Privacy

Privacy Policy

Effective 29 May 2026

The short version

capyhive (“we”, “us”) is a small, independent project run by a solo developer. We collect the minimum we need to let you sign in, host uploaded apps, remember player progress, and understand how the product is used. We do not sell your data and we do not run advertising trackers.

This page explains what we collect, why, who processes it on our behalf, and how to ask us to delete it.

What we collect

  • Account info. When you sign in we receive your email, a unique account identifier, and (if you used a social login) your name and avatar from the provider you chose. You may also add a username, display name, bio, and avatar yourself.
  • Content you create. Apps you upload, posts you publish, comments you write, upvotes you place, and any images or files you submit.
  • Player progress. If you play an app hosted on capyhive, the app may store progress (e.g. save files, settings) that we keep on your account so it follows you across devices.
  • Technical data. Standard server logs (IP address, user agent, timestamps, requested paths) and a long-lived opaque cookie (__cap_session) we use only to deduplicate view counts. We also collect product analytics such as page views, browser and device details, referring pages, and basic interaction events. We avoid sending content bodies, uploaded filenames, API token labels, or raw error messages to analytics.
  • Communications. If you email us, we keep the message so we can reply and reference it later.

How we use it

  • Operate the service — host apps, authenticate users, sync saves.
  • Display attribution — your username, display name, avatar, and content are visible to other users on the site.
  • Prevent abuse — detect spam, fraud, and misuse of the platform.
  • Improve the product — understand which features get used so we know what to build next.
  • Comply with the law and enforce our Terms of Service.

Who processes it for us

We rely on a small number of trusted infrastructure providers (“sub-processors”) to run the platform. They process data on our behalf under their own privacy commitments:

  • Clerk — authentication and user accounts.
  • Vercel — hosting, edge network, file storage (Vercel Blob).
  • Neon — managed Postgres database.
  • Stripe — payment processing (only if and when payments are involved).
  • PostHog — product analytics and usage measurement.

We do not sell personal data and we do not share it with advertisers.

Cookies and similar technologies

We use a small number of cookies and similar browser storage:

  • Authentication cookies from Clerk so you stay signed in.
  • __cap_session — an opaque random identifier used solely to deduplicate view counts. It is not linked to your identity.
  • Cookies your browser or our hosting provider set for security and fraud prevention.
  • PostHog analytics cookies and browser storage so we can measure page views, product usage, and signed-in account activity.

We do not use cookies for advertising or cross-site tracking.

How long we keep it

We keep account and content data for as long as your account is active. If you delete your account, we delete your profile, your apps, your posts, your comments, and your saved progress. Server logs are retained for a short rolling window for operational and security reasons (typically up to 30 days). Some records may be kept longer where the law requires.

Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (most of this is editable in your account settings).
  • Delete your account and the data tied to it.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.

To exercise any of these, email hello@capyhive.com. We aim to respond within 30 days.

Children

capyhive is not directed at children under 13 and we do not knowingly collect personal data from anyone under 13. If you believe a child has given us personal data, email us and we will delete it.

International transfers

Our sub-processors operate globally, which means your data may be transferred to and processed in countries other than your own, including the United States. Where required, we rely on the standard contractual protections offered by those providers.

Security

We use industry-standard practices (encryption in transit, hashed credentials handled by Clerk, scoped access tokens, principle-of-least- privilege database access). No system is perfectly secure; you use the service at your own risk.

Changes to this policy

We may update this policy as the product evolves. If we make material changes we will update the effective date at the top of this page and, where appropriate, notify you by email or in-app notice. Your continued use of capyhive after a change means you accept the updated policy.

Contact

Questions, requests, or concerns? Email hello@capyhive.com.