Skip to main content

Privacy Policy

Last updated: March 1, 2026

1. Introduction

CaptureAI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the CaptureAI Chrome extension and associated website (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

  • Email address — used for license key delivery and account management
  • License key and subscription tier (Basic or Pro)
  • Payment information — processed securely by Stripe; we never store credit card details

Screenshots and Queries

  • OCR runs locally on your device first, using on-device text extraction (Tesseract.js). Your screenshot is processed in the browser before anything is sent off-device.
  • When the extracted text is high-confidence, only that text (not the image) is sent to our backend for AI processing. The image stays on your device.
  • If text extraction confidence is low, the image may be sent for more accurate processing.
  • We do not store your screenshots or queries on our servers beyond the duration of the request.

Usage Data

  • Per-request metadata is recorded for each AI query: prompt type, model used, input/output/cached token counts, estimated cost, response time, and timestamp.
  • This data is used to enforce cost-based usage budgets per subscription tier, to apply global rate limits, and for internal cost monitoring, analytics, and service improvement.
  • Usage records are linked to your account via your license key, which is stored together with your email address (see Data Storage section below). Usage data is therefore account-identifiable.
  • Cloudflare AI Gateway also retains its own request logs per its standard data retention practices — review Cloudflare's Privacy Policy

3. How We Use Your Information

  • To provide and operate the CaptureAI Service
  • To deliver your license key via email upon activation
  • To process payments and manage your subscription through Stripe
  • To enforce usage limits and rate limits based on your subscription tier
  • To provide customer support and respond to inquiries
  • To send essential service communications (e.g. license key delivery, policy updates). Billing receipts are sent directly by Stripe.
  • To improve the performance and reliability of the Service

We do not use your data for advertising, behavioral profiling, or sell it to any third party.

4. Data Sharing and Disclosure

We do not sell or trade your personally identifiable information. We may share your information only in the following circumstances:

Service Providers

We work with the following third-party providers to deliver the Service:

  • OpenAI — AI processing of extracted text via Cloudflare AI Gateway. Review OpenAI's Privacy Policy.
  • Cloudflare — Backend infrastructure (Workers, D1 database, AI Gateway). Review Cloudflare's Privacy Policy.
  • Stripe — Payment processing for Pro subscriptions. Review Stripe's Privacy Policy.
  • Resend — License key delivery emails. Your email address is shared with Resend solely for this purpose. Billing receipts are sent directly by Stripe, not via Resend. Review Resend's Privacy Policy.

Legal Compliance

We may disclose your information if required by law, legal process, or to protect our rights and the safety of our users.

Business Transfers

If CaptureAI or its assets are acquired or merged, user data may be transferred as part of that transaction. You will be notified of any such change.

5. Data Storage and Retention

Extension storage: Your license key and settings are stored locally in Chrome's secure chrome.storage API on your device only.

Backend storage: Your license key and email address are stored together in Cloudflare D1, along with your subscription tier and subscription status. Per-request usage records (prompt type, model, token counts, cost, response time, timestamp) are also stored and linked to your account via this license key. This data is retained for as long as your account is active.

Screenshot and query data: Not stored. Text extracted from your screenshots is processed transiently and discarded immediately after the AI response is returned.

You may request full deletion of your account and associated data at any time by contacting us.

6. Security

We use standard security practices to protect your information:

  • All data in transit is encrypted via HTTPS/TLS.
  • Backend data is stored within Cloudflare's secure infrastructure.
  • Stripe webhook signatures are verified using HMAC SHA-256 on every incoming request.
  • Payment details are never stored on our servers; Stripe handles them in full.
  • Extension data is isolated within Chrome's secure storage API.

No online system is fully secure. We take reasonable precautions, but we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and personal data
  • Objection: Object to or restrict certain types of data processing
  • Portability: Receive your data in a portable, structured format
  • Withdraw consent: Opt out of non-essential communications at any time

To exercise any of these rights, contact us at support@captureai.dev.

8. International Data Transfers

CaptureAI's backend runs on Cloudflare's global network. If you are located outside the United States, your data may be transferred to and processed in countries with different data protection laws. By using the Service, you consent to this transfer. We rely on established service providers that comply with applicable data protection regulations to keep appropriate safeguards in place.

9. Children's Privacy

CaptureAI is not directed at users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly. If you believe a child has submitted data to us, contact us immediately.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We will notify you of material changes via email or through the extension. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: