Privacy Policy

Version 1.1 | Last updated: 2025-01-01 | Effective: 2025-01-01
Leo Crafter s.r.o. | Czech Republic

Download PDF version

TL;DR Summary

We never store your note content. Captain Memo processes your thoughts in real-time without storing them permanently. We collect only essential data (email, name, language), host everything in Switzerland (Oracle Cloud Zürich), and delete voice recordings after 90 days max. Your data stays yours.

1. Data Controller

Leo Crafter s.r.o., a company registered in Czech Republic, is the data controller responsible for your personal data processing under this policy.

Contact Information:
Leo Crafter s.r.o.
Czech Republic
Email: pavel@captainmemo.app

2. Data We Collect

Important: We never store your memo/note content permanently. All thought processing happens in real-time and content is immediately discarded after processing.

2.1 Essential Account Information

  • Email address (for account access and essential communications)
  • Full name (for personalization and account management)
  • UI language preference (for localized experience)
  • Account authentication data

2.2 Anonymized Service Data

  • Anonymized goal/question IDs (to track progress without content)
  • Voice recordings (temporarily cached max 90 days, then auto-deleted)
  • Technical logs (anonymized for service improvement)
  • Usage analytics (anonymized, future opt-in only)

3. Legal Basis for Processing

We process your personal data based on:

  • Contract performance (GDPR Art. 6.1.b): To provide our voice note and Notion synchronization services
  • Legitimate interests (GDPR Art. 6.1.f): For service improvement, security, and technical operations
  • Consent (GDPR Art. 6.1.a): For optional features and marketing communications where explicitly requested

4. Hosting and Data Processing

4.1 Swiss Data Protection

All services are hosted on Oracle Virtual Machine in Zürich, Switzerland, ensuring compliance with Swiss Federal Act on Data Protection (FADP) - one of the world's strongest privacy laws.

4.2 Essential Service Providers

We work only with privacy-conscious providers:

  • Oracle Cloud (Zürich, CH): Primary hosting infrastructure
  • OpenAI: Voice transcription (content immediately discarded)
  • Authentication providers: OAuth services for secure login

4.3 No Third-party Analytics

We do not use Google Analytics, Facebook Pixel, or similar tracking tools. Future analytics will be anonymized and opt-in only.

5. Data Retention

Privacy-first approach: Most data is never stored permanently.

  • Memo content: Never stored - processed in real-time and immediately discarded
  • Voice recordings: Cached maximum 90 days, then automatically deleted
  • Account data: Retained while your account is active (email, name, language)
  • Goal tracking: Only anonymized IDs retained for progress tracking
  • Billing data: Retained for 7 years for accounting compliance (when applicable)

Upon account deletion, we permanently delete your personal data within 30 days, except where longer retention is required by law.

6. Your GDPR Rights

As a data subject, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Opt out of certain types of processing
  • Withdraw consent: For processing based on consent

To exercise these rights, contact us at privacy@captainmemo.com. We will respond within one month.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff data protection training

8. Cookies and Tracking

We use essential cookies for authentication and service functionality. We do not use tracking cookies for advertising purposes. You can manage cookie preferences in your browser settings.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

10. Data Breach Notification

In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR Article 34.

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with applicable law.

For users in the Czech Republic, the supervisory authority is the Office for Personal Data Protection (ÚOOÚ).

12. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

Captain Memo s.r.o.
Prague, Czech Republic
Email: privacy@captainmemo.com

This privacy policy may be updated to reflect changes in our practices or legal requirements. We will notify you of material changes via email or service notifications.

PDF copies of this privacy policy are retained for accountability purposes in compliance with GDPR Article 5.2.