HIPAA Compliance
Copy a setup prompt with the install steps and the full markdown guide for this plugin.
This page explains the technical options teams use when a HIPAA review does not allow live update statistics to be sent to Capgo Cloud.
Capgo Cloud is not currently presented as a HIPAA-compliant hosted statistics processor. Many HIPAA-sensitive apps still use Capgo because the updater data is minimal, device-scoped, and not tied to a known app user by default. If your company policy, reviewer, or customer contract requires stricter control, you can geo-localize the plugin traffic, disable the statistics endpoint, self-host only the statistics endpoint, or move to a licensed self-hosted setup.
What Capgo receives by default
Section titled “What Capgo receives by default”The updater plugin sends operational data needed to deliver and observe live updates. The statistics payload can include these fields:
app_id- your Capacitor app identifierdevice_id- a random, app-scoped device identifier generated by the updater pluginplatform-ios,android, orelectronversion_name- the installed web bundle versionversion_build- the native app version nameversion_code- the native build numberversion_os- the operating system versionplugin_version- the installed@capgo/capacitor-updaterversionaction- the update lifecycle event, such as install, download, failure, rollback, or app-ready eventsis_emulatorandis_prod- environment flags when availablecustom_id- only if your app explicitly sets it withCapacitorUpdater.setCustomId(...)- IP address - used at transport level for regional routing, abuse prevention, and CDN optimization
By default, this data is anonymous to the app user. Capgo does not receive names, emails, account IDs, medical record numbers, credentials, user content, app analytics events, or behavioral analytics from the updater. The only stable identifier is the random, app-scoped device_id, which is not an advertising ID and is not tied to a known user unless you set custom_id yourself.
If your HIPAA review requires no hosted update statistics at all, set statsUrl to an empty string. That fully disables updater statistics reporting to Capgo Cloud while update checks can still use updateUrl and channelUrl if you leave them enabled.
Do not set a custom ID
Section titled “Do not set a custom ID”For HIPAA-sensitive deployments, do not call CapacitorUpdater.setCustomId(...).
The custom ID is included in updater statistics when it is configured. If you set it to an email address, user ID, patient ID, employee ID, account ID, or any other value that maps back to a person, you have tied the updater telemetry to personal data in your own app context.
If your review requires hosted Capgo telemetry to stay device-scoped, leave custom_id unset.
Option 1: Geo-localize Capgo Cloud plugin traffic
Section titled “Option 1: Geo-localize Capgo Cloud plugin traffic”If your review allows Capgo Cloud but requires EU data residency for plugin data, configure all three updater endpoints to the EU host:
import type { CapacitorConfig } from '@capacitor/cli';
const config: CapacitorConfig = { appId: 'com.example.app', appName: 'My App', webDir: 'dist', plugins: { CapacitorUpdater: { autoUpdate: 'atBackground', updateUrl: 'https://plugin.eu.capgo.app/updates', statsUrl: 'https://plugin.eu.capgo.app/stats', channelUrl: 'https://plugin.eu.capgo.app/channel_self', }, },};
export default config;Use the EU URLs together. Mixing plugin.capgo.app and plugin.eu.capgo.app can route part of the plugin data path outside the EU host.
This keeps Capgo’s hosted update monitoring, statistics, alerts, and troubleshooting data available while placing the plugin data path in Europe.
Option 2: Disable the statistics endpoint
Section titled “Option 2: Disable the statistics endpoint”If your review does not allow statistics to be sent to Capgo Cloud, set statsUrl to an empty string:
import type { CapacitorConfig } from '@capacitor/cli';
const config: CapacitorConfig = { appId: 'com.example.app', appName: 'My App', webDir: 'dist', plugins: { CapacitorUpdater: { autoUpdate: 'atBackground', statsUrl: '', }, },};
export default config;This disables statistics reporting from the updater plugin. Update checks and downloads can still use Capgo Cloud if you keep the default updateUrl and channelUrl.
After changing capacitor.config.ts, sync the native projects and ship a new store build. Existing installs will keep using their previous native config until they receive that new binary.
What you lose when statistics are disabled
Section titled “What you lose when statistics are disabled”Disabling statsUrl removes the hosted signal Capgo uses to explain what happened inside your app after an update was offered or downloaded.
You lose:
- Dashboard visibility into successful installs, failed installs, download failures, rollbacks, and app-ready events
- Failure alerts that depend on hosted statistics
- The ability to quickly tell which app versions, OS versions, platforms, or plugin versions are affected by an update issue
- Device-level troubleshooting trails in Capgo Cloud
- Aggregate update adoption and app usage statistics in the Capgo dashboard
- Better support context from the Capgo team, because the hosted service no longer receives the events that explain the device-side update path
Automatic update delivery can still work, but you are operating with reduced observability. Plan your own monitoring before disabling statistics in production.
Option 3: Self-host the statistics endpoint
Section titled “Option 3: Self-host the statistics endpoint”If your review allows update checks through Capgo Cloud but requires statistics to remain inside your infrastructure, point statsUrl to your own endpoint:
import type { CapacitorConfig } from '@capacitor/cli';
const config: CapacitorConfig = { appId: 'com.example.app', appName: 'My App', webDir: 'dist', plugins: { CapacitorUpdater: { autoUpdate: 'atBackground', statsUrl: 'https://updates.example.com/capgo/stats', }, },};
export default config;Your endpoint should accept the updater statistics payload and return:
{ "status": "ok" }Use this path when you want to keep internal alerting, audit logs, and incident analysis without sending device update statistics to Capgo Cloud.
Option 4: Licensed self-hosting
Section titled “Option 4: Licensed self-hosting”If Capgo Cloud, EU data residency, disabled statistics, or a self-hosted statistics endpoint still does not satisfy your HIPAA review, Capgo can help you move to a licensed self-hosted deployment.
This is the strictest option because your organization controls the updater backend, statistics endpoint, logs, retention, infrastructure, and network boundary. It also means you must own more of the operational work that Capgo Cloud normally handles for you.
Practical review checklist
Section titled “Practical review checklist”Before a HIPAA review, decide:
- Whether hosted Capgo Cloud is allowed for update checks
- Whether hosted Capgo Cloud is allowed for statistics
- Which region the plugin traffic must use
- Whether
custom_idis disabled in your app - Who monitors update failures if hosted statistics are disabled
- Whether your team needs a licensed self-hosted deployment
Capgo works with companies going through HIPAA compliance review, including companies in the U.S. that use Capgo in HIPAA-compliant programs. Contact Capgo if your reviewer needs a deployment model, data flow, or licensing path that is stricter than the hosted defaults.
Keep going from HIPAA Compliance
Section titled “Keep going from HIPAA Compliance”If you are using HIPAA Compliance to plan a regulated live update rollout, connect it with Compliance for privacy and data collection details, Data Location for EU endpoint configuration, Statistics API Endpoint for self-hosted telemetry, and Self-hosted updater for licensed deployment planning.