Privacy Policy — Captura

Captura ("we", "us", or "our") operates captura.dev, the dashboard at app.captura.dev, and the Captura browser extension. This policy explains what data we collect, why we collect it, and how we protect it. We've tried to keep it plain and readable — no legalese where we can avoid it.

If you have questions, email us at privacy@captura.dev and we'll get back to you.

1. What Captura Does

Captura is a bug-reporting tool. You install the browser extension, and when something goes wrong on a webpage, you click a button to capture what happened — a screenshot, a recording, the browser console output, network requests — and send it to your team as a bug report. Nothing is collected passively or sent anywhere without you actively triggering it.

2. What We Collect

Your account details — when you sign up:

Name, email address, and password (or your Google / GitHub login)
Workspace and project settings you configure
Messages you send to our support team

Bug report data — only when you click the button to file a report:

Screenshots — an image of the page or the area you selected.
Screen recordings — a video of the browser tab while you were recording. It stays on your device until you submit the report, then uploads to our servers.
Console logs — the error and warning messages the browser was producing on that page.
Network requests — the HTTP requests the page was making (URLs, status codes, headers, and response content up to 2 MB). This helps developers see exactly what API calls were happening when a bug occurred.
Page storage — a snapshot of the page's local storage and session storage, so developers can reproduce bugs that depend on saved state.
Cookies — the cookies set on the page's domain at the time of the report, to help reproduce bugs that depend on login state or other session data.
Session replay (Rewind) — if you use the Rewind feature, we record a replay of the user's interactions (clicks, scrolls, typing) leading up to the bug. No actual keystrokes or passwords are captured — only interaction events.
The page URL, tab title, your browser version, and screen size.

All of this data sits in your browser's memory while you browse. It is never sent anywhere unless you choose to submit a report.

Sensitive sites are blocked. The extension automatically disables itself on a built-in list of sensitive websites — including banks, payment processors (PayPal, Stripe, etc.), social media platforms (Facebook, Instagram, Twitter/X, LinkedIn), and email providers (Gmail, Outlook, etc.). You can also add any site to your own ignore list in the extension settings.

Dashboard usage data — when you use the web app:

Your browser type and operating system
Your IP address (used to approximate your country for analytics)
Which pages and features you use, and when
Crash and error reports to help us fix bugs in Captura itself

3. Why We Collect It

Here is a plain-English breakdown of why we process each type of data and the legal reason we're allowed to under GDPR:

Bug report data (recordings, logs, cookies, etc.) — to store and show it to your team inside Captura. Legal basis: your consent. You control when capture happens, and you can withdraw consent by uninstalling the extension or deleting your account.
Account data — to create and manage your account, process payments, and deliver the service. Legal basis: necessary to fulfil our contract with you.
Usage analytics — to understand how people use Captura and improve it. Legal basis: our legitimate interest in building a better product. We use anonymised data only.
Support messages — to help you when something goes wrong. Legal basis: our legitimate interest in providing customer support.

We never sell your data. We never use your bug report data — logs, recordings, screenshots, cookies — for advertising, training AI models, or any purpose other than showing it in your reports.

4. How Long We Keep It

Bug reports and recordings — kept until you delete them or close your account, with a maximum of 2 years from the date of capture.
Account data — kept for as long as your account is active, or as required by law.
Data on your device — the extension clears everything from your browser's local storage automatically once a report is submitted or when you close the tab.

If you delete your account, we delete your personal data promptly. You can request this at any time by emailing privacy@captura.dev.

5. How We Keep It Safe

Bug report data is stored on Cloudflare's infrastructure. All data is encrypted while stored (AES-256) and encrypted in transit (HTTPS). We support two-factor authentication on your account. Access to your data is restricted to Captura team members who need it to operate the service.

We conduct regular security reviews and will notify you promptly if we ever become aware of a data breach affecting your account.

6. Who We Share It With

We do not sell your data. We share it only in these situations:

Your team — bug reports are visible to members of your workspace.
Shared links — if you generate a shareable link for a report, anyone with that link can view it. You control who you share links with, and you can delete the report to revoke access.
Service providers — we use Cloudflare for storage and delivery, and Dodo Payments for billing. They only access what they need to do their job and are bound by confidentiality agreements.
Legal requirements — if we're required to disclose data by law, a court order, or to protect our legal rights.
Business transfers — if Captura is acquired or merges with another company, we'll give you reasonable notice before your data transfers.

7. International Transfers

Captura is used globally, and your data may be stored or processed outside your home country — including outside the European Economic Area (EEA). When this happens, we make sure the transfer is protected using the legal mechanisms required by your local laws, such as Standard Contractual Clauses approved by the European Commission for transfers from the EEA.

8. Cookies on the Dashboard

The Captura web app uses cookies to keep you logged in and remember your preferences. The extension reads a login cookie from app.captura.dev to verify you're authenticated when submitting a report. You can block cookies in your browser settings, but doing so will prevent you from staying logged in.

9. Why the Extension Needs Certain Permissions

Chrome requires extensions to declare what they access. Here's what Captura requests and why, in plain terms:

Access to the active tab — to take screenshots and watch for console and network activity on the page you're reporting.
Screen recording — to record video of the tab when you start a recording session.
Network request access — to capture the full details of HTTP requests (headers, status codes) for the network log.
Local storage — to temporarily hold recording data and logs on your device before you submit a report. Recordings can be large, so we need more than the browser's standard storage limit.
Cookie access — to read cookies from the reported page and from our own domain (for login verification).
Tab information — to know which tab you're reporting and to open the report page after you submit.
Notifications — to let you know when a recording is ready to review.

10. Your Rights

Depending on where you live, you have rights over your personal data. Under GDPR (if you're in the EU or UK), these include:

Access — ask us to send you a copy of the data we hold about you.
Correction — ask us to fix data that's wrong or incomplete.
Deletion — ask us to delete your data.
Restriction — ask us to pause how we use your data while a dispute is resolved.
Portability — ask for your data in a format you can take elsewhere.
Objection — object to us processing your data for our own interests.
Withdraw consent — stop us from processing your data at any time (this won't affect what we did before you withdrew).
Complaint — file a complaint with your country's data protection authority.

To exercise any of these rights, email privacy@captura.dev. We'll respond within 30 days.

11. Children

Captura is not intended for anyone under 13. We don't knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

12. Changes to This Policy

If we make significant changes to this policy, we'll let you know by email or through a notice in the app. The date at the top of this page always shows when it was last updated.

13. Contact Us

Questions or concerns? Email us at privacy@captura.dev and we'll get back to you.