Skip to main content
Captivo Labs Last updated: April 2026

1. Introduction

Captivo Labs (“we,” “us,” or “our”) operates middleware software that connects RingCentral telephony with legal practice management software. This Privacy Policy explains how we collect, use, store, and protect information when you use our RingCentral App Connect integrations (“the Service”). We are committed to handling your information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you have questions about this policy, please contact us at privacy@captivolabs.com.

2. Who This Policy Applies To

This policy applies to:
  • Users — individuals who install and use the Service (lawyers, paralegals, and other legal professionals)
  • Firms — law firms and legal practices whose staff use the Service
Where a firm has engaged Captivo Labs to provide the Service to its staff, the firm is the primary data controller and Captivo Labs acts as a data processor on the firm’s behalf.

3. Information We Collect

3.1 Information you provide directly

When connecting the Service to your accounts, we collect:
  • Your name and email address as provided by your practice management software
  • Your RingCentral account and extension identifiers
  • Authentication credentials (OAuth tokens) for RingCentral and your practice management software — stored encrypted, never stored as plaintext

3.2 Information collected automatically through the Service

When the Service is active, we process the following in order to provide its core functionality:
  • Call metadata — phone numbers, call direction (inbound/outbound), call duration, call timestamps, and call outcome
  • Call recordings — recording URLs provided by RingCentral, and optionally the recording files themselves if your configuration stores them
  • AI-generated content — call transcripts and summaries generated by RingCentral’s RingSense feature, where your RingCentral account is licensed for this
  • Contact information — names, phone numbers, and matter/case identifiers retrieved from your practice management software in the course of matching calls to contacts
  • Call notes — notes entered by users during or after calls
  • Activity log identifiers — identifiers of activity records created in your practice management software

3.3 Information we do not collect

We do not collect:
  • The content of calls (audio) beyond what is stored in your RingCentral account
  • Financial information — payment processing is handled entirely by Stripe and we do not see or store card details
  • Information about your clients beyond what is necessary to match calls to contact records in your practice management software

4. How We Use Your Information

We use the information we collect solely to provide and improve the Service. Specifically: 4.1 Providing the Service
  • Matching inbound and outbound calls to contact records in your practice management software
  • Creating and updating call activity logs in your practice management software
  • Storing call notes, recordings, and AI summaries against the correct matter file
  • Authenticating your accounts with RingCentral and your practice management software
4.2 Service administration
  • Managing your firm’s subscription and billing (via Stripe)
  • Enforcing licence validity per user
  • Responding to support requests
4.3 Security and fraud prevention
  • Monitoring for unauthorised access or abnormal usage patterns
  • Maintaining audit logs of system access
4.4 Service improvement
  • Analysing aggregated, de-identified usage patterns to improve the Service
  • Diagnosing and resolving technical issues
We do not use your information for marketing purposes, advertising, or to build profiles for sale to third parties.
We process your information on the following bases:
  • Contractual necessity — processing necessary to deliver the Service you have subscribed to
  • Legitimate interests — security monitoring, fraud prevention, and service improvement, where these do not override your privacy interests
  • Legal obligation — where we are required to process or retain information by Australian law
  • Consent — where you have explicitly consented, such as enabling optional features

6. How We Store and Protect Your Information

6.1 Location All data is stored on servers located in Australia (Sydney region, AWS ap-southeast-2 and Supabase). We do not transfer your data outside of Australia without your explicit consent, except as described in Section 7 (Third Parties). 6.2 Security measures We implement the following security measures:
  • All authentication tokens are encrypted at rest using AES-256 encryption
  • All data in transit is encrypted using TLS 1.2 or higher
  • Database access is restricted to application services within a private network
  • Access credentials are managed using secrets management services and are not stored in source code
  • Access to production systems is restricted to authorised Captivo Labs personnel
6.3 Retention We retain your data for as long as your firm account is active. Following account termination:
  • Active data is deleted within 30 days of termination request
  • Backup data is purged within 90 days
  • We may retain records required by law for longer periods where legally obligated to do so

7. Third Parties We Share Information With

We do not sell your data. We share information with third parties only to the extent necessary to provide the Service:
Third PartyPurposeData SharedLocation
StripePayment processing and subscription managementFirm name, email, billing detailsUSA (covered by Stripe’s data processing agreement)
SupabaseDatabase hostingAll application dataGlobal
Fly.ioApplication hostingAll application data processed in transitGlobal
CloudflareEdge networking and DDoS protectionRequest metadataGlobal edge network
RingCentralTelephony platformCall metadata as required for the integrationAs per RingCentral’s privacy policy
Your practice/contact management software (Filevine, Smokeball, etc)Integration targetCall logs, contact lookups as required for the integrationAs per each platform’s privacy policy
We require all third-party processors to maintain appropriate data protection standards.
We understand that law firms handle privileged and confidential client information. With respect to this:
  • We process client contact information and call metadata only to the extent necessary to match calls to matter files and log activities
  • We do not analyse, mine, or use client information for any purpose beyond delivering the Service
  • We do not disclose client information to third parties except as described in Section 7 or as required by law
  • We recommend firms review their professional obligations under applicable legal profession rules before deploying the Service and satisfy themselves that use of the Service is consistent with those obligations
We are happy to enter into a data processing agreement with firms that require one for compliance purposes. Please contact us at privacy@captivolabs.com.

9. Your Rights

Under the Australian Privacy Principles, you have the right to: 9.1 Access your information You may request a copy of the personal information we hold about you. We will respond within 30 days. 9.2 Correct your information If information we hold about you is inaccurate or incomplete, you may request a correction. We will action corrections within 30 days. 9.3 Delete your information You may request deletion of your personal information. We will delete your data within 30 days, subject to any legal retention obligations. Note that deleting your information will require termination of your account. 9.4 Restrict processing You may request that we restrict processing of your information in certain circumstances, such as where you contest the accuracy of the information. 9.5 Data portability You may request an export of your data in a machine-readable format. To exercise any of these rights, please contact us at privacy@captivolabs.com. We may need to verify your identity before actioning requests.

10. Cookies and Tracking

The Service operates as a server-side API and Chrome browser extension. We do not use cookies or tracking technologies for advertising or analytics purposes. Our documentation website may use minimal analytics to understand page traffic — this is governed by a separate cookie notice on that site.

11. Children’s Privacy

The Service is intended for use by legal professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service with at least 14 days notice. The date at the top of this policy reflects when it was last updated. Continued use of the Service following notification of changes constitutes acceptance of the updated policy.

13. Complaints

If you believe we have not handled your personal information in accordance with the Australian Privacy Principles, you may lodge a complaint with us at privacy@captivolabs.com. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

14. Contact

For any privacy-related questions or requests: Privacy Officer Captivo Labs Email: privacy@captivolabs.com Website: captivolabs.com