Privacy policy · Last updated 28 May 2026
This page explains what personal data we collect when you visit
capacitor.kurrent.io or request preview access, why we collect
it, where it lives, and how to get rid of it. We have tried to write
this in plain English first and lawyer second.
Kurrent, Inc. operates Capacitor and is the data controller for the purposes of GDPR and equivalent laws. Contact for anything in this policy, including subject access and deletion requests: privacy@kurrent.io.
When you submit the access-request form, you give us:
Legal basis: our legitimate interest in evaluating preview applicants, and (once we reply) the steps taken at your request before entering into a contract.
Where it goes: the form posts to a Cloudflare Worker we run on this domain. Submissions are stored in a Cloudflare D1 database in the EU region, used only by the Capacitor team to triage access requests. The data is not synced to any CRM, marketing tool, or third party. Cloudflare’s privacy policy applies to its infrastructure role.
Retention: if we don’t move forward with your request, we delete the entry. If we do, the entry is kept for the duration of our working relationship and removed afterwards on request.
If you click Accept on the cookie banner, we load PostHog, which records page URL, referrer, viewport, browser, OS, and a coarse country/region inferred from your IP (the raw IP is discarded at ingest). PostHog assigns an anonymous identifier so repeat visits can be told apart from new ones.
Submitting the access-request form fires a single
access_request_submitted event with no properties —
no email, no organization, no identifiers.
Legal basis: your consent. You can withdraw it any time from the cookie policy page.
Where it goes: PostHog’s EU ingest
(eu.i.posthog.com) and EU-hosted storage. We don’t
enable session replay, heatmaps, autocapture, or any third-party
advertising integrations.
Retention: PostHog’s default retention applies (currently seven years for events). We do not query analytics data that is older than is useful for product decisions.
Independent of the cookie banner, our signup Worker sends a small number of operational events to PostHog (EU) for pipeline reliability — for example, when an email fails to send or when a submission is rejected by Turnstile.
What is sent: event name, processing stage, error code, HTTP status, coarse country (ISO two-letter), a generated request ID, and a timestamp. What is not sent: your email address, your IP, any identifier derived from your IP, your user agent, your GitHub organization name, or any other personally identifiable information.
Legal basis: legitimate interest under GDPR Art. 6(1)(f) — operating the signup form reliably. Because no personal data is sent, this telemetry is not consent-gated.
The site runs on Cloudflare Workers. Cloudflare receives standard HTTP request metadata (IP, user agent, requested URL, timestamps) to serve and protect the site. We don’t use Cloudflare Analytics; the request logs are processed by Cloudflare on our behalf under their data-processing terms.
Legal basis: legitimate interest in operating and protecting the website.
We use the following sub-processors. We do not sell personal data, and we do not share it for advertising.
Kurrent, Inc. is based in the United States. PostHog analytics data and signup-form submissions in Cloudflare D1 stay in the EU. Cloudflare operates a global network and may route requests through nodes outside your country.
If your data is covered by GDPR or UK GDPR, you have the right to:
To exercise any of these, email privacy@kurrent.io. We aim to respond within 30 days.
If we change this policy in a way that affects you, we will update the “last updated” date at the top and, where the change is material, give visible notice on the site.