Capantra
Back to site
Trust CenterPrivacyAU · UK · US
Request a briefing/demo

Privacy, data handling and transparency

This page summarises Capantra’s privacy posture in a procurement-friendly format. It describes how data is handled, minimised, retained, and how data subject requests (DSRs) are supported, with jurisdiction notes for AU, UK and US.

Note: This material is informational and non-exhaustive. Privacy obligations depend on product, customer configuration, data sources, and applicable law. For contractual documents and DPIA/PIA support, contact Capantra.

Data handling overview

Capantra products are designed to support customer engagement workflows. Personal information (if any) is handled according to documented governance principles: transparency, minimisation, access control, and purpose limitation. Exact data flows vary by product and customer usage.

Typical data categories (depends on use)
  • Account and user administration data (e.g., user identifiers, role metadata).
  • Operational interaction metadata (e.g., activity logs, workflow events).
  • Customer-provided contact records and campaign data (where customers upload/provide).
  • Support communications and service management records (as applicable).
Data roles (high level)
  • Capantra may act as a service provider/processor for customer-provided data depending on contract.
  • Customers typically control the purposes and means of processing for their campaign/contact data.
  • Capantra applies platform controls and governance measures aligned to the agreed service scope.

Data minimisation and purpose limitation

Capantra aims to collect and process only what is necessary for platform functionality, security, billing, and support. Product configuration is designed to support minimisation by default and discourage unnecessary collection.

Minimisation controls
  • Support for role-based access and restricted visibility by function.
  • Configuration options intended to reduce exposure of sensitive fields.
  • Separation between administrative metadata and customer-provided operational records.
  • Encouraging customers to only upload or use data they are authorised to process.
Purpose limitation
  • Data is used to deliver the service, maintain security, and provide support.
  • Additional uses (if applicable) should be governed by contract and transparency requirements.
  • Customers remain responsible for lawful basis/consent requirements for their outbound programs.

Retention and deletion

Retention is guided by operational needs, legal obligations, and contractual terms. Where supported, Capantra aims to provide reasonable mechanisms for deletion or de-identification, subject to security and audit requirements.

Operational retention
Service logs and operational records may be retained to support troubleshooting, security monitoring, and service assurance, subject to policy.
Customer-controlled data
Customer-provided datasets and campaign records are handled per service scope and contract. Customers may request deletion where feasible.
Backups and resiliency
Backups may retain data for limited periods consistent with disaster recovery and integrity requirements. Deletion may follow backup lifecycle.
Audit and integrity exception

Some records may be retained for security, fraud prevention, incident investigation, or compliance requirements. Where retention is required, access is restricted and governed.

Data subject requests (DSRs) and rights handling

Capantra supports customers in responding to data subject requests where Capantra is acting as a processor/service provider for customer-controlled data. Response obligations depend on jurisdiction, the customer’s role, and contractual arrangements.

Typical request types
  • Access: confirm and provide data copies where applicable.
  • Correction: update inaccurate information where within scope.
  • Deletion: delete or de-identify where feasible and permitted.
  • Restriction/objection: supported depending on product and role allocation.
Operational handling (high level)
  • Requests are typically routed via the customer (controller/business) unless contract specifies otherwise.
  • Identity verification is required to prevent unauthorised disclosure.
  • We coordinate to locate relevant records and apply appropriate actions within scope.
  • Some data may be exempt from deletion due to security/audit/legal obligations.

Cross-border processing and jurisdiction notes (AU · UK · US)

Cross-border processing considerations depend on where customers are located, where systems are hosted, and the nature of the data. Capantra aims to support enterprise procurement requirements through transparent documentation and appropriate contractual measures.

Australia (AU)

Privacy obligations may include APPs and sector-specific requirements depending on use case. Customers remain responsible for lawful basis and consent obligations for their programs.

United Kingdom (UK)

UK GDPR/DP Act considerations may apply. Data transfer safeguards and processor terms may be required depending on controller/processor roles and hosting.

United States (US)

US privacy requirements vary by state and sector. Where applicable, Capantra can support service-provider style terms aligned to contract scope.

Contractual documentation

For enterprise procurement, Capantra can provide privacy addenda and supporting artefacts on request, subject to scope and legal review.