Cappsule Sàrl and its affiliated entities ("Cappsule," "we," "us," or "our") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard personal information in the context of our activities, which include:

Consultancy services (IT consulting, process improvement, and advisory)
Software development (custom solutions and internal projects)
Atlassian apps and integrations (including our Cloud and Data Center/Server products)
evalHR - AI-Powered Performance Review Platform

By using our services, visiting our websites, or interacting with our applications, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect and process only the data necessary to provide our services. Depending on your engagement with us, this may include:

Account and contact information (name, email, organization, billing details)
Usage data (log data, activity within our apps, error reports)
Performance review data (self-assessments, manager evaluations, AI-generated questionnaires)
Project and support information (data you choose to share with us when seeking consultancy, support, or custom development)

We do not sell or rent your personal information.

2. Purpose of Processing

We use collected information to:

Deliver and improve our consultancy, development, and app services
Provide customer support and respond to inquiries
Enable specific product features (e.g., performance reviews, 360-degree feedback, AI-powered insights in evalHR)
Ensure compliance with licensing, billing, and legal requirements
Improve performance, security, and user experience across our services

3. Data Sharing

We do not share your personal information with third parties except:

When required by law or to protect our legal rights
With trusted service providers (e.g., hosting partners, payment processors, AI service providers) who are bound by strict confidentiality and security obligations
With third-party platforms, when necessary for the operation of specific apps or integrations you use

4. Data Security

We implement strong technical and organizational measures to protect your data, including encryption, access controls, and regular security reviews. Our hosting providers are ISO 27001 and SOC 2 Type 2 certified.

5. User Control & Rights

Depending on the service you use, you may be able to:

Access, review, and export your data
Manage or delete entries in our apps
Request correction or deletion of your personal data

You also have rights under GDPR and other applicable laws, including the right to data portability and to lodge complaints with supervisory authorities.

6. AI Data Processing

evalHR uses AI to enhance your experience. Our AI features are powered by third-party large language models (LLMs) provided by Anthropic. Here's how we use AI:

AI-generated questionnaires: When you request AI to generate review questions, we send your company description, industry, and job role information (not personal employee data) to the AI provider. The AI generates relevant performance metrics and questions based on this context.
Review analysis and insights: AI-generated summaries and development goals are created by analyzing aggregated review scores and text responses. The AI helps identify patterns and suggest actionable improvements without storing or learning from your data.
Data protection: Your review data is processed securely and is not used to train AI models. AI requests are made in real-time and responses are not retained by the AI provider beyond the immediate request.
Accuracy and limitations: AI-generated content is provided as suggestions to assist human decision-making. We recommend reviewing all AI outputs before use. AI may occasionally produce inaccurate or incomplete suggestions, and final decisions should always involve human judgment.

7. Data Retention

We keep personal data only as long as necessary to provide our services or comply with legal obligations. Once data is no longer needed, it is securely deleted or anonymized, when asked by the client.

8. Compliance

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). Our infrastructure providers maintain SOC 2 Type 2 certification, demonstrating ongoing commitment to security, availability, and confidentiality controls. We ensure lawful, fair, and transparent processing of data.

9. Contact Us

If you have questions about this Privacy Policy or how your data is handled, please contact our privacy team:

security@cappsule.io