Data Protection and Data Security
This is not a legal document. If you are looking for that, read our data protection guidelines here (only in German at the moment). We wrote this article to give you an insight into how we manage your data and to make our working principles with it transparent. The document is meant for you to personally decide if Capacities is a tool for you where you want to store your data.
Some of you save very personal information, like medical information or journals in Capacities, while others work with important data from their company.
We built Capacities to be the place for all our thoughts, ideas, plans, and knowledge. We are aware of our responsibility and live up to it as best as possible. Because of that, we designed our infrastructure to be secure and private by default.
Here we share our principles on how we live up to these values.
Capacities is a cloud-based service with some upcoming offline capabilities. To follow our vision and to provide the best service possible we are convinced that storing data on servers is crucial. It allows us to make Capacities work across devices, and in the future, it will enable you to exchange content with other users in a global network or within a team. On top, having access to service and compute infrastructure that goes beyond what you can do on a single computer is a huge advantage for developing algorithms to support your work.
Like with any cloud-based service, the disadvantage of it is that you need to trust a company. We are aware of your concerns with this, so we defined principles that ensure that our interests are aligned with yours. We as co-founders of Capacities are personally very data-sensitive and well informed on that topic, we see these principles not as a necessary burden but as core values of our philosophy.
Let us explain them to you. But first, we need to define the involved entities to make sure there are no misunderstandings in the following. When it comes to data and data access we have the following agents:
- You (the person who creates and owns your data)
- Other users (people who also use Capacities who are not you)
- Us (the team of Capacities)
- Capacities (our servers, algorithms, so no humans)
- Third parties (external services, attackers, …)
Principle 1: Transparency
Principle 2: Data access and safety
We strictly protect all your data against any access from third parties. This is very crucial, not even our cloud provider can access your data. Only you, us, and Capacities could have access to your data. In reality, not even us, but only you and Capacities have access to your data (see Principle 6).
About the technicalities:
- All your data is stored on encrypted disks. Only Capacities can decrypt that data and will serve it to you over an secure and encrypted TLS channel.
- All your content is stored in our databases which save to encrypted disks, all your media files are stored on encrypted disks as well. If we serve a file to you we will generate a secret signed URL to that file location and send it to you over an encrypted TLS channel. This URL contains a long access token which is impossible to guess in the lifetime of our universe. This URL will be used to download that file. This links expires after 12 hours and as long as you don't share it anybody will get access to that file.
- On top, we create daily backups of your data onto multiple encrypted long-term storage disks in different location in Europe to avoid data losses. All backup and restore mechanisms are regularly tested. And by the way, this makes your data even safer than on your hard drive where you always have the risk of it being damaged.
Principle 3: Data ownership
Although the data is stored on Capacities’ servers, we do not claim any ownership of it. We do not use your data for any other purpose than providing a service to you (see principle 4).
Owning your data means that you always have access to it. Having access does not only mean that you can see, use and create it but that you can also at any point export it into commonly used formats. To read more about this read about exports and backups (TODO link).
Principle 4: Privacy by design and by default
Capacities is GDPR compliant. The General Data Protection Regulations are among the highest data protection laws in the world. They are the foundation for data rights for all citizens in the European Union. At Capacities, we give these rights not only to them but to all of our users globally.
These regulations are based on well-reasoned principles that we think are fundamental for a society of free and self-determined human beings in a digital world. It’s really hard to comply with these regulations and as a company, we lose a lot of insight that we otherwise could simply use to create a better product, but we are convinced that this is fundamentally important, and we would like to see any tool that in any way processes information to be GDPR compliant.
A central aspect of the GDPR are regulations on processing personal identifiable information (PII), which is data that can or even could be mapped back to a user. The opposite is fully anonymized data, where it’s impossible to determine its creator.
PII should only be created and stored if it is required for the service provided and only as long as it is required (Principle of Data Minimization). If PII is used for other purposes the user needs to actively agree to that.
At Capacities, we decided to not share any tracking PII with other service providers. For example, we only do the following analytics:
- To get information about our landing page performance we self-host a tool that only stores fully anonymized data. We do not use any tracking software by big tech.
- For error tracking purposes we only log and save technical information that has no relationship to any user information. We can see if and when technical errors are happening but don't know where and by whom it was created nor do we see any data that was used when these errors where created.
- All usage statistics are fully anonymized. We for example see "a registration happened" but never “where” and “who” created it, nor do we see anything of the content.
Other than that, you need to consent before Capacities can share any of your information. This only happens in the following two places:
- If you want to participate on our feedback board, you have to consent to share your email address and your name with the service provider.
- Your email address will be shared with our email marketing tool if you consent to receive our newsletter.
Principle 4: We don’t earn money with your data
The only reason Capacities collects and reads your data is to provide services to you. Our business model is fully transparent. We only earn money by providing a paid version with an extended feature set to the free version (more under Pricing). We will never use any of your data for advertisement or any other purposes nor will we ever sell your data for any money.
Principle 5: Nobody has access to your data, in practice, not even us.
Your personal data can only be accessed by Capacities through a verified account with your login credential. We created a very strict and secure policy and permission system that is regularly tested. The only exception for extended access rights is if you in the app decide to share your content. But even then it will onley be accessible to users you share that content with.
Like with any cloud based service you use, in theory, we at Capacities could access, read and manipulate your data because it is stored on our servers. A few words about why this should not be a concern to you: First of all, as outlined above we do not by any means have any interest to get access to that data, our business model is based on providing a service to you. We would only destroy your trust which would only harm us.
To ensure that reading our data cannot even happen by accident, we put a few mechanisms in place. Our production environment is completely isolated from our development so in everyday work we don't even get close to any of your data. The only way that this environment can be accessed is with a password-protected, locally stored secret key from only one specific computer. And even if we accessed that environment all services would be containerized and they would only communicate with each other. It would require an infrastructure change and quite some technical effort and knowledge to get direct access to any of your data. These measure and barriers were created by us intentionally to protect your data from any violation. They make our work more difficult but your data more secure.
Some final personal words from us as founders
Data protection and security are complex but very important topics. And we advise you to care about it for any service you use. We hope that this document helps you to have an informed decision on whether you want to use Capacities. You are storing data on our servers, we are aware of that responsibility and we promise to never violate our principles. What's life worth if you don’t even live up to your own personal principles? We are building Capacities because we have a vision and a dream. We don't want to destroy this dream for no reason. Our incentives are in line with yours and we hope this works for you.
🤔 Do you find this explanation unclear or feel like something is missing in the docs?
With your help we can make the docs better for everyone. So just let us know, and we’ll improve it ASAP!