Privacy Policy

Last Updated:

1. Introduction

Recap Technologies Limited ("we", "us", or "our") operates the Recap website (https://recap.io) and the Recap App (https://app.recap.io) (collectively, the "Service"). This Privacy Policy outlines how we collect, use, and share information when you use our Service, and explains your rights regarding your personal data under UK GDPR, EU GDPR, California Consumer Privacy Act (CCPA/CPRA), and other applicable laws, including CalOPPA.

Recap Technologies Limited is registered with the UK Information Commissioner’s Office (ICO), demonstrating our commitment to safeguarding your data.

  • Organisation Name: Recap Technologies Limited
  • ICO Registration Reference: ZB735084

Our Data Protection Officer (DPO) is Daniel Howitt, who is responsible for overseeing questions related to this Privacy Policy. You can contact Daniel at dataprotection@recap.io for any privacy-related inquiries or concerns. Signed DPA's can be requested here.

By using the Service, you consent to the collection and use of your information in accordance with this policy.

2. Definitions

  • Service: Refers to the Recap website and App.
  • Personal Data: Any information relating to an identified or identifiable individual. This includes, but is not limited to, an email address and usage data.
  • Usage Data: Information collected automatically, including your IP address, browser details, and the duration of your visits.
  • Cookies: Small files stored on your device used to track activities on our Service.
  • Data Controller: Recap Technologies Limited is responsible for determining how and why your personal data is processed.
  • Data Processor: Third-party service providers we use to process personal data on our behalf.
  • You: The individual accessing or using the Service.

3. Information Collection and Use

3.1 Personal Information

When you create an account with Recap, the only required personal information is your email address. We do not require your name or other personal identifiers unless you choose to provide them. You can access and use the Service with just your email.

If you use Recap to share data with an accountant or other professional services, you may be asked to provide your first and last name for identification purposes. You are, however, free to use an alias or pseudonym in place of your real name.

We collect this personal information for the following purposes:

  • Email Address: Used for account creation, authentication, and communication regarding your use of the Service.
  • First and Last Name (or Alias): Used only when sharing data with third parties (e.g., accountants), and you can use an alias instead of your real name.
  • Crypto Wallet Addresses: We collect crypto wallet addresses to retrieve transaction and bookkeeping data from blockchain indexing services. Crypto wallet addresses may be considered personally identifiable information (PII) depending on their usage and context, as they can sometimes be linked to individuals. We may share this information with third-party services to facilitate transaction retrieval and other blockchain-related activities.

3.2 Usage Data

We automatically collect Usage Data when you interact with our Service. This includes data such as your device’s IP address, browser type, operating system, pages visited, and time spent on each page.

4. Legal Basis for Processing Personal Data

4.1 Under UK GDPR and EU GDPR

We process personal data based on the following legal grounds:

  • Consent: You have provided clear consent for us to process your data.
  • Performance of a contract: Processing is necessary to fulfil our obligations under a contract with you.
  • Legal obligation: Processing is necessary to comply with legal obligations.
  • Legitimate interests: Processing is necessary for our legitimate interests (such as improving the Service) unless these interests are overridden by your rights.

4.2 Under CCPA/CPRA (for California Residents)

For California residents, under the CCPA/CPRA, you have the following rights:

  • Right to know what personal data is being collected, its purposes, and any third parties with whom it is shared.
  • Right to request deletion of your personal data.
  • Right to opt out of the sale of your personal data.
  • Right to non-discrimination for exercising your privacy rights.

5. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our Service.
  • To notify you of any changes to the Service.
  • To provide customer support via Intercom or email.
  • To monitor the performance of the Service and identify areas for improvement.
  • To send transactional emails through Postmark regarding your account activity and usage of the Service.
  • To send product-related emails through Intercom.
  • To analyse website traffic using anonymous analytics tools Fathom and Vercel Analytics.
  • With explicit consent, collect and analyse user interaction data for improving the functionality and user experience of the service with PostHog
  • To track errors and improve the stability of the Service using Sentry.
  • To prevent fraud during payment processing via Invisible reCAPTCHA and monitor suspicious activities across our services.
  • To comply with legal obligations.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this Privacy Policy, or to comply with legal obligations.

  • Personal Data: Retained for the duration of your use of the Service or until you request deletion, subject to retention requirements for legal or financial purposes.
  • Usage Data: Retained for a shorter period unless required for security or legal reasons.
  • Crypto Wallet Addresses: Retained until no longer needed for transaction processing or legal requirements. Upon account closure, wallet addresses will be deleted or anonymised within a reasonable period unless legally required to retain them longer.

9. Your Rights

Under UK GDPR, EU GDPR, and CCPA/CPRA, you have several rights regarding your personal data, including:

  • The right to access your data.
  • The right to rectify any inaccuracies in your data.
  • The right to delete your data ("right to be forgotten").
  • The right to restrict processing of your data.
  • The right to data portability, allowing you to receive your data in a structured, machine-readable format.
  • The right to object to the processing of your data for certain purposes, such as direct marketing or profiling.
  • The right to withdraw consent at any time, where applicable.

You also have the right to know:

  • What personal data is being collected.
  • How it is being used.
  • With whom it is shared (including third-party services).

To exercise any of these rights, contact us at dataprotection@recap.io or reach out directly to our Data Protection Officer (DPO), Daniel Howitt, at dataprotection@recap.io.

10. Cookies

Our Service uses cookies and similar tracking technologies to track activity and improve user experience. For more detailed information on how we use cookies and how you can manage your cookie preferences, please visit our Cookie Policy at: https://recap.io/legal/cookies

11. Third-Party Services

We use several third-party services to help deliver our Service effectively. These third-party processors handle personal data (including emails, names, payment details, and crypto wallet addresses) under strict privacy and security measures. Here’s how we share data with these third-party providers:

  1. Auth0 – Authentication and user management. User emails, names, and login details are stored on their EU infrastructure. For more details, see their Privacy Policy: https://auth0.com/privacy.
  2. Chargebee – Billing management. Prior to subscription payments, Chargebee stores user emails and names, and payment details are also stored upon subscription. For more details, see their Privacy Policy: https://www.chargebee.com/privacy.
  3. Intercom – Customer communication and support. User emails and names are stored on their infrastructure. For more details, see their Privacy Policy: https://www.intercom.com/legal/privacy.
  4. Sentry – Error reporting. User emails and error details are stored on their infrastructure when an issue occurs. For more details, see their Privacy Policy: https://sentry.io/privacy/.
  5. Postmark – Email delivery. User emails are stored on their infrastructure to facilitate transactional email delivery. For more details, see their Privacy Policy: https://postmarkapp.com/privacy-policy.
  6. Upshot - NFT metadata and AI appraisals. User wallet addresses are used to retrieve NFT valuations and metadata automatically. For more details, see their Privacy Policy https://cdn.prod.website-files.com/6620045dbbb8ce99a01940ac/6627b01ea6630ca4ee9bbede_privacy.pdf
  7. Moralis Web3 Technology AB – Blockchain address indexing. User wallet addresses are used to automatically retrieve transaction activity commensurate with bookkeeping duties. For more details, see their Privacy Policy: https://moralis.io/privacy-policy/
  8. QuickNode – Blockchain transactional data. User wallet addresses are used to automatically retrieve transactions and blockchain metadata. For more detals, see their Privacy Policy: https://www.quicknode.com/privacy
  9. EtherScan – Blockchain address indexing. User wallet addresses are used to automatically retrieve on-chain transaction activity. For more details, see their Privacy Policy: https://etherscan.io/.
  10. Stripe – Payment processing. Upon payment, Stripe stores user emails, names, and payment details to facilitate secure transactions. For more details, see their Privacy Policy: https://stripe.com/en-gb/privacy-center/legal.
  11. PayPal – Payment processing. Upon payment, PayPal stores user emails, names, and payment details for transaction purposes. For more details, see their Privacy Policy: https://www.paypal.com/uk/webapps/mpp/paypal-and-your-data.
  12. Office365 – Company email service. Upon direct contact with a user (via customer support or email communication), Office365 will store user emails. For more details, see their GDPR Overview: https://www.microsoft.com/en-gb/trust-center/privacy/gdpr-overview.
  13. PostHog – Product analytics and user behaviour tracking. Only enabled with explicit cookie consent. User interaction data, including user emails and usage patterns, are stored on their EU infrastructure. For more details, see their Privacy Policy: https://posthog.com/privacy.

These third parties have access to your personal data solely for the purpose of performing these tasks and are required not to use or disclose it for any other purpose.

12. Children’s Privacy

Our Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe that your child has provided us with personal data, please contact us at dataprotection@recap.io so we can delete it.

12. Children’s Privacy

Our Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe that your child has provided us with personal data, please contact us at dataprotection@recap.io so we can delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any changes by posting the updated policy on this page and, where required, by sending an email notification.

14. Contact Us

If you have any questions or concerns about this Privacy Policy, your personal data, or how we process it, please contact us:

  • Email: dataprotection@recap.io
  • Data Protection Officer: Daniel Howitt
  • DPO Contact: data-protection@recap.io
  • Address: 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ.
  • ICO Registration Reference: ZB735084
  • Requests for Signed DPA's can be made here.