Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how Incentv Technologies Inc. (“Capy,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you visit capy.sc or use our products and services (the “Service”). It applies to individuals in the European Economic Area (EEA), the United Kingdom, California, Brazil, and elsewhere.

1. Who we are

The data controller is Incentv Technologies Inc., 14th Floor, 555 Burrard St, Vancouver, BC V7X 1M8, Canada. For any privacy-related question or to exercise your rights, contact us at privacy@capy.sc.

2. Personal data we collect

We collect the following categories of personal data:

  • Account data: email address, authentication identifiers, and, where applicable, name and organization.
  • Billing data: billing address, tax identifiers, and payment details. Card numbers are collected and stored by our payment processor (Stripe); we do not receive or store full card numbers.
  • Service usage data: API requests, feature interactions, secret metadata (names, timestamps, policies — never secret values), and audit logs.
  • Device and technical data: IP address, browser type, operating system, device identifiers, referring URLs, and pages viewed.
  • Analytics and product data: events, session replays, and user-journey information collected via Amplitude and PostHog.
  • Communications: emails you send us and support requests.

We do not intentionally collect special category data (e.g., health, biometrics, political opinions) and ask that you not submit it.

3. How and why we use your data (legal bases)

Under the EU/UK GDPR we rely on the following legal bases:

  • Contract (Art. 6(1)(b)): to create and operate your account, authenticate you, process payments, and deliver the Service.
  • Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud and abuse, maintain audit logs, troubleshoot, improve the Service, and conduct analytics. You may object at any time.
  • Consent (Art. 6(1)(a)): for non-essential cookies and similar technologies and for optional marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other applicable laws.

4. Cookies and similar technologies

We use a small number of cookies and browser storage mechanisms. Strictly necessary cookies are required to authenticate you and secure your session and do not require consent. Analytics and product-usage technologies (Amplitude, PostHog) help us understand how the Service is used. A banner on the site lets you accept or reject non-essential cookies; your choice is stored locally in your browser. You can change your choice at any time by clearing your browser storage for capy.sc, which will redisplay the banner.

5. Service providers and international transfers

We share personal data with the following processors who act on our instructions:

  • Vercel Inc. — hosting and content delivery.
  • Stripe, Inc. — payment processing.
  • Resend Inc. — transactional email delivery.
  • Amplitude, Inc. — product analytics and session replay.
  • PostHog Inc. — product analytics.

Because Capy operates from Canada and uses U.S.-based processors, your data may be transferred to and processed in Canada, the United States, and other countries. Where data is transferred out of the EEA or UK, we rely on adequacy decisions (e.g., the Canadian adequacy decision and the EU-U.S. Data Privacy Framework where applicable) or on Standard Contractual Clauses together with supplementary measures.

6. Data retention

We retain personal data for as long as your account is active, as necessary to provide the Service, and as required to comply with our legal obligations, resolve disputes, and enforce our agreements. Authentication identifiers such as your email are retained for the life of your account. Billing records are retained for the period required by tax and accounting law (typically six to seven years). Audit logs are retained for security and compliance purposes. When you delete your account, we will delete or anonymize your personal data within a reasonable period, except where we are required or permitted by law to keep it longer.

7. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • request correction, deletion, or restriction of your personal data;
  • object to processing based on our legitimate interests, including profiling;
  • port your personal data to another controller in a structured, machine-readable format;
  • withdraw your consent at any time;
  • lodge a complaint with a supervisory authority (in the EEA, your local Data Protection Authority; in the UK, the Information Commissioner’s Office; in Canada, the Office of the Privacy Commissioner).

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information we collect, request deletion or correction, opt out of any sale or sharing of personal information (we do not sell personal information and do not share it for cross-context behavioral advertising), limit the use of sensitive personal information, and not be discriminated against for exercising these rights. Brazilian residents have equivalent rights under the LGPD.

To exercise any of these rights, email privacy@capy.sc. We will respond within the timeframes required by applicable law.

8. Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, encryption at rest for secret material, access controls, audit logging, and regular reviews. No method of transmission or storage is entirely secure, and we cannot guarantee absolute security.

9. Children

The Service is available to users of all ages. We do not knowingly target children with advertising and do not knowingly process special category data relating to children. If you are under the age of 16 (or the applicable age of digital consent in your jurisdiction), please ensure a parent or legal guardian is aware of your use of the Service and has consented on your behalf where required. Parents or guardians who believe their child has provided us with personal data without appropriate consent may contact privacy@capy.sc to request deletion.

10. Automated decision-making

We do not use your personal data to make decisions that produce legal or similarly significant effects about you by solely automated means.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date at the top and, where required, notify you by email or through the Service.

12. Contact

Incentv Technologies Inc.
14th Floor, 555 Burrard St, Vancouver, BC V7X 1M8, Canada
Email: privacy@capy.sc

See also our Terms of Service.