Compliance
Cap is built privacy-first and self-hosted, which makes most regulatory questions simple to answer: your users' data never leaves your infrastructure. There are no cookies or tracking for end users, no third-party calls in the verification flow, and the proof-of-work runs entirely in the visitor's browser.
Privacy & data protection
- GDPREuropean Union
General Data Protection Regulation
No cookies or tracking for end users and no third-party calls. You stay the sole controller.
- CCPA / CPRACalifornia, USA
California Consumer Privacy Act
Cap never sells or shares personal information and builds no consumer profiles.
- HIPAAUnited States
Health Insurance Portability and Accountability Act
No PHI is ever touched and everything runs on your own infrastructure.
- PIPEDA / CPPACanada
Personal Information Protection and Electronic Documents Act
No personal information is collected, disclosed, or sold to third parties.
- LGPDBrazil
Lei Geral de Proteção de Dados
Self-hosted with no profiling and no data sharing keeps processing minimal and fully under your control.
- DPDPAIndia
Digital Personal Data Protection Act
No personal data is stored or shared, and nothing leaves your servers.
- PIPLChina
Personal Information Protection Law
Self-host in-region and no data ever leaves your infrastructure.
Accessibility
- WCAG 2.2 AAInternational
Web Content Accessibility Guidelines
- EAA / EN 301 549European Union
European Accessibility Act
- Section 508United States
Rehabilitation Act, Section 508
- i18nGlobal
Localization & RTL support