Legal
Effective: May 10, 2026
Capstra Labs ("we," "us," or "our") operates NetTrace AI, a browser-extension and IDE-companion platform for debugging web applications. This Privacy Policy describes how we collect, use, store, and protect information when you use our website, browser extension, IDE companion, and related services (collectively, the "Service"). By accessing or using the Service, you agree to the practices described in this policy. We are committed to transparency and to protecting your privacy through a local-first architecture that keeps your most sensitive data on your own machine.
We collect a limited set of information necessary to operate the Service and manage your account. This includes information you provide directly and metadata generated when you use our products.
NetTrace AI is designed around a local-first principle. The following categories of data are never uploaded to our cloud servers and remain exclusively in your browser’s local storage or on your local machine. We have no technical means to access this data remotely.
The NetTrace AI browser extension intercepts and records network requests within your browser for debugging purposes. All captured data is stored in chrome.storage.local, a sandboxed storage area managed by your browser that is not accessible to our servers or any third party. The extension never transmits captured debug data — including request payloads, response bodies, headers, or cookies — to any cloud endpoint. Sensitive fields such as Authorization headers, Bearer tokens, API keys, and passwords are automatically redacted before storage using multi-layer pattern matching. You retain full control over locally stored data and can clear it at any time through the extension’s settings.
The NetTrace AI IDE companion is a lightweight local server that runs entirely on your machine at 127.0.0.1:48731. It communicates with the browser extension exclusively through a local WebSocket connection that never leaves your device. Debug data received by the IDE companion is held in local memory and on local disk only; it is never forwarded to any remote server. The companion exposes MCP tool endpoints that your IDE’s AI agent can query, but all queries and responses stay within the localhost boundary. No internet connection is required for the companion to function once installed.
For premium users, the data flow for debug information follows a strictly local path: browser extension → localhost WebSocket → IDE companion. At no point does captured debug data pass through our cloud servers or any third-party infrastructure. The browser extension establishes a WebSocket connection to the locally running IDE companion, which receives redacted session data and makes it available to AI-powered IDE tools via local MCP endpoints. Cloud connectivity is used only for account authentication and subscription verification — never for transmitting your application’s debug data.
We do not use analytics cookies, tracking pixels, browser fingerprinting, or any other behavioral tracking technologies on our website or within the extension. We do not share data with advertising networks or data brokers. The only cookies we set are strictly necessary session cookies used to maintain your authenticated state when you are logged in to the NetTrace AI dashboard. These session cookies are httpOnly, secure, and expire when your session ends or after a reasonable inactivity period.
We use a limited number of third-party services to operate the platform. Each is bound by its own privacy commitments, and we share only the minimum data required for each service to function.
Cloud-stored account data (email, name, billing status, and device tokens) is retained for as long as your account is active or as needed to provide the Service. You may request deletion of your account and all associated cloud data at any time by contacting us at support@capstralabs.com. Upon receiving a verified deletion request, we will permanently remove all cloud-stored personal data within 30 days. Locally stored extension and IDE companion data is entirely under your control — you can clear it at any time through the browser extension settings or by uninstalling the companion. We do not have access to, and therefore cannot delete, data stored locally on your machine.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). We process personal data on the legal bases of contractual necessity (to provide the Service) and legitimate interest (to maintain security and prevent fraud). Our architecture embodies the principle of data minimization — we collect only what is strictly necessary to operate accounts and billing. You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent where consent is the legal basis. A Data Processing Agreement (DPA) is available upon request for enterprise customers. To exercise any of these rights, contact us at support@capstralabs.com.
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and its amendments. You have the right to know what personal information we collect about you and how it is used, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information. We do not sell, share, or rent your personal information to third parties for monetary or other valuable consideration, and we have never done so. We will not discriminate against you for exercising any of your CCPA rights. California residents may submit requests by contacting us at support@capstralabs.com. We will verify your identity before processing any request and respond within 45 days as required by law.
Our cloud infrastructure is hosted on DigitalOcean servers located in the United States. Account-level data (email, name, billing status, and device tokens) may therefore be processed in the United States. For users outside the US, we rely on Standard Contractual Clauses (SCCs) and other approved transfer mechanisms to ensure adequate protection of your personal data. Crucially, debug data captured by the browser extension and IDE companion never leaves your local machine and is therefore never transferred internationally. This local-first design eliminates cross-border data transfer risks for the most sensitive categories of information you work with.
The Service is designed for professional software developers and is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under 13, we will take prompt steps to delete that information from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@capstralabs.com so we can take appropriate action.
We implement industry-standard security measures to protect your data. All data transmitted between your browser and our cloud services is encrypted in transit using TLS 1.2 or higher. Device tokens are stored as cryptographic hashes and cannot be reversed to recover the original values. Our cloud footprint is minimal by design — because debug data never reaches our servers, the attack surface for sensitive application data is effectively zero. We conduct regular security reviews of our infrastructure and codebase. The browser extension applies automatic redaction of sensitive fields before any data is written to local storage, providing defense-in-depth even at the client level.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will provide at least 30 days’ advance notice by sending an email to the address associated with your account and by displaying a prominent banner on the NetTrace AI website. The "Effective" date at the top of this policy indicates when the current version took effect. We encourage you to review this policy periodically. Continued use of the Service after a revised policy becomes effective constitutes your acceptance of the updated terms.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact Capstra Labs at support@capstralabs.com. You can also reach our support team through the Support page. We aim to respond to all privacy-related inquiries within five business days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.