CAPTRA Privacy Policy and Data Protection Agreement

Effective Date: 06/02/2025

1. Introduction

CAPTRA Ltd. ("Company," "we," "our," "us") is committed to safeguarding the privacy and data protection rights of our clients and their customers. This policy outlines how we collect, process, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other relevant data protection laws.

For any privacy-related inquiries, please contact:

  • Email: william@captra.xyz

  • Website: https://captra.xyz

  • Registered Office: 20 Wenlock Road, London, England, N1 7GU

2. Data Flow Mapping

To ensure transparency, the following section details how data moves through our system and the third-party services involved:

2.1 Dialogflow CX

  • Data Collected: User interactions, including chat messages and, if enabled, phone call transcripts.

  • Processing Details: Data is processed within Google Cloud’s infrastructure in the selected region (e.g., UK/EU or global regions). Dialogflow CX retains conversation data for up to 365 days.

2.2 Website Chat (Dialogflow Messenger)

  • Data Collected: Users may provide their name, email, phone number, and chat messages.

  • Processing Details: Data is processed by Google Dialogflow for intent detection and routed accordingly.

2.3 Dialogflow Phone Gateway

  • Data Collected: Caller ID and call audio transcripts (if transcription is enabled).

  • Processing Details: Calls are forwarded from a UK-based number and processed via Google’s telephony features. An external provider, voip.ms, may route calls internationally before reaching the Dialogflow gateway.

2.4 Google Cloud Run (Webhooks & Backend Processing)

  • Data Collected: Data pertinent to user interactions triggering backend processes.

  • Processing Details: Webhooks hosted on Google Cloud Run trigger actions such as sending emails via Nodemailer. Data processing regions are subject to Google Cloud’s selected region settings.

2.5 Email Processing (Nodemailer + IONOS)

  • Data Collected: Email inquiries and lead data.

  • Processing Details: Emails are sent via Nodemailer and hosted on IONOS mail servers, which store emails in the UK/EU.

2.6 Payment Processing (Stripe or Alternative Payment Processor)

  • Data Collected: Business details for billing purposes.

  • Processing Details: Payment transactions are processed through Stripe, adhering to PCI-DSS compliance standards.

3. Data Collected

3.1 Types of Personal Data

  • Website Chat & AI Conversations: Name, email, phone number, chat messages.

  • Phone Gateway: Caller ID, call audio transcripts (if enabled).

  • Usage & Log Data: IP addresses, timestamps, browser/device details.

  • Payment Data: Business details if a payment processor (e.g., Stripe) is used.

3.2 Legal Basis for Processing

  • Legitimate Interests: Providing AI-powered customer support and lead generation.

  • Consent: Where explicitly provided (e.g., marketing emails).

  • Legal Obligation: Compliance with regulatory requirements.

4. Data Sharing & Third-Party Processors

4.1 Sub-Processors

AI Chatbot

  • Provider: Google Dialogflow CX

  • Data Processed: User messages, contact details

  • Location: UK/EU or Global

Telephony

  • Provider: voip.ms

  • Data Processed: Call routing, Caller ID

  • Location: Global

Web Hosting

  • Provider: Google Cloud Run

  • Data Processed: Webhooks, API calls

  • Location: UK/EU or Global

Email

  • Provider: IONOS/Nodemailer

  • Data Processed: Contact forms, lead emails

  • Location: UK/EU

Payment

  • Provider: Stripe

  • Data Processed: Client billing details

  • Location: UK/EU or Global

5. International Data Transfers

Some data may be transferred outside the UK/EU. We ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs): Implemented with Google, Stripe, and other providers.

  • Adequacy Decisions: Ensuring third-party compliance with GDPR adequacy standards.

6. Data Retention Policy

  • Chat and Call Transcripts: Stored by Dialogflow CX for up to 365 days.

  • Lead Data: Retained for up to 12 months or as per client request.

  • Emails: Stored securely by IONOS for standard business retention periods.

7. Data Redaction and Security Measures

We prioritize the protection of personal data through the following measures:

  • Data Redaction: Utilising Google Cloud's Data Loss Prevention (DLP) API to automatically redact or obfuscate sensitive information such as email addresses and phone numbers from logs and transcripts.

  • Security Protocols: Implementing encryption in transit and at rest, strict access controls, and regular security assessments.

8. Data Subject Rights (UK GDPR Compliance)

Individuals have the right to:

  • Access: Request access to their personal data.

  • Rectification: Correct inaccurate or incomplete information.

  • Erasure: Request deletion of their personal data.

  • Restriction of Processing: Limit the processing of their data.

  • Data Portability: Receive a copy of their data in a structured format.

  • Objection: Object to the processing of their data, particularly for marketing purposes.

To exercise these rights, please contact: william@captra.xyz

9. Complaints & Regulatory Contact

If you believe your data rights have been violated, you may contact:

  • CAPTRA Ltd. Privacy Team: william@captra.xyz

  • UK Information Commissioner’s Office (ICO): https://ico.org.uk/

10. Updates to This Policy

We may update this Privacy Policy periodically. Clients and users will be notified of material changes via email or through our website.

Last Updated: 06/02/2025