Privacy Policy

Last updated: January 29, 2025

1. Introduction

Capsule ("we," "our," or "us") provides a browser extension that tracks your browsing sessions and organizes them into interactive knowledge graphs. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By installing and using the Capsule browser extension or accessing our website, you agree to the practices described in this policy.

2. Data We Collect

2.1 Browsing Data (Collected by the Extension)

When a session is active, the extension collects:

  • Page URLs — the addresses of pages you visit
  • Page titles — the title of each page
  • Page content — visible text on the page, used to generate semantic embeddings
  • Timestamps — when each page was visited
  • Navigation relationships — which page led to which (e.g., link clicks)
Important: Capsule only collects browsing data while a session is actively running. When no session is active, no browsing data is collected.

2.2 Semantic Embeddings

Page content is processed locally on your device using TensorFlow.js to generate numerical vector representations (embeddings). These embeddings capture the semantic meaning of pages for similarity detection. The raw page content is not transmitted to our servers or stored in the cloud.

2.3 Account Data

If you create a Capsule account, we collect:

  • Email address
  • Hashed password (we never store plaintext passwords)
  • Account creation date
  • Subscription plan and billing status

2.4 Payment Data

Payments are processed by Stripe. We do not store your credit card number, CVC, or full billing details. Stripe provides us with a customer ID, subscription status, and the last four digits of your card for display purposes. See Stripe's Privacy Policy.

3. How Your Data Is Stored

3.1 Local Storage (Default)

By default, all session data is stored locally on your device using your browser's IndexedDB storage. This data never leaves your computer unless you explicitly enable cloud sync.

3.2 Cloud Sync (Optional)

If you sign in to a Capsule account and enable cloud sync, the following data is stored on our servers (hosted on Supabase):

  • Session metadata (name, timestamps, node count)
  • Page URLs, titles, and timestamps
  • Cluster labels and summaries
  • Semantic embeddings

Cloud data is stored in Supabase's infrastructure with row-level security. Only you can access your own data through authenticated requests.

4. How Your Data Is Used

We use your data exclusively to provide the Capsule service:

  • Session tracking — building your browsing graph
  • Clustering — grouping related pages using AI (page titles and URLs are sent to Google's Gemini API for analysis)
  • The Bridge — surfacing connections to your past research
  • Search — finding pages across your sessions
  • Account management — authentication and billing
We do not:
  • Sell your browsing data to third parties
  • Use your data for advertising or profiling
  • Share your data with third parties except as described in this policy
  • Train AI models on your personal browsing data

5. Third-Party Services

Capsule uses the following third-party services:

Google Gemini API

Used to cluster and summarize your browsing sessions. Page titles, URLs, and brief content excerpts are sent to Google's API for analysis. See Google AI Terms.

Supabase

Used for authentication and optional cloud storage. See Supabase Privacy Policy.

Stripe

Used for payment processing. See Stripe Privacy Policy.

TensorFlow.js

Runs entirely on your device. No data is sent to Google through TensorFlow.js. The Universal Sentence Encoder model is downloaded once and cached locally.

6. Your Rights

You have the following rights regarding your data:

  • Access — view all data stored locally through the extension or request a copy of cloud-synced data
  • Deletion — delete individual sessions or all data from the extension. You can also request deletion of your cloud data and account by contacting us
  • Portability — export your sessions in standard formats
  • Opt out of cloud sync — use Capsule entirely locally without creating an account
  • Uninstall — removing the extension deletes all locally stored data

If you are located in the European Economic Area (EEA), you also have rights under GDPR including the right to restrict processing, object to processing, and lodge a complaint with a supervisory authority.

If you are a California resident, you have rights under the CCPA including the right to know what data is collected, request deletion, and opt out of data sales. We do not sell personal information.

7. Data Security

We implement reasonable security measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Row-level security on cloud database tables
  • JWT-based authentication with token expiration
  • API rate limiting to prevent abuse
  • No storage of plaintext passwords

No system is 100% secure. We encourage you to use a strong, unique password for your Capsule account.

8. Data Retention

Local data is retained until you delete it or uninstall the extension. Cloud-synced data is retained while your account is active. If you delete your account, all associated cloud data is deleted within 30 days. Backup copies may persist for up to 90 days in encrypted backups before being purged.

9. Children's Privacy

Capsule is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where possible, through the extension or email. Continued use of Capsule after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

capsule.extension@gmail.com

Terms of ServiceBack to Home