Legal
Privacy Policy
Last updated: 13 May 2026.
1. Controller
The data controller responsible for personal data processed in connection with the urlcap service is DATO CAPITAL LTD, registered in the United Kingdom under company number 09987396, with its registered office at 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ. Privacy questions and rights requests should be sent to info@urlcap.com.
2. What we collect
We process personal data in the following categories:
- Account data — email address, hashed password, the OAuth provider you signed in with (Google, GitHub or Microsoft) and the identifier they return, the plan you are on, and timestamps of account events.
- Billing data — when you subscribe to a paid plan, Stripe (our payment processor) collects your card details and billing address directly; we never see the card number. We retain your Stripe customer ID, subscription ID, plan, status and renewal dates.
- Technical data — IP address, user-agent and timestamp of each API call, the endpoint requested, the HTTP status returned, and approximate latency. We use this for rate-limiting, abuse prevention, debugging and aggregate reporting.
- Content you submit — request URLs, headers, bodies, extract job models, dataset items, scheduled-task definitions, etc. This is processed solely to deliver the API response back to you.
- Communications — emails you send to info@urlcap.com or support@urlcap.com and our replies.
We do not knowingly collect data from children under 13.
3. Why we process it (lawful basis)
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Provide the API, account and billing | Performance of a contract |
| Send transactional email (verification, receipts, password reset) | Performance of a contract |
| Rate-limiting, abuse prevention, security logs | Legitimate interests (operating the Service securely) |
| Comply with tax, accounting and law-enforcement obligations | Legal obligation |
| Occasional product updates / changelog emails | Consent (opt-in) or legitimate interests where you are an existing customer |
4. Cookies and similar technologies
We use a small number of strictly necessary cookies (session cookie after login, a theme preference, a CSRF token). We do not use advertising or cross-site tracking cookies. If we add analytics in future, we will update this policy and provide a clear opt-in for non-essential cookies.
5. Who we share data with
We share personal data with the following categories of recipients, who act as our processors:
- Stripe Payments Europe Ltd. — card processing and subscription management.
- Zoho Corporation B.V. — outbound transactional email (SMTP).
- Google LLC, GitHub Inc., Microsoft Ireland Operations Ltd. — only when you choose to sign in with that provider; we receive your email address and a stable account identifier from them.
- Our infrastructure provider — the host that runs the urlcap server, under standard confidentiality terms.
We may also disclose data when required by law, court order or to protect our rights or those of others. We do not sell personal data and we do not share it for third-party marketing.
6. International transfers
Some processors above are based outside the United Kingdom (notably in the EEA and the United States). Where we transfer personal data internationally, we rely on UK adequacy regulations, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or the EU-US / UK-US Data Privacy Framework, depending on the processor.
7. How long we keep it
- Account records — for the life of the account, then up to 30 days after deletion in backups.
- Billing / invoice records — at least 6 years, to comply with UK tax and accounting law.
- API request logs — up to 90 days at full detail; aggregated counters indefinitely.
- Content you submit (request bodies, extract job outputs, dataset items) — for as long as you keep the corresponding record; deleted on your request or shortly after account closure.
- Email correspondence — up to 24 months.
8. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you and receive a copy;
- have inaccurate data corrected;
- have data erased where one of the statutory grounds applies;
- restrict or object to certain processing;
- data portability for the data you have provided to us;
- withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, email info@urlcap.com from the address on your account. We respond within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).
9. Security
We protect personal data with industry-standard measures: TLS for all transport, bcrypt for password hashing, least-privilege database access, encrypted backups, hardened OS configuration, and routine patching. No system is perfectly secure; if you believe an account or key has been compromised, contact us immediately.
10. Changes
We may update this Privacy Policy. Material changes will be announced via the changelog, and significant changes affecting registered users will be notified by email.
11. Contact
DATO CAPITAL LTD, 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ, United Kingdom.
Email: info@urlcap.com.