Privacy policy.

The controller of personal data is Capila, s. r. o., Bottova 2/A, 811 09 Bratislava — Staré Mesto, ID No. 54 649 447. Registered in the Commercial Register of the Bratislava III City Court, Sro section, file no. 161568/B.

Contact for personal-data matters: info@capila.io · +421 908 191 865. Capila has not appointed a Data Protection Officer (DPO) under Article 37 GDPR — the obligation to appoint one does not apply to us by law.

Visitors to trip.capila.io: IP address, browser and device data, date and time of visit, pages visited and interactions. Cookies are covered by the separate Cookies page.

Capila Trip SaaS users: e-mail address, given and family name, jurisdiction (SK/UK/US), role within the organisation (employee, approver, finance admin), authentication and session data (Supabase auth), in-app activity records.

Service prospects (leads): data you provide via the contact form, e-mail or initial consultation — name, e-mail, phone, company name and ID No., position, content of the inquiry.

Customer contacts: identification and contact details of persons representing the customer's relationship with Capila — name, position, e-mail, phone and the content of communications.

Paying-customer billing data: trade name, address, ID No., Tax ID, VAT ID, billing contact, transaction data from the payment-gateway provider (Stripe).

Pre-contractual and contractual relations (Art. 6(1)(b) GDPR): handling inquiries, account registration, operating the application, support, billing.

Compliance with legal obligations (Art. 6(1)(c) GDPR): retention of contractual and accounting documentation under Act No. 431/2002 Coll. on accounting and Act No. 222/2004 Coll. on VAT.

Legitimate interests (Art. 6(1)(f) GDPR): security and stability of the application, prevention and detection of misuse (rate-limiting, audit log, AI audit agent), product improvement, defence of legal claims, direct marketing to existing customers within services already provided.

Consent (Art. 6(1)(a) GDPR): newsletter, optional cookies (analytical and functional).

You may withdraw consent at any time at info@capila.io or via the procedure indicated in the relevant message (e.g. unsubscribe link in newsletters). Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Capila Trip uses AI services for receipt OCR and consistency checks of expense reports (audit agent). These features are built on Claude models from Anthropic, routed via the Anthropic EU endpoint, and — for receipts above €500 or with low confidence — on the Mindee fallback service (FR).

AI processing transfers the receipt content (including any personal data therein) to the listed provider solely for structured-data extraction. Providers do not use the content for model training and retain it only as long as necessary for service operation. Detailed contractual settings are documented in a separate Transfer Impact Assessment provided to customers on request.

When delivering the paid Capila Trip service, we process personal data the customer entrusts to us (in particular employee data — name, e-mail, trip and receipt data) acting as a PROCESSOR under Article 28 GDPR. The data controller of such data remains the customer.

Such processing is not governed by this document but by a separate Data Processing Agreement (DPA) signed as an annex to the Service Agreement. We process the data exclusively per the customer's instructions and for purposes agreed in the contract.

If you are an employee of a Capila Trip customer and wish to exercise your rights, please contact your employer first as the controller. Capila will support them in handling the request.

Contact-form data and business correspondence: 3 years from last contact.

Contractual and billing documentation: 10 years (§ 35 of Act No. 431/2002 Coll.).

User-account data after account closure: 90 days (recovery window), then anonymisation.

Newsletter: until consent withdrawal.

Web logs and security records: maximum 12 months.

Cookies: per type (see the Cookies page). After the retention period, data is securely deleted or anonymised.

We do not share personal data with third parties except where necessary to operate the service or where required by law. The main processors we use: Supabase (database and authentication, eu-central-1 Frankfurt); Cloudflare and Vercel (application runtime, CDN, WAF, EU placement); Anthropic (Claude OCR and audit, EU endpoint, DPF); Mindee (OCR fallback, Paris); Resend (transactional e-mail, EU); Sentry (error monitoring, EU); Stripe (payment gateway).

Capila's professional advisors (lawyers, auditors) may receive data to the extent necessary. Public authorities to the extent and under conditions prescribed by law.

All processors are bound by Article 28 GDPR contracts. The current list, with role and location of each, is published in our Trust Centre and provided on request at info@capila.io.

We process personal data primarily within the European Economic Area. In some cases (Anthropic, Stripe, AI sub-processors) data may be transferred to a third country — primarily the USA. We protect such transfers using: Standard Contractual Clauses adopted by the European Commission under Article 46(2)(c) GDPR; or transfers to entities certified under the EU–US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795 of 10 July 2023).

Current certification status of individual providers is provided on request.

As a data subject you have the right under GDPR and Slovak Act No. 18/2018 Coll. to: access your personal data (Art. 15); rectification of incorrect or completion of incomplete data (Art. 16); erasure (‘right to be forgotten’, Art. 17); restriction of processing (Art. 18); data portability in a structured machine-readable format (Art. 20); object to processing based on legitimate interests or to direct marketing (Art. 21); withdraw consent where processing is based on consent; lodge a complaint with the supervisory authority (Slovak Data Protection Authority, Hraničná 12, 820 07 Bratislava 27, dataprotection.gov.sk).

Exercise your rights by e-mail at info@capila.io or in writing to the registered address. We respond within 30 days; for complex requests we may extend by two further months and will inform you. We may ask for additional information to verify your identity.

We have adopted appropriate technical and organisational measures: encryption in transit (HTTPS) and at rest, controlled system access, multi-factor authentication for admin accounts, Row Level Security at database level with tenant isolation on every record, quarterly secret rotation, annual external penetration test against OWASP Top 10, daily backups with 30-day retention and a monthly restore-to-staging drill, contractual confidentiality of the Capila team.

If a personal-data breach is likely to result in a high risk to your rights, we will notify you without undue delay in line with Article 34 GDPR.

We may update this document from time to time, in particular when legal requirements, the tools we use, or the scope of the service changes. For material changes we notify users in the application or by e-mail at least 30 days before they take effect. The current version is always available on this page with the effective date.