Last updated: June 15, 2026
CapsLock Holdings LLC, aDelaware limited liability company ("CapsLock," "we,""us," or "our"), operates the website at gocapslock.com andprovides investor-relations and fundraising-support technology and services toprivate fund managers and their teams (the "Services"). This PrivacyPolicy explains how we collect, use, store, share, and protect information,including information we access from third-party services such as Google, whenyou or your organization use our Services.
This Policy applies togocapslock.com and to the products and applications we operate under it,including VDRom and Terminal. By using our Services, you agree to the practicesdescribed in this Policy.
Contact:[email protected] · CapsLock, 209 Ashland Ave, Santa Monica, CA 90405
We provide Services toorganizations (our "Clients" — typically private fund managers andtheir team members) and we process information on their behalf. Depending onthe context:
• For most data we process through the Services, ourClient is the data controller and CapsLock acts as a data processor /service provider, processing data according to our agreement with thatClient and this Policy. Processing of personal data on behalf of Clients isalso governed by our Data Processing Agreement (DPA).
• For information about visitors to gocapslock.com andindividuals who contact us directly, CapsLock acts as the controller.
• Account and contact details (name, email, organization,role) when you sign up, request a demo, or communicate with us.
• Information you submit through forms, support requests,or correspondence.
• Billing and payment information when you purchase paidServices. Payment card details are processed by our third-party paymentprocessor; we do not store full payment card numbers on our systems.
With your authorization, theServices connect to third-party accounts to provide functionality. This mayinclude:
• Google account data (Gmail, Google Calendar) —see Section 4 for the specific, Google-required disclosures.
• Meeting and transcription services,customer-relationship-management (CRM) systems, messaging services, anddata-room analytics that you choose to connect, used to provide the relevantfeatures of the Services.
• Usage and device information (IP address, browser type,pages viewed, timestamps) collected via standard web technologies and serverlogs.
• Cookies and similar technologies used to operate thewebsite, remember your preferences, and understand usage. You can controlcookies through your browser settings.
This section describesspecifically how the Services access, use, store, and share data obtainedthrough Google APIs, in accordance with the Google API Services User DataPolicy, including its Limited Use requirements.
When a user authorizes theServices to connect a Google account, we request the following scopes:
• Read-only access to Gmail messages(`gmail.readonly`): used solely to detect and surface fundraising andinvestor-relations follow-up items — for example, identifying outstandingreplies, unfulfilled commitments, and stalled conversations — and to presentthese as actionable tasks within the Services' user interface.
• Read-only access to Google Calendar(`calendar.readonly`): used to associate meetings and scheduledinteractions with the relevant contacts and follow-up items surfaced in theServices.
• Basic account identification (`userinfo.email`):used to identify the connected account.
We request the narrowest scopesnecessary for these features and do not request access to Google data we do notuse.
We use Google user data only toprovide and improve the user-facing features of the Services that are describedto the user — specifically, detecting and presenting follow-up tasks andrelated context within the application interface. We do not use Google userdata for advertising, to build advertising profiles, to determinecreditworthiness or for lending purposes, or for any purpose unrelated toproviding the Services.
• Google data is processed within our own controlledinfrastructure, and each Client's data is logically isolated from otherClients' data.
• We store only the data necessary to provide theServices, including the derived signals and records needed to produce follow-uptasks.
• Data is encrypted in transit and at rest usingindustry-standard protocols.
• OAuth credentials and tokens are stored securely andare not exposed to client-side code.
We do not sell Google user dataand do not transfer it to third parties, except in the limited circumstancespermitted by Google's Limited Use requirements:
• to provide or improve user-facing features of theServices, and only as needed to operate them;
• with service providers and sub-processors who processdata on our behalf under contractual confidentiality and data-protectionobligations, such as our cloud-hosting and infrastructure providers;
• for security purposes, such as investigating abuse or asecurity incident;
• to comply with applicable law; or
• in connection with a merger, acquisition, or sale ofassets, only with the affected user's explicit prior consent.
CapsLock's use and transfer ofinformation received from Google APIs adheres to the Google API Services UserData Policy, including the Limited Use requirements.
Humans do not read Google userdata except: (a) where the user has given affirmative agreement to viewspecific messages or data; (b) where necessary for security purposes, such asinvestigating a bug or abuse; (c) where necessary to comply with applicablelaw; or (d) where the data has been aggregated and de-identified and is usedfor internal operations in accordance with applicable privacy requirements.
Users may disconnect a connectedGoogle account at any time through the Services or via their Google accountsecurity settings at myaccount.google.com/permissions. Upon disconnection orupon request, we delete the associated Google data we hold, except whereretention is required by law or for legitimate, disclosed business purposes.
Beyond Google data (Section 4),we use information to:
• provide, operate, maintain, and improve the Services;
• communicate with you about your account, supportrequests, and Service updates;
• secure our systems and prevent abuse, fraud, andsecurity incidents;
• comply with legal obligations; and
• with consent where required, send you information aboutour Services.
We do not sell personalinformation.
We share information only asdescribed in this Policy, including:
• With your organization or Client: data processedon a Client's behalf is accessible to that Client per our agreement.
• Service providers and sub-processors: vendorswho perform services for us, such as cloud hosting and infrastructure, underconfidentiality and data-protection obligations.
• Legal and safety: to comply with law, enforceour terms, or protect rights, safety, and security.
• Business transfers: in a merger, acquisition, orasset sale, subject to the protections described in this Policy and, for Googledata, Section 4.4.
We retain information for aslong as necessary to provide the Services, comply with legal obligations,resolve disputes, and enforce agreements. Google user data is retained only asdescribed in Section 4 and is deleted on disconnection or request as describedin Section 4.7.
We implement administrative,technical, and physical safeguards designed to protect information, includingencryption in transit and at rest, access controls, and monitoring. No methodof transmission or storage is completely secure, and we cannot guaranteeabsolute security.
Depending on your location, youmay have rights to access, correct, delete, port, or restrict processing ofyour personal data, and to object to certain processing. For data we process ona Client's behalf, requests may need to be directed to the Client as thecontroller. To exercise rights, contact [email protected].
• California residents: You have rights under theCalifornia Consumer Privacy Act, as amended, including rights to know, delete,correct, and opt out of the sale or sharing of personal information. We do notsell your personal information. To exercise these rights, contact [email protected].
• EEA and UK residents: Where the General DataProtection Regulation or UK GDPR applies, we process personal data on thelawful bases of contract performance, legitimate interests, legal obligation,or consent, and we honor data-subject rights as described above.
We process and store informationin the United States. Where we transfer personal data from other regions, werely on appropriate safeguards, such as Standard Contractual Clauses, whererequired by applicable law.
The Services are intended forbusinesses and are not directed to individuals under 18. We do not knowinglycollect personal information from children.
We may update this Policy fromtime to time. We will post the updated version with a revised "Lastupdated" date and, where required, provide additional notice. Yourcontinued use of the Services after changes take effect constitutes acceptance.
Questions about this Policy orour data practices:
CapsLock ·[email protected] · 209 Ashland Ave, Santa Monica, CA 90405