.

Processor's obligations with respect to the controller

Customer undertakings and Capgo assistance

Liability and Indemnity

Are customers required to sign the Capgo DPA?

In order to use our products and services, you need to accept our DPA. By using our product you are agreeing to our terms of service, and you are automatically accepting our DPA and do not need to sign a separate document. We provide the same privacy rights and protection to all customers.

Can a customer share the Capgo DPA with its customers?

Yes. The DPA is a publicly available document and customers who wish to share it with their customers to confirm our security measures and other terms may feel free to do so.

Do customers need to notify anyone upon accepting our DPA?

No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: