The operator (controller within the meaning of Art. 4(7) GDPR) of the Capzo service at capzo.net and the Capzo Windows desktop client is Digital-E. Postal address, telephone number, and the responsible person's name are published in the imprint: https://www.digital-e.org/impressum/. The imprint also contains the e-mail address you can use for every request related to this policy.
This policy covers personal data processed when you (a) visit the Capzo.net website, (b) register or sign in to a Capzo account, (c) upload, share, or view files through Capzo, or (d) use the Capzo desktop application for Windows.
When you create an account we store your username, e-mail address, a password hash (Argon2id; the plaintext password is never written to disk or transmitted again), and an internal API key that lets the desktop client upload on your behalf. We also keep your account tier (free or premium) and the premium expiry date if applicable.
Each browser session creates a row in our sessions table
containing a random session token, your IP address, your
browser user-agent string, and the session's creation
and expiry timestamps. Sessions expire 30 days after creation.
To stop credential-stuffing attacks we record failed login attempts in
a login_attempts table. We store a SHA-256 hash of
the e-mail address (never the plain e-mail in this table), the
requesting IP address, a failure counter, and timestamps.
Six failures within fifteen minutes trigger a fifteen-minute lockout per
(e-mail hash, IP) pair. These rows are pruned automatically one day after
the lockout window expires.
When you upload a screenshot, video, archive, or text file, we store the file itself plus the following metadata: original filename, MIME type, byte size, image dimensions, video duration, generated thumbnail, a public 8-character share key, and a view counter that increments every time someone opens the share URL.
Please read this carefully. When the Capzo Windows desktop client uploads a screenshot, it first performs OCR (text recognition) locally on your device and then transmits the extracted text to our server as part of the same upload request. We store this text in your upload's database row so that you can search across your captures by content. The OCR text is only visible to you (it is not shown on the public share page) but it is stored on our servers in plaintext alongside the file. You can disable OCR in the desktop client's settings before capturing if you would prefer that we do not receive this text.
First-party cookies. The Capzo website itself does not set any cookies on your browser. We do not run analytics, advertising, retargeting, or session- replay tools.
Browser local storage. To keep you signed in
and to remember your interface preferences we use the
localStorage mechanism in your browser. Under
§25(2)(2) of the German Telecommunications Telemedia Data
Protection Act (TTDSG), storage that is "strictly necessary
in order for the provider of a telemedia service to provide
a telemedia service expressly requested by the user" does
not require additional consent. The following entries fall
under that exemption:
capzo_session — your current session token.
Without it you would be signed out on every page load.capzo_api_key — your API key, so the gallery
can talk to the upload API on your behalf.capzo_user — a small copy of your username,
e-mail, and tier, so the UI does not have to refetch it
on every page load.capzo_theme — your preferred site theme
(dark or light).capzo_cookie_notice — remembers that you
have already dismissed the first-visit privacy notice,
so we do not show it again.You can clear these entries at any time from your browser's developer tools or by signing out, and you can verify them via your browser's storage inspector.
Third-party cookies — hCaptcha (only on sign-in
and registration). The hCaptcha widget that
protects the login and registration forms sets cookies on
its own domains (*.hcaptcha.com and
*.hcaptcha.io) to detect automated abuse. These
cookies are set by hCaptcha, not by us; we never see their
contents. We have deliberately configured the site so that
the hCaptcha script is only loaded the moment you
actively open the login or register modal — not on
an ordinary visit to the marketing page, the gallery, this
Privacy Policy, the Terms of Service, or a public share
page. If you never sign up or sign in, you will never
receive an hCaptcha cookie. Once loaded, the hCaptcha
widget displays its own consent notice with a link to
hCaptcha's privacy policy.
Because the website does not set any cookies of its own,
does not run analytics, and loads the only third-party
script that sets cookies only on a clear user action, we
do not show a sitewide cookie-consent banner. We do show a
short, one-time, dismissible privacy notice on your first
visit (the dismissal flag itself is stored in
localStorage as
capzo_cookie_notice, see above).
Our PHP error log (logs/php_errors.log) records server
errors so we can debug them. It may contain timestamps, error messages,
stack traces, and the route that triggered the error. It does not
intentionally log request bodies or passwords. Logs are rotated
according to our hosting policy.
We share personal data with the following third parties strictly to operate the service:
The webfont families used on this site (Inter and Plus Jakarta Sans) are served from our own server, not from Google Fonts. We do not use any analytics, advertising, or tracking provider.
Transfers to the United States (Cloudflare, hCaptcha) take place under the EU-U.S. Data Privacy Framework or, where applicable, the European Commission's Standard Contractual Clauses. Transfers to Canada (Servarica) are covered by the European Commission's adequacy decision for Canada (PIPEDA).
When you create an upload, Capzo generates a public share URL of the
form https://capzo.net/share.php?key=<KEY>. Anyone who
knows or guesses the key can view the file without authentication. We track the
number of views per upload and display it to you in the gallery. You
are solely responsible for whom you give a share URL to. Deleting the
upload immediately revokes the share URL (it will then return 404).
You have the following rights with respect to your personal data:
To exercise any of these rights please contact us using the e-mail address listed in the imprint at digital-e.org/impressum. We will respond within one month.
We protect your data using TLS in transit, Argon2id password hashing at rest, brute-force lockout on the login endpoint, and session invalidation on password change (changing your password signs out every other device automatically). The Windows desktop client encrypts its local settings file with the Windows Data Protection API (DPAPI). No system is perfectly secure; please use a unique password and report any suspected compromise to us immediately.
The Capzo service is not intended for users under 16 years of age. We do not knowingly create accounts for or collect data from children under 16. If you believe a child has provided us personal data, please contact us so we can delete it.
We may update this policy from time to time to reflect changes
in the service or in applicable law. The current version is always
published at capzo.net/privacy.php with the date of the
most recent revision shown at the top. Material changes will be
highlighted on the page.
For any question about this policy or your personal data, please use the contact details published in the imprint at https://www.digital-e.org/impressum/.