Capillary acquires US-based Brierley+Partners Read more >
Blue Rewards from Al Futtaim Group Shares Loyalty Success Stories and Evolution. Watch Podcast >
Capillary Announces 2nd Annual Captivate 2025 Summit: Transforming Loyalty Management with New AI Tech Read more >
Privacy Policy
Capillary Technologies provides enterprise Software-as-a- Service (“SaaS”) solutions for clients to manage their loyalty program delivering personalized experiences, email & cross- channel messaging, and loyalty strategies at scale (the “Services”)
This Capillary Services Privacy Notice exists to provide details regarding the Processing of Personal Data Related to Services provided by Capillary entities (referred to as “Capillary,” “we,” “us” or “Our”).
Capillary takes data privacy and security seriously.
We are certified for the following standards:
From a privacy standpoint, we adhere to all the privacy regulations of the regions we operate in.
This Privacy Notice explains how we collect, use, disclose, retain, and protect the personal information in our care. This includes information collected through our platform login portals, and when we are providing you, our Services.
Capillary is a provider of loyalty & customer engagement solutions (products & services) in Business to Business (B2B) space. Companies (referred to as “Customers”) use these solutions to reward, engage and drive advocacy with their end consumers (referred to as “End users”). The personalized engagement with end users is done through electronic messaging channels (email, SMS, social media, push notifications etc.) as well as their own websites, landing pages, and other technologies to improve their business.
Identifier |
Description |
Capillary context |
Personal Data |
Personal data or personal information means any information relating to an identified or identifiable individual |
Corresponds to data of Capillary’s employees, customer’s employees and end users who use Capillary services. This may include user name, email address, phone number, etc. |
Data Subject / Data Owner |
Individual to whom the personal data belongs to. His/her consent determines the way his/her personal data is processed |
These are End users who use Capillary customer’s services |
Data Controller |
Determines the need and ways to collect personal data of Data Subject and capture the required consent from the Data Subject to provide them the required services |
These are Capillary’s customers |
Data Processor |
Process the personal data authorized by the Data Controller in the way the Data Controller determines. |
Capillary perform this function |
Sub Processor |
Process the personal data in the way authorized by Data Processor in consultation with Data Controller |
Capillary may outsource this function to other organizations |
Capillary is a Data Processor and on behalf of our customers who are the Data Controllers, we store the personal data of End users which is collected directly or indirectly by them. As our customers are the Data Controllers, they determine the purpose, type & amount of Personal Data to be collected from the End Users. Also, our customers ensure to get the required Consent from the end users for collecting & utilizing the Personal Data for the purposes they have determined. We, as a Data Processor ensure safe keeping of the collected Personal Data at all times & utilize them in the way our customers have defined.
We may collect telemetric data like IP address, location, device information etc. to provide the required services to our customers.
Capillary processes the Personal Data shared by our customers who are the Data Controllers in the way they have determined. The Personal Data is analyzed to provide insights to our customers to enhance their business using our products. Analysis of Personal data might involve anonymization, pseudonymization or aggregation (“De-Identified Data”) to provide services agreed with our customers which is consistent with the consent obtained by our customers from the End Users.
Capillary analyzes the Personal Data to provide our customers the ability to perform targeted marketing, upsell or cross-sell their products which will enhance the business options of our customers.
Capillary stores the Personal Data safely & securely using industry standard best practices. The Personal Data is stored encrypted with strict access control enforced. Access & transmission of Personal Data is through encrypted channels only.
Capillary stores the Personal Data as long as the contract with our customer is in force. With the termination of contract with the customer, the Personal data is deleted within the agreed time period as specified in the contract.
Our customers are responsible to ensure that their data collection practices comply with applicable children’s data privacy protection legislation such as United States’ Children’s Online Privacy Protection Act ( COPPA) applicable in their jurisdiction of their operations, including acquiring parental consent where applicable. We rely on our customers to disclose whether they collect any Children data and whether they are subjected to COPPA or any applicable regulations.
We adhere to the exercise of Data subject rights such as Right to Erasure/forgotten, Right to Information, etc., mandated by all data privacy laws that are applicable to the regions we operate in. We receive requests to exercise these rights in two ways i.e. either from our customers or from the End Users directly. When we receive the request from our customer, we perform the required action as directed by them as long as it is technically feasible and will not affect the services being offered.
If we receive the request directly from the End User, we forward the request to our customer for them to validate the request and based on their feedback, take appropriate action as long as it is technically feasible and will not affect the services being offered.
The most common set of Data Subject rights across data privacy laws applicable in the regions we operate that are allowed through procedure detailed above are the following:
We may disclose Personal Data to our contractors, service providers, parties authorized by our customers who are the Data Controller or other third parties who provide data processing services to us like process billing, to analyze data, host data, to provide customer support, etc either as one-time or scheduled activity. We perform a strict security risk assessment of the third parties with whom we share Personal Data to ensure they comply with all the required regulations before getting into a contract with them.
If we are involved in a merger or acquisition or dissolution or sale of all or partial assets, we may transfer the processing of personal data to them after providing due notice to our customers.
If law enforcement agencies or any government bodies reach out to us through a valid & binding order to disclose Personal Data of End Users, we will promptly redirect them to our customers. In case we are compelled to provide the information asked, we will promptly notify our customer to seek any legal remedy and if that fails, we will share only the bare minimum Personal Data.
Processing may occur in any jurisdiction in which Capillary is established, including the United States, United Kingdom, South East Asia, India and Middle East. Our contractors, service providers and other third parties who provide data processing services to us may process Personal Data in additional jurisdictions. The actual locations of processing depend on the Customer’s implementation of the Services.
Capillary doesn’t sell or rent any customer data to any third parties.
Capillary has no rights or ownership of Personal data of End Users shared by our customers who are the Data Controllers.
Upon being aware of a personal data breach, Capillary will promptly inform the customer with sufficient information for them to fulfill obligatory reporting to concerned authorities or to Data Subjects.
Capillary will cooperate with the customer in investigating & remediating the personal data breach.
Capillary will also provide the required assistance to the customers if they are investigating a personal data breach incident at their end.
We may revise this notice from time to time in response to changing legal, technical or business developments. The most current version of this notice will govern our use of Personal Data. We will take appropriate measures to keep our customers informed when we update our Privacy Notice.
Please direct any questions, comments or concerns regarding this Privacy Notice to Guardians@capillarytech.com