Privacy Policy

Last updated: May 2026

1. Who we are

CapoAI is an AI agency platform operated by CapoAI Services. We are based in the United Kingdom. Our website is capoai.org. You can contact us at hello@capoai.org.

2. What data we collect

We collect the following information when you use CapoAI:

  • Account information — your email address and password when you sign up
  • Profile information — your subscription plan and account settings
  • Campaign data — campaigns, leads and outreach emails you create
  • Agent data — AI agents you build including business configuration
  • Usage data — how you use the platform, pages visited, features used
  • Payment information — handled by Stripe. We do not store card details
  • Third party integrations — if you connect Gmail, we store OAuth tokens to send emails on your behalf

3. How we use your data

  • To provide and improve the CapoAI platform
  • To process payments and manage your subscription
  • To send outreach emails on your behalf when you use our outreach features
  • To communicate with you about your account and our services
  • To comply with legal obligations

4. Data sharing

We share your data only with the following third parties to operate the platform:

  • Supabase — database and authentication
  • Vercel — hosting and deployment
  • Stripe — payment processing
  • Resend — email sending
  • Anthropic and OpenAI — AI email and agent responses
  • Google — Places API and Gmail integration
  • Vapi.ai — voice calling
  • Twilio — WhatsApp messaging

We do not sell your personal data to any third parties.

5. Lead data

When you use CapoAI to scrape business leads, you are responsible for ensuring your outreach complies with applicable laws including GDPR and the UK Data Protection Act 2018. All scraped data is publicly available information. You must provide an unsubscribe mechanism in all outreach emails.

6. Data retention

We retain your data for as long as your account is active. When you delete your account, your personal data is deleted within 30 days. Campaign and lead data may be retained in anonymised form for analytics purposes.

7. Your rights (GDPR)

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, email us at hello@capoai.org.

8. Cookies

We use essential cookies only — for authentication and session management. We do not use advertising or tracking cookies. We use Supabase for authentication which sets a session cookie.

9. Security

We take security seriously. All data is encrypted in transit using TLS. Passwords are hashed and never stored in plain text. We use row-level security on our database to ensure users can only access their own data.

10. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at hello@capoai.org.