Captr Privacy Policy

Effective: May 26, 2026

1. What Is Personal Data at Captr?

This Privacy Policy is published by Aza IQ, Inc. (dba Captr), a company providing the Captr mobile application and related services (the "Service"). Throughout this Policy, "Captr," "we," "us," or "our" refers to Aza IQ, Inc.

Welcome to Captr. Your privacy is important to us, and we are committed to protecting your personal data.

At Captr, we believe in basic privacy rights - and we do not think those basic rights should change depending on which country you call home. For that reason, we treat any information that relates to an identified or identifiable person, or that Captr can reasonably link or associate with them, as "personal data," regardless of where the person is located. So information that directly names you - like your full name - counts as personal data, and so does information that does not name you outright but could reasonably be used to figure out who you are - like a device's serial number. For purposes of this Privacy Policy, aggregated information is treated as non-personal.

This Privacy Policy explains how Aza IQ, Inc. (dba Captr) handles personal data when you use the Service. The Service may link out to third parties or make third-party features available; this Privacy Policy does not govern how those third parties handle personal data. We encourage you to review their privacy policies before interacting with them.

2. Personal Data Captr Collects from You

At Captr, we believe you can have an outstanding product and outstanding privacy at the same time. That means we work to gather only the personal data we actually need. The personal data we collect depends on how you use the Service.

When you create an account, install or update the app, contact us, take part in surveys, or otherwise interact with Captr, we may collect:

• Account Information. Your Captr account details, such as email address, registered devices, account status, and age.
• Device Information. Information by which your device could be identified, such as device serial number, model, operating system, mobile carrier, or browser type.
• Contact Information. Information such as name, email address, mailing address, phone number, or other contact details.
• Payment Information. Information about your billing address and payment method, such as bank account details, credit card, debit card, or other payment card information, processed by a payment service provider.
• Transaction Information. Information about purchases of Captr products and services or transactions enabled by Captr.
• Fraud Prevention Information. Information used to help spot and deter fraud, including a device trust score.
• Usage Data. Information about your activity on and use of the Service, such as app launches, feature interaction, browsing history within the Service, search history, crash data, performance and diagnostic data, and other usage information. This includes the cookies and analytics signals described below.
• Location Information. Precise location only with your consent for features that require it, and coarse location otherwise (for example, derived from IP address).
• User Content. Photos and other visual content that you upload, save, or capture into the Service, including any metadata embedded in the file (such as capture date, GPS coordinates, device, and original-file fingerprint).
• Image-derived Data. Information that Captr extracts from your User Content, including but not limited to text recognized in images (OCR), URLs detected in images, embeddings/vectors used to power visual and semantic search, and other structured signals generated by the Service's AI features.
• Other Information You Provide. Information you choose to share with us, such as the contents of your communications with Captr, including customer-support interactions.
• Cookies & Analytics. We use cookies and Google Analytics to understand usage patterns and improve the user experience. See Section 4 (Cookies and Other Tracking Technologies) below for more detail on the cookies, mobile identifiers, and analytics technologies we use.

You are not required to provide the personal data we ask for. However, if you choose not to, in many cases we will not be able to provide the Service to you or respond to your requests.

3. Personal Data Captr Receives from Other Sources

Captr may receive personal data about you from other individuals, from businesses or third parties acting on your instructions, from our partners who help us deliver the Service and provide security or fraud-prevention support, and from other lawful sources.

• Individuals. We may collect information about you from another person - for example, if that person invites you to use the Service or shares content with you through the Service.
• At Your Direction. You may instruct other individuals or third parties to share information with Captr - for example, by importing content from a third-party service into your Captr library.
• Captr Partners. We may verify information you give us with a third party for security and fraud-prevention reasons.

4. Cookies and Other Tracking Technologies

Captr and our service providers use cookies, mobile SDKs, and similar technologies to operate the Service, remember your preferences, analyze how the Service is used, and measure the performance of our features. These technologies fall into the following categories:

• Strictly necessary. Required for authentication, session management, and core functionality of the Service.
• Analytics and performance. Used to understand usage patterns and improve the Service. Captr currently uses Google Analytics as our analytics provider. Google Analytics collects information about how you interact with the Service, including device and event-level usage data. Other providers and services we use for Analytics include the following and are subject to change at any time: Firebase Analytics; PostHog Flutter; Singular Flutter SDK; Customer.io, Firebase Crashlytics; Apple Search Ads Attribution API.
• Advertising or cross-context behavioral advertising. Captr does not use third-party advertising cookies or pixels. We use Singular for mobile measurement and Apple Search Ads attribution to measure the effectiveness of our own marketing, and Apple's privacy-preserving SKAdNetwork / AdServices framework where applicable.

Your choices. You can manage cookie preferences through your device or browser settings. On iOS, Captr complies with Apple's App Tracking Transparency framework; we do not engage in tracking across apps or websites that you have not affirmatively consented to.

5. Biometric Information

Captr does not collect, store, or use biometric identifiers or biometric information as those terms are defined under the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the Washington biometric statute (RCW 19.375), or similar laws of other jurisdictions. The Service does not perform facial recognition and does not extract face geometry, retina or iris scans, fingerprints, voiceprints, hand geometry, or other biometric identifiers from your User Content.

If we add features in the future that involve the collection, use, or processing of biometric identifiers or biometric information, we will obtain your separate, informed, written consent before doing so and will publish a written retention and destruction schedule consistent with applicable law before we begin such processing. We will not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information.

6. How Captr Uses Personal Data

Captr uses personal data to operate the Service, to process your transactions, to communicate with you, to keep the Service secure and free from fraud, and to comply with legal obligations. We may use personal data for additional purposes with your consent.

Captr only uses your personal data when we have a valid legal basis to do so. Depending on the situation, we may rely on your consent, on the fact that the processing is necessary to perform a contract with you, to safeguard your vital interests or those of another person, or to comply with a legal obligation. We may also process your personal data where we conclude that doing so is in our or others' legitimate interests, after taking your interests, rights, and expectations into account. If you have questions about the legal basis for a specific processing activity, you may contact us using the details in the "Contact" section.

• Power the Service. Captr collects personal data necessary to provide the Service, including to authenticate user accounts, manage subscriptions, improve our offerings, for internal purposes such as auditing and analysis, and for troubleshooting. Legal basis: performance of our contract with you (GDPR Art. 6(1)(b)) and our legitimate interests in operating and improving the Service (Art. 6(1)(f)).
• Process Your Transactions. To handle subscription payments and other transactions, we collect information such as your name, purchase, and payment information. Legal basis: performance of our contract with you (Art. 6(1)(b)) and compliance with our legal obligations (Art. 6(1)(c)).
• Communicate with You. To reply to your communications, contact you about your account, share important notices about Captr, and respond to your support requests. Some notices — such as messages about changes to our terms or to this Policy — are important to your relationship with Captr, and you cannot opt out of receiving them. Legal basis: performance of our contract with you (Art. 6(1)(b)) and our legitimate interests in providing service communications and customer support (Art. 6(1)(f)). For optional marketing communications, your consent (Art. 6(1)(a)).
• Security and Fraud Prevention. To safeguard individuals, employees, and Captr, and for loss prevention and to prevent fraud, including to safeguard individuals, employees, and Captr for the benefit of all users. Legal basis: our legitimate interests in protecting the Service, our users, and our business from security threats and fraud (Art. 6(1)(f)) and compliance with applicable law (Art. 6(1)(c)).
• Personalization. If you choose to personalize your experience where such options are available, we will use the information we collect to deliver that personalized experience. Legal basis: your consent where consent is required (Art. 6(1)(a)) or our legitimate interests in personalizing your experience (Art. 6(1)(f)).
• Comply with Law. To comply with applicable law - for example, to satisfy tax or reporting obligations or to respond to a lawful governmental request. Legal basis: compliance with applicable law (Art. 6(1)(c)).
• Improve and Develop the Service, Including Through Machine Learning. We use the information we collect to refine the Service, roll out new features, and train, build, and improve our technology, including our machine learning models. This includes models that power the Service's AI features such as text recognition (OCR), link extraction, visual and semantic search, and generative features that operate on User Content. Legal basis: our legitimate interests in operating, improving, and developing the Service, including the training of machine-learning models that power its features (Art. 6(1)(f)). If you are located in the EEA, the UK, or Switzerland, you have the right to object to this processing at any time - see Section 9 below.

Captr does not use algorithms or profiling to make any decision that would significantly affect you without the opportunity for human review.

Captr does not intentionally collect sensitive personal information as that term is defined under California law. We recognize that User Content may incidentally contain information falling within California's definition of sensitive personal information - for example, a photograph that happens to show a personal identification document, a place of worship, or content related to a person's health. We do not use such incidental content for any purpose that would require a consumer to exercise the right to limit the use of sensitive personal information under California law, and we apply the same protections to that content as to other User Content.

7. Captr's Sharing of Personal Data

Captr is a private library. Your User Content is not shared with other Captr users, with advertisers, or with any public surface, and is never sold. We process your User Content only to provide and improve the Service.

Captr may share personal data with Captr-affiliated companies, with service providers who act on our behalf, with our partners, or with others at your direction. Captr does not share personal data with third parties for their own marketing purposes.

• Service Providers. Captr engages third parties to provide services on our behalf, such as cloud hosting and storage, payment processing, customer support, analytics, and AI model inference. Our service providers must handle personal data consistent with this Privacy Policy and must follow our instructions. They cannot use the personal data we share for their own purposes and must delete or return the personal data once they have fulfilled their task.
• AI Model Providers. Some of the Service's AI features (including OCR, link extraction, visual and semantic search, and generative features) are powered by third-party AI model providers acting as service providers to Captr. These providers are bound by contractual terms that prohibit them from retaining your data beyond the inference call or from using your data to train their own models.

Consent to processing of communications by service providers. By using the Service, you understand and agree that communications you transmit through the Service - including content you submit, prompts and queries you make to AI features, and customer-support communications - may be processed in real time by our service providers acting on our behalf for the purpose of providing and operating the Service. These service providers are bound by contract not to use the contents for any other purpose. To the extent any applicable law (including the California Invasion of Privacy Act, Cal. Penal Code §§ 631 and 632.7, and similar laws of other states) requires consent to interception, monitoring, or processing of communications by service providers acting on our behalf, you provide that consent by using the Service.

• Partners. From time to time, Captr may partner with third parties to deliver features. We require our partners to protect your personal data.
• Others At Your Direction. Captr may share information with others at your direction or with your consent. When you choose to share or export your content from the Service to another app on your device (for example, via the standard iOS or Android Share Sheet, or by saving to your camera roll), the receiving app or location then governs that content under its own policies.
• Legal, Safety, and Law Enforcement. We may disclose information about you where we determine, in good faith, that disclosure is necessary or appropriate for purposes of national security, law enforcement, or other matters of public importance. We may also disclose information where there is a lawful basis to do so, including to enforce our terms, to protect our operations or users, or in the event of a reorganization, merger, or sale.

We respond to court orders, search warrants, subpoenas, and similar legal requests, and we may also share information when we believe in good faith that it is reasonably necessary to comply with a law, regulation, or legal request; to protect the safety, rights, or property of the public, any person, or Captr; or to detect, prevent, or address fraud, security, or technical issues. In emergencies where we believe it is necessary to prevent imminent and serious bodily harm to a person, we may disclose information without a formal legal request.

Reporting of Child Sexual Abuse Material (CSAM). If Captr becomes aware of content on the Service that we believe constitutes child sexual abuse material, we report that content to the National Center for Missing & Exploited Children (NCMEC) as required by U.S. law (18 U.S.C. § 2258A) and cooperate with law enforcement as appropriate.

Captr does not sell your personal data, including as "sale" is defined in Nevada and California. Captr also does not "share" your personal data as that term is defined under California law for cross-context behavioral advertising.

In the event of a reorganization, merger, or sale of Captr, your personal data may be transferred as part of that transaction, subject to the protections of this Privacy Policy.

8. Captr's Retention of Personal Data

Captr retains personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, or as required by law. When determining retention periods, we first consider carefully whether retaining the collected personal data is necessary and, if retention is required, we work to retain the personal data for the shortest period permissible under law.

There may be situations where we cannot grant a deletion request - for example, if you ask us to delete transaction data and Captr is legally obligated to keep a record of that transaction to comply with law. We may also decline a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as where you request deletion of an account that is being investigated for security concerns.

If you delete your account, your data will be deleted unless required for compliance purposes.

9. Your Privacy Rights at Captr

At Captr, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. We extend these rights to our global customer base. If you choose to exercise these rights, you have the right not to be treated in a discriminatory way or to receive a lesser level of service from Captr. Where you have provided consent to the processing of your personal data, you have the right to withdraw that consent at any time.

These rights include, where applicable: the right of access (Art. 15 GDPR), rectification (Art. 16), erasure or "right to be forgotten" (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection to processing (Art. 21), and rights related to automated decision-making and profiling (Art. 22). Withdrawing your consent will be as easy as providing it.

To exercise your privacy rights, contact us at support@azaiq.com. To help safeguard the security of your personal data, we will verify your identity before responding to a request.

You also have the right to lodge a complaint with the applicable supervisory authority.

There may be situations where we cannot grant your request - for example, if you ask us to delete your transaction data and Captr is legally obligated to retain a record of that transaction. We may also decline a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, would jeopardize the privacy of others, is frivolous or vexatious, or would be extremely impractical or unreasonable.

Additional Information for Users in the EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described above and the following additional GDPR / UK GDPR rights: access, rectification, erasure, restriction of processing, data portability, and objection to processing - including the right to object to processing based on our legitimate interests, such as our use of information for service improvement and the training of machine-learning models. To exercise these rights, contact us at support@azaiq.com. You may lodge a complaint with your local data protection authority.

If you live in Ireland or another EEA Member State, the supervisory authority in many cases will be the Irish Data Protection Commission (21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland; www.dataprotection.ie). If you live in the United Kingdom, your supervisory authority is the Information Commissioner's Office (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom; ico.org.uk). You may also lodge a complaint with the supervisory authority of your usual place of residence, your place of work, or the place of the alleged infringement.

Additional Information for California Residents

If you live in California, you have the right under the California Consumer Privacy Act (as amended by the California Privacy Rights Act) to know, access, correct, port, restrict the use of sensitive personal information, and delete your personal data, as well as the right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. Captr does not sell or share personal information as those terms are defined under California law.

To exercise these rights, contact us at: support@azaiq.com or by phone: +1-646-363-6075.

Some of our activities may qualify as "targeted advertising," "sharing," or "selling" under certain state privacy laws. Where any such activity occurs, you may opt out at any time by contacting us.

For users in certain U.S. states who enable an opt-out preference signal (such as Global Privacy Control), Captr will honor that signal when you use the Service.

Categories of personal information collected (past 12 months) and how we handle them. This notice supplements the data categories described in Section 2 above. The categories of personal information we have collected, the categories of sources from which we obtain that information, the business purposes for which we use it, the categories of third parties with whom we share it as service providers, and the retention criteria we apply are summarized below.

• Categories collected: identifiers (name, email, account credentials); commercial information (transaction history); internet or other electronic network activity (usage data, cookies, device identifiers); geolocation (coarse only by default; precise only with consent); audio/visual information (User Content uploaded by you); inferences (Image-derived Data such as OCR text, embeddings, and other structured signals generated by our AI features). We do not intentionally collect categories of sensitive personal information; see further note below.
• Categories of sources: directly from you; from your device when you use the Service; from third parties acting at your direction (for example, when you import content into your library); and from service providers acting on our behalf for analytics, payments, or fraud prevention.
• Business purposes: as described in Section 6 above - operating the Service, processing transactions, communicating with you, security and fraud prevention, personalization, legal compliance, and improving and developing the Service including through machine learning.
• Categories of recipients (acting as service providers on our behalf): cloud hosting and storage providers; payment processors; customer support providers; analytics providers; AI model providers; security and fraud-prevention providers.
• Retention criteria: account, contact, and account-derived data are retained while your account is active and for a reasonable period afterwards to handle disputes and comply with legal obligations. User Content and Image-derived Data are retained while present in your library; they are deleted when you delete the underlying content or your account, subject to backup-purge timelines and any legal-hold exceptions. Transaction and payment records are retained as required by applicable tax, accounting, and consumer-protection law (typically up to seven years in the United States). Usage logs and analytics data are retained for limited periods consistent with the purposes for which they were collected.
• Sensitive personal information: Captr does not intentionally collect sensitive personal information as that term is defined under California law. We recognize that User Content may incidentally contain information within California's sensitive-PI definition (for example, photographs that happen to show a personal identification document, place of worship, or content related to a person's health). We do not use such incidental content for any purpose that would require a consumer to exercise the right to limit the use of sensitive personal information under California law.
• Sale or sharing: Captr does not "sell" or "share" personal information as those terms are defined under California law for cross-context behavioral advertising.

10. Children

Children under 13 are not permitted to use Captr. If you are located in a state or country with a higher minimum age, you may only use the Service if you are at or above the age at which you can lawfully consent to data processing.

Captr is not directed to children. We do not knowingly collect personal data from children below the applicable minimum age. If we become aware that we have collected personal data from a child without proper authorization, we will delete it as soon as practicable. If you believe we may have collected information from a child, please contact us at support@azaiq.com.

11. Security

To help keep your personal data secure, Captr communicates its privacy and security guidelines to its team and enforces privacy safeguards across the company.

We apply technical safeguards designed to protect your information, including encryption in transit and at rest, access controls, and pseudonymization where doing so does not reduce the usefulness of the data. We restrict access to production systems to team members who need it for operating the Service.

However, no system is fully secure. Because you sign in to Captr with your Google or Apple account, we recommend protecting that account with a strong, unique password and two-factor authentication.

Breach notification. If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay. Where required by applicable law, we will notify the competent supervisory authority within the timelines required by that law - for example, within 72 hours of becoming aware of a breach where required under the EU and UK GDPR.

Privacy by design and by default. We implement data-protection principles by design and by default, including through technical and organizational measures appropriate to the risks of our processing. We carry out data protection impact assessments before we begin any processing that is likely to result in a high risk to the rights and freedoms of individuals, including for our use of machine learning on User Content.

12. International Transfer of Personal Data

Captr is a global service. By using the Service, you authorize us to transfer and store your information outside your home country for the purposes described in this Privacy Policy.

Additional safeguards for transfers from the EEA, the UK, and Switzerland. Where we transfer personal data outside the EEA, the UK, or Switzerland - for example, to a service provider in another country - we rely on the following safeguards to ensure your information receives an adequate level of protection:

• Adequacy decisions issued by the European Commission under Article 45 of the GDPR (or equivalent decisions under other laws) recognizing that a country offers an adequate standard of data protection.
• Standard contractual clauses (SCCs) approved by the European Commission under Article 46 of the GDPR, the UK International Data Transfer Addendum, and equivalent Swiss SCCs, used to transfer information to recipients in countries without an adequacy decision.

We also adopt technical and organizational protections appropriate to each transfer, including encryption and pseudonymization, and we maintain processes to evaluate and challenge disproportionate or unlawful government access requests. For a copy of any applicable adequacy decision or standard contractual clauses, contact us at support@azaiq.com.

If you are in the EEA, your data may be processed outside of your region, including in the United States. We ensure that such transfers comply with GDPR using appropriate safeguards.

13. Privacy Questions and Contact

If you have questions about this Privacy Policy or Captr's privacy practices, you can reach us at support@azaiq.com.

Captr takes your privacy questions seriously. In most cases, substantive contacts receive a reply within a reasonable period (typically within seven days). In other cases, we may ask for additional information or let you know we need more time to respond.

Where your complaint indicates an improvement could be made in our handling of privacy issues, we will take steps to make that update at the next reasonable opportunity. If a privacy issue has had a negative impact on you or another person, we will take steps to address that with you or with that other person. You may at any time escalate your complaint to the relevant supervisory authority.

For any privacy-related inquiries, you can reach us at: support@azaiq.com.

Postal address:

Aza IQ, Inc.
8080 Westpark Drive STE 42518
Houston, TX 77063
USA

14. Updates to This Policy

We may revise this Privacy Policy from time to time, and when we do, we will post any changes on this page and update the effective date at the top. If you continue using Captr once those changes take effect, the updated Policy applies to you. If a change is material, we may give you a more prominent notice - for example, by email or in-app notification.