Privacy Policy

Last updated: May 2026

Capiu is a free, ad-free memory-training project. This policy covers both the public site at capiu.org and the signed-in app at app.capiu.org. We collect as little data as possible and store nothing we don't need.

Public site — capiu.org

The static landing page, the blog, and the read-only Major System and focus-timer tools at capiu.org/major / capiu.org/focus run entirely in your browser. No account, no cookies set by us, no personal data leaves your device.

We use Cloudflare Web Analytics to see which pages are visited. It is cookie-free, does not track you across sites, and is designed to be privacy-first — Cloudflare aggregates page-load events at the edge without building per-visitor profiles.

The site is served by Cloudflare Pages. Cloudflare may log your IP address for security and abuse-prevention purposes. See Cloudflare's privacy policy.

Signed-in app — app.capiu.org

The app at app.capiu.org requires sign-in. The sections below explain what we collect when you create an account and use the app's features.

What we collect

• Email address — required for sign-in via one-time code, or read from your OAuth provider (Google / GitHub) if you choose that sign-in method.
• OAuth profile basics — if you sign in with Google or GitHub, we receive your provider-side display name and profile-picture URL. Nothing else from the provider.
• Your curation activity — entity suggestions you submit, number subscriptions you create, and the Major System picks you save are stored in our database so they sync across devices and feed the public catalog. These values are stored in plain form (not end-to-end encrypted), which means that we, and anyone with administrative access to the database, can technically read them. For this reason our terms of service ask you not to store active secrets — bank PINs, passwords, 2FA backup codes — in Capiu.
• Pseudonymized error reports — when something goes wrong in the app, we send the stack trace, browser type, and your internal user ID (a random UUID, never your email) to Sentry so we can fix it. We have disabled IP capture and session replay.

What we do not collect

• Your memory palaces and pegs. The rooms, loci, images, and associations you build live in your browser's IndexedDB and never reach our servers. If you sign out, sign in on another device, or clear your browser data, that information is gone — we cannot recover it because we never see it.
• No passwords. We never store passwords; sign-in is via a one-time email code or your existing Google / GitHub account.
• No ads, no tracking pixels, no third-party analytics beyond the cookie-free Cloudflare Web Analytics described above.

Who processes your data

• Supabase — hosts our database and authentication. Our project is hosted in the EU. Supabase logs may temporarily contain your IP address for security purposes.
• Cloudflare — serves the app and provides the Turnstile captcha that protects sign-in from bots. Turnstile is privacy-preserving and does not use third-party cookies.
• Sentry — receives the pseudonymized error reports described above. Our Sentry project is hosted in the EU.
• Google / GitHub — only when you actively click the "Sign in with Google" or "Sign in with GitHub" button. The OAuth flow redirects you to the provider, which sends us a token and your basic profile information after you approve.

Cookies and local storage

The signed-in app stores a Supabase session token in your browser's local storage so you don't have to sign in on every visit. It also stores your palaces, pegs, and TanStack Query cache in IndexedDB (strictly on your device). These are technically necessary for the app to work and do not require a consent banner under GDPR. We do not set any third-party cookies and we do not run advertising cookies.

Legal basis

Processing your email and sign-in data: contract performance (Art. 6 (1) (b) GDPR) — necessary to provide the account. Pseudonymized error reports and security/abuse prevention: legitimate interest (Art. 6 (1) (f) GDPR) — running a stable, abuse-free service. Cookie-free analytics on the public site: legitimate interest.

Retention

Your account data is kept until you delete your account from the in-app settings page (which hard-deletes the row and cascades all your catalog activity). Sentry error reports are kept for 90 days by default. Server logs are kept for 14 days.

Your rights

Under GDPR you have the right to access, correct, export, and delete your data. The in-app Delete account button immediately removes all account data from our primary database. Sentry error reports and server logs that contain only your random user ID then expire on the retention schedule above (90 / 14 days). For access or export requests, email [email protected] — we will reply within the 30-day deadline set by GDPR Art. 12 (3). You also have the right to lodge a complaint with your national data-protection authority.

Changes to this policy

We may update this policy as the app evolves. The date at the top is always the most recent change. Material changes will be announced inside the app.

Contact

Questions or requests: [email protected]. See also our imprint.