CapacitorHome

Privacy Policy

Last updated: February 2026

1. Introduction

T8 Labs Ltd ("Company", "we", "us") operates the Capacitor platform ("Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

T8 Labs Ltd is the data controller for the personal data processed through the Service. You can contact us at hello@capacitor.live for any privacy-related queries.

3. Data We Collect

Account Information

  • Email address (used for authentication and communication)
  • Organisation name
  • Password (hashed and stored by Firebase Authentication — we never store plaintext passwords)
  • Date and time of account creation
  • Terms acceptance timestamp

Billing Information

  • Stripe customer ID and subscription details
  • Payment method information is processed and stored by Stripe — we do not store card numbers, CVVs, or bank details

Usage Data

  • API call counts and timestamps
  • Charger connection metadata (charge box IDs, connector statuses, OCPP messages)
  • Transaction records (start/stop times, energy consumed, meter values)
  • Webhook delivery logs

Technical Data

  • IP addresses (from API requests and WebSocket connections)
  • API key prefixes (for identification — full keys are hashed)
  • Server logs for debugging and security

4. How We Use Your Data

We process your data for the following purposes:

  • Service delivery: To provide, operate, and maintain the Service, including OCPP message relay, charger management, and transaction processing.
  • Authentication and security: To verify your identity, protect your account, and prevent fraud or abuse.
  • Billing: To process payments, manage subscriptions, and send billing-related communications.
  • Communication: To send service-related emails including welcome messages, verification emails, billing notifications, and important service updates.
  • Service improvement: To analyse usage patterns, diagnose technical issues, and improve the Service.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR):

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you have signed up for.
  • Legitimate interests (Art. 6(1)(f)): Service security, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c)): Compliance with tax, accounting, and other regulatory requirements.
  • Consent (Art. 6(1)(a)): Where specifically required, such as for optional marketing communications.

6. Third-Party Services

We use the following third-party services to operate the platform:

  • Firebase (Google): Authentication and database. Data is processed in accordance with Google's Privacy Policy.
  • Stripe: Payment processing. Payment data is handled in accordance with Stripe's Privacy Policy.
  • Resend: Transactional email delivery.
  • Amazon Web Services (AWS): Server hosting and infrastructure.

We do not sell, rent, or trade your personal data to any third party.

7. Data Retention

We retain your data for the following periods:

  • Account data: For the duration of your account, plus 30 days after deletion to allow for recovery.
  • Transaction and usage data: For 12 months after creation, or longer if required for billing disputes or legal obligations.
  • Server logs: For up to 90 days.
  • Billing records: For 7 years as required by UK tax regulations.

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data (subject to legal retention requirements).
  • Restriction: Request that we limit how we use your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@capacitor.live. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • API keys stored as SHA-256 hashes (never in plaintext)
  • Firebase Authentication for secure user management
  • Role-based access controls and tenant isolation
  • Regular security reviews and monitoring

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

10. Cookies and Local Storage

The Service uses cookies and browser local storage for essential functionality:

  • Session cookie: Maintains your authenticated session while using the portal.
  • API key cookie: Stores your API key locally for convenience (encrypted in transit).

These are strictly necessary cookies for the operation of the Service. We do not use analytics, advertising, or tracking cookies.

11. International Transfers

Your data may be processed in countries outside the UK where our third-party service providers operate (primarily the United States for Firebase, Stripe, and AWS). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

12. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.

15. Contact

For any questions about this Privacy Policy or our data practices, contact us at hello@capacitor.live.