Security & Compliance

Your data security and privacy are our top priorities. Learn how we protect your screenshots and information.

Hosted on SOC 2 Type II infrastructure
GDPR-aligned data handling
Encrypted at rest and in transit

How We Protect Your Data

Encryption at Rest and in Transit

Screenshots are encrypted in transit using TLS 1.3 (managed by Vercel and Supabase) and at rest using AES-256 (managed by Supabase storage). Note: CaptrIQ is not end-to-end encrypted — our servers process screenshots for OCR, search, and PII redaction.

Access Control

Role-based access control (RBAC) ensures only authorized team members can access your screenshots. Multi-factor authentication (MFA) available.

Data Privacy

We never access, view, or use your screenshots for any purpose other than providing our service. Your data is yours alone.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with 99.99% uptime SLA. Regular security audits and penetration testing.

Compliance Posture

We build on infrastructure (Supabase, Vercel) that maintains SOC 2 Type II and ISO 27001 certifications. CaptrIQ has not pursued separate certifications at this stage. Our data handling aligns with GDPR and CCPA principles — you can export or delete your data at any time.

24/7 Monitoring

Continuous security monitoring and automated threat detection. Incident response team available 24/7/365.

Data Protection & Privacy

Data Encryption

All data is encrypted both in transit and at rest:

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for stored screenshots and data
  • Backups: Encrypted backups with separate encryption keys

Data Retention

We retain your data only as long as necessary:

  • Active Accounts: Data retained while your account is active
  • Deleted Data: Permanently deleted within 30 days of deletion request
  • Backups: Backup data purged within 90 days

Access & Authentication

Multiple layers of security protect your account:

  • OAuth 2.0: Secure authentication via Google, GitHub, or email
  • MFA: Optional multi-factor authentication for enhanced security
  • Session Management: Automatic session expiration and secure token handling

Third-Party Security

We carefully vet all third-party services:

  • Cloud Storage: Enterprise-grade providers with SOC 2 compliance
  • OCR Processing: Data processed in isolated, secure environments
  • No Training Data: Your screenshots are never used to train AI models

Vulnerability Disclosure

Responsible Disclosure Program
We take security seriously and welcome reports from security researchers.

If you discover a security vulnerability in CaptrIQ, please report it to us responsibly:

Email:

security@captriq.com

Please include:

  • • Description of the vulnerability
  • • Steps to reproduce
  • • Potential impact
  • • Your contact information

Our Commitment:

  • Acknowledge receipt within 24 hours
  • Provide regular updates on our progress
  • Credit researchers in our security acknowledgments (if desired)
  • Not pursue legal action against good-faith security research

Infrastructure & Compliance Posture

CaptrIQ runs on certified infrastructure. We have not pursued separate certifications for the application itself at this stage.

SOC 2

Type II infrastructure (Supabase, Vercel)

ISO 27001

Information security (Supabase)

GDPR

Aligned data handling

For details on our hosting providers' audit reports, contact security@captriq.com. We can share what's available and clearly state the scope of CaptrIQ's own controls.

Request Security Documentation →