Privacy

What we collect. And what we don't.

No ads, no resale, no model training on your demos. CaptureBeam is paid SaaS — your subscription is how we make money.

What we collect

Account: email, name, hashed password (if you sign up with email/password) or Google profile (if you sign in with Google).
Stripe linkage: a Stripe customer ID. Card data is held by Stripe, never by us.
Demo content: the YAML scripts you author, the URLs you point demos at, the rendered MP4s, and the raw capture artifacts (events.json, anchor screenshots) for the lifetime of the render job.
Render-job metadata: timestamps, durations, status, error messages, optionally the source API key.
Trial demos: the URL you submitted, the IP address that submitted it, and the resulting MP4. IP is used only for the per-IP daily quota and is retained for 30 days.
Browser session storage-state: only if you explicitly upload one for a project that needs login. Encrypted at rest with AES-256-GCM.
API key plaintext is shown once at creation and never stored. We keep an SHA-256 hash for verification.

We don't sell, rent, or share customer data with third parties for advertising or marketing.
We don't run analytics on your demo content. The renderer reads the YAML to produce a video; we don't index it for any other purpose.
We don't track you across sites. There are no third-party trackers on the marketing site.
We don't use your demo content to train machine-learning models.

Stripe (payments + subscription management). Stripe handles billing data per their own privacy policy.
Google (OAuth sign-in, when you choose it). Google handles your authentication and returns a verified email + profile.
Anthropic (only on the marketing-site free trial endpoint). When you paste a URL into the trial form, we send the URL and a list of probed interactive elements to Anthropic to draft a demo script. We never send you, your account data, or paid-account demo content to Anthropic.
Storage provider (S3, Cloudflare R2, Backblaze B2, or MinIO depending on deploy config). Stores rendered MP4s with presigned URLs (24h TTL by default).
Postgres host (Neon, Supabase, RDS, or self-hosted). Holds account, project, render-job, and subscription rows.

Render artifacts: 90 days by default (configurable per account). Then automatically deleted from storage and from the renderJob row's videoUrl.
Trial demos: 30 days, then the row is deleted along with its IP address.
Account: held until you delete it. Deletion wipes projects, renders, API keys, sessions, and the customer record within 30 days.
Postgres backups: rolling 30-day window, encrypted.
Storage backups: handled by the underlying object-store provider per their own retention policy.

Access: request an export of your account data via [email protected].
Correction: edit your name and email from the dashboard.
Deletion: delete your account from /dashboard/billing, or email [email protected] — fulfilled within 30 days.
Portability: every demo is a YAML file you author and own. Download from the editor any time.
Restriction: pause your subscription at any time from the customer portal — your data is retained per the schedule above.

Cloud product runs in a single region by default (US-East). Multi-region available on request.
We're GDPR-aware but don't have SOC 2 or ISO 27001 paper today.
If you have a specific data-residency or compliance requirement, email us.

Session cookie (better-auth, HTTPS-only, SameSite=Lax) — required for sign-in. Without it the dashboard can't identify you.
Stripe payment elements set their own cookies during checkout. Stripe handles those per their own policy.
No third-party advertising cookies. No marketing-pixel cookies.

CaptureBeam is a B2B product for engineering teams. We don't knowingly collect data from anyone under 16.

Material changes are announced via the dashboard banner and via email to active subscribers at least 14 days before they take effect.
Last updated: 2026-04-29.

Email us — we read every message and respond within 1 business day.