Privacy policy.

This Privacy Policy describes how Capzy.ai ("Capzy", "we", "us", or "our") collects, uses, and protects information when you use our CAPTCHA-solving API, website, and browser extension (collectively, the "Service").

By using the Service, you agree to the practices described below. We are committed to data minimization — we collect what we need to operate the Service, charge for it, and improve it, and nothing more.

We collect the minimum amount of data required to operate the Service. The categories we collect are:

Account information. When you register, we store your email address, a hashed password, and your API key. If you add funds, our payment processor (Stripe) handles your payment details; we do not receive or store card numbers.

Authentication credentials. Your Capzy API key is the credential you use to authenticate to our Service. The browser extension stores this key locally on your device using chrome.storage.local and sends it to our servers only to authorize solve requests.

Website content. When you request a solve, the Service receives the CAPTCHA's sitekey, challenge images, widget parameters, and relevant portions of the page DOM so the solver can process the challenge.

Web history. We receive the origin (hostname) of the page where a CAPTCHA was detected so the solver can reproduce the challenge. We do not collect the full URL, path, or query string of pages you visit, and we do not track browsing activity on pages where no CAPTCHA is present.

Location. Our servers automatically log the IP address of incoming API requests for abuse prevention, rate limiting, and security. We do not use GPS, device location APIs, or any form of precise geolocation.

Technical fingerprint. For anti-bot providers that verify browser identity, the extension collects a lightweight browser fingerprint (user agent, screen dimensions, timezone, language, WebGL vendor) so the solver's remote browser can match your environment. This information is ephemeral and is not linked to your account.

Anti-bot session cookies. For specific providers (Cloudflare, DataDome, AWS WAF, PerimeterX, Kasada, Imperva, Akamai), the extension forwards only allow-listed challenge cookies (e.g. cf_clearance, datadome) to the solver so it can complete the challenge. Login session cookies, analytics cookies, and any other cookies are never collected, transmitted, or stored.

We use the information described above only to: Operate the CAPTCHA-solving Service and return solved tokens to you. Authenticate your account and bill your balance. Prevent fraud, abuse, and violations of our Terms of Service. Maintain aggregated service health metrics (solve success rate, latency). Comply with legal obligations.

We do not use your data to build advertising profiles, train models unrelated to the Service, or determine creditworthiness.

We do not sell, rent, or trade user data. We share data only with the service providers required to operate Capzy: our hosting provider, our payment processor (Stripe) for transactions, and email delivery providers for account-related mail.

These providers are contractually bound to use data only to provide services to us. We may disclose information when legally required by a valid court order or to protect the rights, property, or safety of Capzy, our users, or the public.

Account data: kept for the lifetime of your account. Deleted on request.

Solve request content (sitekey, challenge data, cookies, fingerprints): discarded immediately after the solve completes. Not stored long-term.

Solve metadata (captcha type, timestamp, success/failure, amount charged): kept for 90 days for billing and support.

IP logs: retained for 30 days for abuse prevention.

The Capzy browser extension is designed for data minimization. It only activates on pages where a CAPTCHA widget is detected. On pages without a CAPTCHA, the extension does nothing — no data is read, collected, or transmitted.

The extension contains no analytics, telemetry, or third-party trackers, and executes no remote code. All JavaScript bundled in the extension is open to inspection in the Chrome Web Store package.

Depending on your jurisdiction (GDPR, CCPA, and similar regulations), you may have the right to: Access the data we hold about you. Request correction of inaccurate data. Request deletion of your account and associated data. Export your account data in a portable format. Object to or restrict certain processing.

To exercise any of these rights, contact us at privacy@capzy.ai. We respond within 30 days.

We use HTTPS for all API traffic, hash passwords with industry standard algorithms, and apply least-privilege access controls to production systems.

No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us information, contact us and we will delete it.

We may update this Privacy Policy as the Service evolves. When we make material changes, we will update the "Last updated" date at the top of this page and notify account holders by email.

Continued use of the Service after an update constitutes acceptance of the revised policy.

Questions about this Privacy Policy or our data practices can be directed to privacy@capzy.ai.