Privacy Policy

Short version: We collect your name and email when you sign up for our free checklist or buy a product. We use it to send you what you asked for. We don't sell your data or use advertising trackers. You can ask us to delete your data at any time.

1. Who we are

This website (cautra.io) is operated by Kapital International, a company registered in France, trading as Cautra Security / Cautra.

We are the data controller for any personal data collected through this website. For any privacy-related questions or requests, contact us at hello@cautra.io.

2. What data we collect

We only collect what we need. Here's what that looks like in practice:

When you sign up for our free checklist

Your first name and email address (entered into the form on the homepage)
The source of your sign-up (e.g. homepage form, exit popup) — used only to understand which offers are working

When you purchase a product

Your name, email address, and payment details — processed by Gumroad (our payment platform). We do not handle or store your payment card information directly.
Your purchase history (product bought, date, amount) — retained in our Gumroad account for tax and legal compliance.

When you contact us

Your name and email address, and the content of your message.

Technical / site data

Standard server logs (IP address, browser type, pages visited, time of visit) — collected automatically by our hosting provider, Netlify. These are retained for up to 30 days for security and performance monitoring and are not used for advertising.
No advertising pixels, no Facebook Pixel, no Google Analytics.

3. How we use your data

We use the data we collect to:

Deliver the free checklist or product you requested
Send you occasional email updates about AI governance topics and new products from Cautra (you can unsubscribe at any time — every email has an unsubscribe link)
Respond to enquiries you send us
Meet our legal obligations (tax records, fraud prevention)
Understand how people use our site so we can improve it

We will never sell, rent or trade your personal data to any third party for marketing purposes.

4. Legal basis for processing (GDPR)

Kapital International is a French entity. EU GDPR applies. We rely on the following legal bases:

Consent — when you submit the email form to receive our free checklist or newsletter. You can withdraw consent at any time by unsubscribing.
Contract — when you purchase a product, processing your data is necessary to fulfil that transaction.
Legitimate interests — for security logging and basic site analytics, where our interests in running a secure website do not override your rights.
Legal obligation — retaining transaction records as required by French tax law.

5. Third-party services

We use a small number of trusted third-party services to operate this site. Each one processes personal data only as necessary and under appropriate data protection agreements:

Beehiiv — email newsletter platform. Stores your name and email to send you the checklist and our newsletter. Beehiiv is based in the US and operates under Standard Contractual Clauses for EU/UK data transfers. Beehiiv Privacy Policy →
Gumroad — payment and product delivery platform. Processes your purchase information and sends download links. Gumroad Privacy Policy →
Tally — form builder (used for any contact forms on the site). Stores form submissions including your name and email. Tally Privacy Policy →
Netlify — website hosting. Processes your IP address and request data as part of serving the website. Netlify Privacy Policy →
Google Fonts — fonts loaded from Google's CDN when you visit this site. This may transmit your IP address to Google's servers. We load fonts from Google Fonts via a standard CDN request. Google Privacy Policy →
Claw Mart — if you purchase AI skills or tools from our Claw Mart store, your transaction is processed through their platform. Claw Mart Privacy Policy →

6. Cookies

This site uses minimal cookies. We do not use advertising cookies or tracking pixels.

Functional cookies — used to remember your preference about the exit-intent popup (so it doesn't show again within 72 hours). This is stored in your browser's localStorage and does not identify you personally.
Third-party cookies — Google Fonts may set a cookie if you are logged into a Google account. We have no control over this. You can block Google Fonts cookies in your browser settings.

We do not require cookie consent for the functional storage described above, as it does not involve tracking or profiling. If you have any concerns, you can clear your browser's local storage at any time.

7. How long we keep your data

Email subscribers — we retain your email for as long as you remain subscribed. You can unsubscribe at any time using the link in any email, or by emailing hello@cautra.io.
Purchase records — retained for 10 years to comply with French accounting and tax law (Article L123-22 of the French Commercial Code).
Contact enquiries — retained for up to 2 years, then deleted.
Server logs — retained by Netlify for up to 30 days.

8. Your rights

Under GDPR (and UK GDPR for UK residents), you have the following rights:

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct any inaccurate or incomplete data.

Erasure

Ask us to delete your personal data ("right to be forgotten").

Portability

Receive your data in a structured, machine-readable format.

Object

Object to processing based on legitimate interests (including direct marketing).

Withdraw consent

Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email hello@cautra.io. We will respond within 30 days. We may ask you to verify your identity before processing your request.

UK residents

UK GDPR applies to our processing of UK residents' data. You have the same rights as listed above. If you are unhappy with our response, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

EU residents

As a French company, Kapital International is supervised by the CNIL (Commission Nationale de l'Informatique et des Libertés). If you are not satisfied with our response, you may lodge a complaint with the CNIL or your local supervisory authority at cnil.fr.

9. International data transfers

Some of our third-party service providers (notably Beehiiv and Gumroad) are based in the United States. Where we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place — primarily through Standard Contractual Clauses (SCCs) approved by the European Commission, or through service providers that participate in recognised frameworks.

10. Children

Our products and services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at hello@cautra.io and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify active email subscribers. Continued use of this site after changes constitutes acceptance of the updated policy.

12. Contact us

For any privacy-related questions, data requests, or complaints, contact:

Email: hello@cautra.io
Entity: Kapital International (France)
Brand: Cautra Security / Cautra