Privacy Notice
Capme processes video recordings entirely in your browser. An account is required to use the service. Video content is never stored on our servers.
1. Responsible Person
Responsible for data processing: Steffen Rosenögger, Burgmüllerstraße 60, 40235 Düsseldorf, Germany. See the Imprint page for full details.
2. Overview
This privacy notice explains how Capme ("the Service") handles data. The Service is a screen and webcam recording tool. An account is required to use the service. There is currently no incorporated company behind Capme — it is operated by a private individual in Germany. We fully adhere to CCPA (US) and GDPR (Europe) standards.
3. Account & Authentication
All Capme plans require an account. You sign in with your email address via a one-time password (OTP) or magic link. We do not ask for your name or any other identifying details beyond your email address. Your email address is used solely for authentication and, if applicable, to deliver notifications and product updates you have opted in to (see Section 11).
4. Client-Side Video Processing
All video composition (webcam, background, overlays) and recording happen locally in your browser using MediaStream, Canvas, and Web APIs. Recorded data is kept in memory until you choose to download or share it. The application does not automatically upload your raw or finished video to any Capme-controlled server.
5. Temporary Data & Downloads
When you finish a recording, the video is stored locally in your browser's Origin Private File System (OPFS), a sandboxed storage area on your device that persists across page refreshes and browser restarts. The video never leaves your device until you actively choose to download or share it. You can remove locally stored recordings by clearing site data in your browser settings (Settings → Privacy → Clear browsing data → Cached files / Site data).
6. Optional Sharing
If you use a share button (e.g. copy link, send to a platform), the action happens locally (e.g. copying to clipboard) or invokes the native share sheet if supported. There is no central Capme server that receives or stores your video.
7. Analytics
Capme uses OpenPanel for product analytics. OpenPanel is hosted on an on-premise server in Germany (EU), so your data never leaves EU infrastructure and is never shared with third parties. For all visitors: OpenPanel records anonymous usage events (e.g. recording started, stopped, shared) and page views without cookies. Your IP address is temporarily processed by our analytics server solely to determine your approximate geographic location (country/region); the IP address itself is not stored in our analytics database. A daily-rotating cryptographic hash estimates unique visitors within a 24-hour window; no persistent identifier is stored on your device. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). For logged-in users: events include a plan attribute ('business' or 'public') to distinguish session types. No user ID, email, name, or organisation identifier is sent to OpenPanel. Admin dashboard usage statistics are sourced from recording metadata stored separately in Supabase (see below), not from OpenPanel. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). Additionally, Capme stores anonymised recording metadata (e.g. video duration, resolution, mode, branding usage) in a secure EU-hosted database. This data does not include video content, your voice, or your screen recording. If you are offline when an action occurs, metadata is temporarily queued in your browser's localStorage (key: capme_pending_analytics) and sent automatically when you reconnect. Analytics rows are retained for 24 months. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). For error tracking, Capme uses an EU-hosted error tracking service, which logs technical errors to help us fix bugs. It captures technical data (browser version, error stack) but does not track users via cookies. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
8. Cookies & Infrastructure
Capme sets no marketing or tracking cookies. The following cookies are in use: Strictly necessary, set by Capme: • Supabase auth token (sb-*): authenticates your login session. HttpOnly, cleared on sign-out. • capme_guest_token: applies your organisation's branding for guest viewers. SameSite=Lax, max-age 1 year, cleared on sign-out. Functional preference, set by Capme: • NEXT_LOCALE: remembers your language choice (English/German). SameSite=Lax, expires after 1 year. Infrastructure security, set by Gcore: All traffic to capme.app passes through Gcore (CDN, DDoS protection, caching). Gcore does not set automatic cookies for standard CDN traffic. Gcore acts as a data processor under Art. 28 GDPR. See: https://gcore.com/privacy-policy No consent is required for any of the above. None are used for advertising or cross-site tracking. OpenPanel (analytics) and Better Stack (error tracking) set no cookies.
9. Permissions
Camera and microphone access are requested only when you start or prepare a recording. If you deny access, the app cannot record. You can revoke permissions anytime through your browser settings.
10. Third-Party Services & Contact Form
Capme uses Plunk (useplunk.com) as the email delivery provider for transactional emails. Authentication one-time passwords and magic links are generated by Supabase Auth; Plunk delivers these emails to your inbox. This covers contact form submissions from https://capme.app/contact and account authentication emails (sign-in links, admin invites). If you submit the contact form, your message and (if provided) your email address are sent to Capme's team via Plunk's email infrastructure. Email delivery transits via AWS SES (US) under Standard Contractual Clauses (SCCs). Data is used solely to respond to your inquiry or feedback and is not shared with third parties for marketing. To assist with troubleshooting, we may also automatically collect technical information such as your browser version, operating system, and screen resolution when you submit a support request. For details, see Plunk's privacy policy: https://www.useplunk.com/legal/privacy.
11. Newsletter & Updates
If you subscribe to our newsletter, we use Loops (loops.so) to send you product updates, marketing information, and feedback requests. Loops is a US-based service; data transfers are governed by Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework. Your email address is stored and processed by Loops for this purpose. You can unsubscribe at any time via the link in every email. Legal basis: consent (Art. 6(1)(a) GDPR).
12. Data Retention
Because no server copies are stored, we retain no video data. What you download is under your own control. Locally stored recordings (OPFS) can be removed by clearing browser site data. Anonymized analytics metadata is automatically purged after 24 months (see Section 7). Account and workspace data (email, settings, branding) is deleted promptly from production systems when you delete your account. Deleted data may remain in encrypted backups for up to 30 days before being overwritten. Billing records are retained for the period required by applicable tax and accounting law (up to 10 years under German commercial law).
13. Organisation & Admin Data
For Capme paid plans, we process and store organisation details (e.g. company name, slug, settings) in our secure database to fulfil the service (Art. 6(1)(b) GDPR). If you belong to a Capme organisation: - Your organisation's administrators can view aggregated usage statistics for their workspace (e.g. number of recordings, total duration) via the Admin Dashboard. - They cannot see your video content or screen recordings. - The Capme team may also view these aggregate statistics for service improvement and support. If you access a workspace via an access link (without a full registration flow), your organisation's account administrator is responsible for ensuring you have been informed of the applicable terms and privacy practices. Capme processes your data under the organisation's data controller relationship in this case.
14. Security
Client-side processing reduces exposure - video streams stay local. Still, keep your device secure and avoid recording sensitive information unintentionally.
15. Your Rights
You have the right to access, correct, or delete your personal data ("Right to Know", "Right to Delete"), to restrict processing, to object to processing, and to lodge a complaint with a supervisory authority. These rights align with GDPR (EU) and CCPA (US) standards. To exercise your rights, contact the responsible person listed above.
16. Changes to This Notice
This privacy notice is updated when our data processing practices change. If significant changes are introduced, this notice will be updated before those changes go live. The current version is always available at https://capme.app/privacy.
17. Contact
For privacy-related questions or to exercise your rights (access, correction, deletion, objection), contact security@capme.app. You may also use the contact form: https://capme.app/contact.
Cookie Settings
You can review or change your cookie consent choices at any time:
Status: Beta. Operated by a private individual in Germany.
If significant changes to data processing are introduced, this notice will be updated before those changes go live.