Privacy Policy

Last updated: 27 June 2026

Who we are Data we collect How & why we use it The dead-man trigger Sharing & sub-processors We don't sell your data International transfers Retention & deletion Security Your rights (EU/UK) US & California Cookies Contact

Capsulene ("Capsulene", "we", "us") helps you store important information and have it delivered to people you trust if you stop checking in (a "dead-man's switch"). Because that information is often sensitive, protecting it is central to how we build the product. This policy explains what personal data we process, why, and the rights you have over it. It is written to meet the EU General Data Protection Regulation (GDPR) and is intended to also satisfy the UK GDPR and applicable US state privacy laws.

1. Who we are (data controller)

The Service at capsulene.com and app.capsulene.com is operated by DDS Services Kft., registered in Budapest, Hungary (company registration number 01-09-301215) ("the Controller"). For any privacy question or to exercise your rights, contact us at privacy@capsulene.com.

2. The data we collect

Account & identity

Email address — your identifier and how you sign in.
Name — as you provide it.
Authentication data — we use passwordless sign-in: when you log in by email we send a one-time code and store only a short-lived, hashed copy of it; alternatively, if you use Sign in with Google, Google provides us your email and name. We also keep a token identifier to manage your session.
Subscription & billing status — your plan, whether a payment card is on file, and transaction records. Card payments are handled by our payment processor (see §5); we do not store your full card number.

The contents of your capsules

The information you choose to store — titles, messages, and secrets such as passwords or cryptographic keys. We treat this as strictly confidential. It is encrypted in transit (TLS) and at rest, and we access it only as needed to operate and deliver the Service. We never use the contents of your capsules for any purpose other than storing and delivering them as you instruct.

Recipient (beneficiary) details

For each capsule you provide details of the person who should receive it — their name, and email address and/or mobile number. You provide this on their behalf; see §3 and our Terms for your responsibilities.

Activity & trigger data

Your check-ins ("I'm still here" confirmations), the schedule and state of your triggers, and related timestamps — this is what the dead-man's switch relies on.

Communications & support

The emails and SMS messages we send you (one-time codes, check-in reminders, delivery notices) and any correspondence you send us for support.

Technical data

We keep minimal technical logs (such as IP address and timestamps) needed to run and secure the Service. We do not run advertising networks or third-party analytics/tracking on our sites. See §12 on cookies.

3. How and why we use your data (legal bases)

To provide the Service — create your account, store capsules, run triggers, and deliver capsules to your recipients. Legal basis: performance of our contract with you (GDPR Art. 6(1)(b)).
To send essential messages — sign-in codes, check-in reminders, and delivery notifications. Legal basis: contract.
To take payment for paid plans. Legal basis: contract.
To keep the Service secure and prevent abuse or fraud, and to comply with law. Legal basis: our legitimate interests and legal obligations (Art. 6(1)(c),(f)).
With your consent where we ask for it (e.g. any optional messages) — you can withdraw consent at any time. Legal basis: consent (Art. 6(1)(a)).

Where you provide recipients' details and the special-category or financial information you may store in capsules, you do so on your own initiative; you are responsible for having a lawful basis to share that information with us and with your chosen recipients (see Terms).

4. The dead-man trigger (automated processing)

Our core feature is automated: based entirely on the schedule and rules you set, if you stop confirming you are active, we automatically attempt to confirm and then release the relevant capsule to your chosen recipient. We do not independently verify death or incapacity — release is driven solely by your settings and your missed check-ins. You can change, pause, or delete any trigger at any time while your account is active. We do not use this processing to make any other decision about you.

We share personal data only as needed to run the Service:

Your recipients — when a capsule is released, its contents are delivered to the recipient(s) you designated, by the email/SMS channel you chose.
Amazon Web Services (AWS) — hosting, database, file storage, content delivery, transactional email (Amazon SES) and SMS. Our primary infrastructure and your data are hosted in the EU (Frankfurt, Germany).
Stripe — payment processing for paid plans (PCI-DSS compliant). Stripe handles card details directly; we receive only limited information such as plan and the last digits/expiry where applicable.
Google — only if you use "Sign in with Google" (to verify your identity), and to serve the web fonts used on our site.
Authorities / legal — where we are legally required, or to protect our rights, users, or the public.
Business transfer — if Capsulene is involved in a merger, acquisition, or asset sale, with notice to you and continued protection of your data.

Each provider acts as our processor under a data-processing agreement and may only use the data to provide their service to us.

6. We do not sell your personal data

We do not sell, rent, or trade your personal data to anyone. We do not share it for advertising, and we do not engage in "cross-context behavioural advertising" or the "sale" or "sharing" of personal information as those terms are defined under US state privacy laws (including the California CCPA/CPRA).

7. International transfers

Your account data and capsule contents are stored in the EU. Some sub-processors (for example Stripe, Google, and certain SMS routing) may process limited data outside the European Economic Area, including in the United States. Where that happens, the transfer is protected by appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an adequacy decision.

8. How long we keep your data — and deletion on cancellation

We keep your personal data only while your account is active. When you cancel or delete your account, we delete your personal data and the contents of your capsules — we do not retain personal data after account cancellation. Deletion propagates to our backups on a short rolling cycle. The only exceptions are minimal records we are legally required to keep (for example invoices/tax records) or limited information we must retain to comply with law or resolve a dispute; we keep these only for as long as required and then delete them.

9. How we protect your data

We use encryption in transit (TLS) and encryption at rest, strict access controls and least-privilege permissions, and we host on reputable EU infrastructure. No online service can be guaranteed 100% secure, so you also play a part: keep access to your email/Google account and your devices secure. If a breach affects your rights, we will notify you and the relevant authority as required by law.

10. Your rights (EU & UK)

Under the GDPR and UK GDPR you have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; data portability; and to withdraw consent at any time. You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any right, email privacy@capsulene.com. We respond within one month. You can also delete your account at any time from your account settings. If you believe we have mishandled your data, you may lodge a complaint with your local supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the EU, your national data-protection authority. Our lead authority is the Hungarian National Authority for Data Protection and Freedom of Information (NAIH, naih.hu).

11. United States & California

If you are a US resident, you may have rights to know, access, correct, and delete the personal information we hold, and to be free from discrimination for exercising them. We collect the categories described in §2 for the purposes in §3. We do not sell or "share" your personal information and have not done so in the past 12 months. To make a request, contact privacy@capsulene.com; we will verify your request before acting on it.

12. Cookies & local storage

We use only essential browser storage: a token to keep you signed in and a setting to remember your light/dark theme. We do not use advertising or tracking cookies. Our marketing site loads web fonts from Google, which involves a request to Google's servers; no advertising profile is built from this.

13. Children

Capsulene is intended for adults and is not directed to children under 16. We do not knowingly collect data from children; if you believe a child has provided us data, contact us and we will delete it.

14. Changes to this policy

We may update this policy from time to time. We will post the new version here with a revised "Last updated" date and, for material changes, notify you by email or in the app.

15. Contact us

Privacy questions and requests: privacy@capsulene.com. Operator: DDS Services Kft., Budapest, Hungary.