CAPAC - Terms and Conditions

CAPAC – Terms & Conditions

These Terms & Conditions (“Terms”) form a binding agreement between CAPAC — registered in France under SIRET 840 376 487 00012, 56 avenue Leclerc, 69007 Lyon (“CAPAC,” “we,” “us”) — and you, the individual or entity that creates a CAPAC account or purchases a subscription to the CAPAC software-as-a-service platform (“Service”). By accessing or using the Service you accept these Terms. If you do not agree, do not use the Service.


1. Definitions

  • “Service” – the CAPAC web application, APIs, dashboards, alerts and any associated software, documentation or support.
  • “Subscription” – a paid plan purchased via Stripe that grants time-limited access to the Service.
  • "Launch Offer" & “Founding-Member Pass” – the early-adopter plan offered to beta users with a 40 % lifetime discount and additional perks (see Section 14).
  • “Customer Data” – data imported from LinkedIn ad accounts and any information you upload or generate in the Service.
  • “Rate-Lock” – our commitment that the Subscription price shown at initial checkout will remain unchanged for the life of that Subscription (Section 6).

2. The Service

CAPAC provides manual bid analysis and one-click bid updates for LinkedIn campaigns, proprietary hour-by-hour performance metrics, scheduling, alerts and related functionality. The Service is supplied “as is” without an explicit uptime guarantee; we aim for high availability and a 48-hour average support-response time.


3. Account & Eligibility

You must (i) be at least 18 years old and legally able to contract for your organisation, (ii) have authority over the LinkedIn ad accounts you connect, and (iii) keep login credentials confidential. We may suspend accounts that violate these Terms or applicable law.


4. Fees & Payment

  • All payments are processed by Stripe.
  • CAPAC operates as a French micro-entreprise; invoices are not subject to VAT (Art. 293 B CGI).
  • Subscriptions renew automatically unless cancelled.
  • If a payment fails we may suspend access after reasonable notice.

5. Money-Back Guarantee

  • You may cancel within 30 days of first purchase for a full refund.
  • Use the “Cancel & Refund” button in Billing or email refund@capac.pro. Refunds are processed within 48 h.
  • Customers who cancel and later re-subscribe are not eligible for a second guarantee period.

6. Rate-Lock

The price of your active Subscription will not increase except with your express written agreement. If you cancel and later return, public pricing then in effect will apply.


7. Data Protection & Security

• Hosting: encrypted data-centres in Paris, France, with supporting EU infrastructure.
• Access: secure LinkedIn OAuth with read-and-write permission; CAPAC writes only the bid change you approve.
• Compliance: GDPR, HIPAA & SOC 2 controls (audit in progress).
• Sub-processors: AWS, Supabase, Slack and other infrastructure, analytics, email and payment providers. See Data Processing Agreement (Appendix A) for full list.
• We store only metrics required for optimisation and delete other personal data.
• Data Processing Agreement (Appendix A) forms part of these Terms.


8. Intellectual Property

All CAPAC code, designs and methods are our exclusive property. We grant you a non-transferable licence to use the Service during a valid Subscription. You retain all rights in Customer Data.


9. Usage Limits

Founding-Member Pass and current yearly plan include unlimited LinkedIn ad accounts and campaigns. CAPAC may add fair-use technical limits solely to prevent abuse.


10. Beta & Future Features

Beta features may change or be withdrawn. Founding-Member Pass holders receive all future betas at no extra charge.


11. Termination

Either party may terminate at any time; when user cancels, fees are non-refundable except within the 30-day guarantee window; when CAPAC cancels, fees are reimbursed pro-rata to the unused period of the contract. Upon termination we delete Customer Data within 30 days unless you hold lifetime storage. User may request a CSV export of all their personal data before deletion (within 30 days upon termination).


12. Disclaimer & Liability

Except as stated here, the Service is provided without warranties. Our total liability is capped at the fees you paid in the preceding 12 months. Neither party is liable for indirect or consequential damages. Specific liability regarding Personal Data Processing is further detailed in Appendix A.


13. Indemnification

You will indemnify CAPAC against claims arising from misuse of the Service or breach of law.


14. Founding-Member Pass

The Founding-Member Pass includes:

  • 40 % lifetime discount on all current and future plans/add-ons
  • 30 % lifetime affiliate commission once the program launches
  • Guaranteed seat in every future beta
  • Unlimited data storage (even if account is On Hold)
  • On-request export of hourly data
  • Early-adopter badge inside the app
  • LinkedIn profile listed on the Founding Members page

Perks are tied to the original purchaser and cannot be transferred.


15. Notices

Email is sufficient notice. Use support@capac.pro for general matters and refund@capac.pro for refund requests when the button is unavailable.


16. Governing Law & Jurisdiction

These Terms are governed by French law; courts of Lyon have exclusive jurisdiction.


17. Export Compliance

You confirm you are not subject to EU or French sanctions and are allowed to receive the Service.


18. Changes to Terms

We may update these Terms; material changes will be emailed with 30 days’ notice. Continued use after that date means acceptance.

Last updated: 26 Nov 2025

Appendix A – Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is Appendix A to, and forms part of, the CAPAC Terms & Conditions (the “Terms”) between:

(1) The Customer identified in the CAPAC account or Subscription checkout (“Customer” or “Controller”); and
(2) CAPAC, registered under SIRET 840 376 487 00012, with registered address at 56 avenue Leclerc, 69007 Lyon, France (“CAPAC”, “we”, “us” or “Processor”).

Capitalised terms not defined in this DPA (such as “Service”, “Subscription” and “Customer Data”) have the meaning given in the Terms. In case of conflict between this DPA and the rest of the Terms, this DPA prevails only with respect to the Processing of Personal Data.

The Terms are the “Main Agreement” for the purposes of this DPA.


1. Subject Matter and Duration

1.1 This DPA governs CAPAC’s Processing of Personal Data on behalf of Customer in connection with the Service, consisting primarily of the analysis of LinkedIn advertising performance data and the provision of bidding recommendations, as further described in Annex 1.

1.2 This DPA applies for as long as CAPAC processes Personal Data on behalf of Customer under the Terms, except where certain obligations (such as data return or deletion) reasonably continue after termination.


2. Roles of the Parties

2.1 For the purposes of applicable data protection laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”), Customer is the “controller” and CAPAC is the “processor” in respect of the Personal Data processed under this DPA.

2.2 “Personal Data”, “Data Subject”, “Processing”, “Processor”, “Controller” and “Supervisory Authority” have the meanings given in the GDPR.


3. Processor’s Obligations

CAPAC shall, in relation to Personal Data it Processes on behalf of Customer:

  • 3.1 Process Personal Data only:
    • (a) on documented instructions from Customer, as set out in this DPA and the Terms and as otherwise reasonably provided by Customer from time to time; or
    • (b) where required by EU or Member State law. In that case, CAPAC shall inform Customer of that legal requirement before Processing, unless the law prohibits such information.
  • 3.2 Ensure that persons authorised to process Personal Data are subject to an appropriate duty of confidentiality (whether contractual or statutory).
  • 3.3 Implement appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk, as described in Annex 2 (Security Measures). CAPAC may update such measures from time to time to reflect evolving best practices and its size and resources, provided that such changes do not materially reduce the overall level of protection for Personal Data.
  • 3.4 Not engage another processor (“Sub-processor”) in a way that materially expands the categories of processing or materially reduces the level of protection, without complying with Section 5 of this DPA.
  • 3.5 Taking into account the nature of the Processing and the information and functionality available to Customer in the Service, provide reasonable assistance to Customer, to the extent Customer cannot itself respond using the Service, in respect of requests from Data Subjects to exercise their rights under data protection law (e.g. access, rectification, erasure, restriction, data portability, objection).
  • 3.6 Notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data processed on behalf of Customer, and provide information reasonably available to CAPAC to allow Customer to meet any obligations to notify Data Subjects or Supervisory Authorities. CAPAC is not responsible for Customer’s legal assessment or notifications.
  • 3.7 Taking into account the nature of Processing and the information available to CAPAC, provide reasonable assistance to Customer, upon written request, with data protection impact assessments and, where strictly required, prior consultations with Supervisory Authorities, in each case only to the extent relating to CAPAC’s Processing of Personal Data under the Terms. CAPAC may charge Customer on a time-and-materials basis for such assistance where this goes beyond basic information about the Service.
  • 3.8 Make available to Customer, upon reasonable written request, information reasonably necessary to demonstrate CAPAC’s compliance with this DPA. Where Customer reasonably requires an audit, the Parties agree that:
    • (a) Customer shall first use any then-current attestations, security reports or summaries CAPAC makes available (e.g. penetration-test reports or SOC-type summaries);
    • (b) any further audit or inspection shall be:
      • (i) subject to at least thirty (30) days’ prior written notice,
      • (ii) conducted no more than once in any twelve (12) month period (unless required by a Supervisory Authority or following a confirmed Personal Data Breach),
      • (iii) performed during normal business hours and in a manner that minimises disruption, and
      • (iv) subject to reasonable confidentiality obligations and restrictions (including with respect to third-party auditors and competitors of CAPAC).
    • (c) Customer shall bear its own costs and, where CAPAC’s support or presence is required beyond making documentation available, Customer shall reimburse CAPAC’s reasonable and demonstrable costs of facilitating the audit.

4. Customer’s Obligations

  • 4.1 Customer is responsible for determining the lawfulness of the Processing of Personal Data under this DPA and the Terms, and for having a valid legal basis for CAPAC’s Processing in connection with the Service.
  • 4.2 Customer shall provide CAPAC with documented instructions for the Processing that are lawful and compatible with this DPA and the Terms, and shall not instruct CAPAC to process Personal Data in a way that would cause CAPAC to violate applicable law.
  • 4.3 Customer remains responsible for its own compliance with applicable data protection laws and for the accuracy, quality and legality of the Personal Data it provides to, or makes available through, the Service.

5. Sub-Processors

  • 5.1 Customer grants CAPAC general written authorisation to engage the Sub-processors listed in Annex 3 (Approved Sub-Processors), as updated from time to time, and additional Sub-processors as reasonably needed to operate, secure and improve the Service.
  • 5.2 CAPAC shall impose data protection obligations on Sub-processors that are no less protective of Personal Data, in all material respects, than those set out in this DPA.
  • 5.3 CAPAC may update the list of Sub-processors by posting an updated version of Annex 3 on its website or within the Service, or by other notice to Customer. Customer may object on reasonable data-protection grounds within thirty (30) days of such notice. If Customer reasonably objects and the Parties cannot resolve the objection in good faith, Customer’s sole and exclusive remedy shall be to terminate the affected portion of the Service (or, if not separable, the Subscription) in accordance with the Terms.
  • 5.4 Where a Sub-processor fails to fulfil its data protection obligations, CAPAC shall remain responsible to Customer for the performance of that Sub-processor’s obligations to the extent required by applicable law.

6. International Transfers

  • 6.1 CAPAC may transfer Personal Data outside the European Economic Area (“EEA”) or to an international organisation where this is necessary to provide, secure or support the Service and provided that such transfers are made:
    • (a) in accordance with Customer’s general instructions under this DPA and the Terms; and
    • (b) subject to appropriate safeguards under Chapter V GDPR (such as the European Commission’s standard contractual clauses) or a relevant adequacy decision.
  • 6.2 Upon reasonable request, CAPAC shall provide Customer with a general description of the safeguards relied upon for such transfers in connection with the Service.

7. Data Return and Deletion

  • 7.1 Upon termination or expiry of the Terms, and in line with Section 11 of the Terms, CAPAC shall:
    • (a) on Customer’s request, provide a copy/export of Personal Data processed on behalf of Customer in a commonly used, structured and machine-readable format (for example, CSV exports of the user’s personal data available via the Service or through support); and
    • (b) delete Personal Data forming part of Customer Data within thirty (30) days of termination, unless:
      • (i) Customer holds lifetime storage under the Terms; or
      • (ii) EU or Member State law requires storage of certain Personal Data for a longer period.
  • 7.2 CAPAC may retain Personal Data in secure backups for a limited period consistent with its backup and disaster-recovery practices, after which the data is overwritten or deleted in the ordinary course of business.
  • 7.3 CAPAC shall provide Customer with written confirmation of deletion upon reasonable request, based on its standard logs and processes.

8. Liability & Indemnity

  • 8.1 Both parties shall be solely liable for all damages, claims, fines, and/or penalties imposed by third parties, competent supervisory authorities, or data subjects that result directly from the party's own breach of or non-compliance with: (i) the provisions of this DPA, and (ii) the GDPR or other applicable data protection laws.
  • 8.2 Each party shall indemnify and hold harmless the other party against any such liability. In case of a breach or non-compliance as described in Section 8.1, the infringing party shall be liable to the other party and must reimburse the latter for all damages and costs, including reasonable legal fees, expenses, and damages directly resulting from such a breach or non-compliance.
  • 8.3 In case of a proven breach by a party of its obligations under this DPA or under the GDPR, the infringing party shall: (a) Be liable for the proven direct damages incurred by the other party; (b) Not be liable for indirect, immaterial, incidental, punitive, or consequential damages, including (but not limited to): loss of profit, loss of opportunities, loss of and/or damage to data, loss of reputation, and unforeseeable damages.
  • 8.4 Each party's total liability towards the other party under this DPA shall in any case be limited to the total fees paid by the Customer to CAPAC during the last twelve (12) months.
  • 8.5 Notwithstanding Section 8.3 (b), the exclusion of liability for indirect or consequential damages and the limitation of liability set forth in Section 8.4 shall not apply to damages arising from damage caused by the gross negligence or willful misconduct of the infringing party.

    • 9. Changes to this DPA

    • 9.1 CAPAC may update this DPA (including its Annexes) from time to time to reflect changes to the Service, applicable law, industry practice or CAPAC’s size and resources, provided that CAPAC does not materially reduce the overall level of protection for Personal Data.
    • 9.2 Material changes will be notified to Customer (for example, by email or in-app notice). Continued use of the Service after the effective date of the updated DPA constitutes acceptance of the updated DPA.

    10. Miscellaneous

    • 10.1 In the event of any conflict or inconsistency between this DPA and the rest of the Terms, this DPA shall prevail in relation to the Processing of Personal Data; otherwise, the Terms control.
    • 10.2 If any provision of this DPA is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
    • 10.3 This DPA is governed by the same law and jurisdiction as the Terms (French law; courts of Lyon), unless required otherwise by applicable data protection law.

    Annex 1 – Description of Processing

    This Annex 1 provides a general description of the Processing under the DPA. The way CAPAC processes Personal Data may evolve over time as the Service is improved or new features are added, but will remain consistent with this description, the Terms and applicable law.

    1. Subject-Matter of the Processing

    CAPAC provides an analytics and optimisation platform for LinkedIn advertising campaigns. CAPAC analyses campaign performance data (e.g. spend, impressions, clicks, conversions and related metrics) to generate bidding analysis and bid recommendations, which Customer can apply to LinkedIn in one click via Customer’s LinkedIn ad account. CAPAC also collects limited usage analytics for the Service (web application) and the marketing website (using, for example, Google Analytics and Microsoft Clarity) to understand how users interact with the Service and to improve it.

    2. Duration of the Processing

    Processing is carried out for the duration of the Terms, plus any reasonable post-termination period required for data return and deletion as described in the DPA and in Section 11 of the Terms.

    3. Nature and Purpose of the Processing

    The Processing generally includes, as applicable:

    • Collection (via LinkedIn APIs and Stripe, as applicable) of Customer’s LinkedIn advertising performance data and limited user account data;
    • Storage of such data in CAPAC’s databases for the purposes of providing, maintaining and improving the Service;
    • Analysis and modelling of advertising performance data in order to provide bidding analysis, forecasts and bid recommendations;
    • Export of updated bid recommendations from CAPAC’s platform to Customer’s LinkedIn ad account on Customer’s instruction (one-click bid updates);
    • Billing and Subscription management via Stripe;
    • Communication with users via email for service-related messages and product updates;
    • Collection and analysis of usage analytics for the website and web application (e.g. pages visited, actions taken, session information) to measure performance, detect issues and improve the Service.

    4. Types of Personal Data

    CAPAC generally processes the following categories of Personal Data on behalf of Customer (actual data will depend on how Customer uses the Service):

    • For users of the Service (employees or representatives of Customer):
      • Email address;
      • LinkedIn public profile information (such as name, LinkedIn user ID, job title and description);
      • Company LinkedIn ad account IDs that the user connects;
      • Purchase and Subscription history related to the Service (via Stripe).
    • Usage and analytics data (website and web application):
      • Online identifiers such as IP address, device identifiers and cookies or similar technologies;
      • Browser type, operating system, device type;
      • Pages viewed, features used, click paths and interaction data;
      • Timestamps, session duration and basic location information derived from IP (e.g. city/country level).
    • Advertising performance data:
      • Campaign-level and ad-level metrics such as spend, impressions, clicks, conversions, number of leads, number of website visits, timestamps and costs.
      • This data is stored and processed as aggregated metrics and does not include personal data of Customer’s prospects or customers (no names, emails or other identifiers of leads are stored by CAPAC).

    5. Categories of Data Subjects

    • Employees and authorised users of Customer who use the Service;
    • Representatives of Customer whose details are provided for billing or account management purposes;
    • Visitors and users of the Service’s web application and CAPAC’s marketing website, to the extent they are associated with Customer’s use of the Service.

    CAPAC does not intentionally process Personal Data relating to Customer’s prospects or customers; only aggregated, non-identifiable campaign metrics are stored.

    6. Data Location and Retention

    • Location: CAPAC stores Service data in databases hosted in secure, encrypted data-centres located in Paris, France, and supporting infrastructure in the EU, as described in Section 7 of the Terms. Certain Sub-processors may store or access limited Personal Data outside the EU, subject to appropriate safeguards (see Annex 3).
    • Retention of advertising performance data: aggregated LinkedIn ad performance data (spend, impressions, clicks, conversions and related metrics) is generally retained for up to three (3) months on a rolling basis and is then deleted or irreversibly aggregated.
    • Retention of account-related Personal Data (user and billing data): stored for as long as Customer maintains an active account on the Service and deleted:
      • within thirty (30) days after account deletion; or
      • after one (1) year of inactivity; or
      • earlier upon Customer’s request, subject to any legal obligations to retain certain records (e.g. invoicing data), in line with the Terms.
    • Retention of usage analytics data: retained for the period reasonably necessary to analyse usage trends and improve the Service, and then deleted or aggregated in accordance with CAPAC’s internal policies and, where applicable, the settings of the relevant analytics tools.

    Annex 2 – Security Measures

    CAPAC implements technical and organisational measures designed to protect Personal Data, taking into account the nature of the Processing, the risks involved, and CAPAC’s size and resources, These measures include, as appropriate:

    • Data hosting & encryption
      • Service data stored in databases hosted in secure, encrypted data-centres located in Paris, France, with supporting infrastructure in the EU.
      • Encryption of data in transit (e.g. TLS/HTTPS) and encryption of data at rest within the database, where appropriate.
    • Access control and authentication
      • Role- or function-based access control and “least privilege” access to production systems, appropriate to CAPAC’s size and organisation.
      • Access to production data restricted to a limited number of authorised personnel with a business need.
      • Reasonable password policies and session management.
      • Authentication to the Service is performed via LinkedIn OAuth, allowing users to authorise the Service without sharing LinkedIn passwords.
    • Application and infrastructure security
      • Regular updates and patching of systems and dependencies, in a commercially reasonable timeframe.
      • Secure configuration of databases and infrastructure components (including environments on AWS, Supabase and MongoDB-based services).
      • Logging and monitoring of access to systems Processing Personal Data, in line with CAPAC’s internal practices.
    • Data segregation and minimisation
      • Only data strictly necessary to provide and improve the Service is stored.
      • Advertising performance data is stored as aggregated metrics and does not contain identifiable lead or customer data.
    • Backups and continuity
      • Regular backups of critical data and systems to enable recovery in case of an incident.
      • Tested procedures, at a scale appropriate to CAPAC’s size, for restoring data from backups where necessary.
    • Organisational measures
      • Internal practices and guidance on data protection and information security.
      • Confidentiality obligations for staff with access to Personal Data.
      • Security and privacy awareness for relevant personnel.

    CAPAC may refine or update these measures from time to time to reflect evolving risks, technologies and CAPAC’s growth, provided that such changes do not materially reduce the overall level of protection for Personal Data.

    Annex 3 – Approved Sub-Processors

    The following Sub-processors are currently authorised to process Personal Data on behalf of Customer in connection with the Service (complementing the summary in Section 7 of the Terms). This list may be updated from time to time in accordance with Section 5 of the DPA.

    1. Database hosting provider / MongoDB environment
      Service: Cloud database hosting and storage of Service data (including Personal Data) in data centres located in Paris, France.
      Role: Infrastructure and database provider.
      Location: France (EEA).

    2. Amazon Web Services (AWS)
      Service: Cloud infrastructure services used to host parts of the application stack, including application servers, storage and related infrastructure components supporting the provision of the Service.
      Personal Data processed: any Personal Data stored or processed within the Service to the extent hosted on AWS infrastructure.
      Location: Primarily EU regions; may include other regions where configured.
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR (such as the European Commission’s standard contractual clauses or an adequacy decision).

    3. Supabase
      Service: Managed backend services (such as databases, authentication and APIs) used to support features of the Service and store certain Service-related data.
      Personal Data processed: user account data and usage data to the extent necessary for the features that rely on Supabase (e.g. application metadata, usage events, configuration data).
      Location: EU-based infrastructure where available; may include other regions depending on configuration.
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR.

    4. Loops.so
      Service: Email communication platform used to send service-related emails and product communications to users.
      Personal Data processed: user email address, name and any necessary usage metadata for email delivery.
      Location: Various (may include locations outside the EEA).
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR.

    5. Stripe
      Service: Payment processing, Subscription and billing management.
      Personal Data processed: user email address, name, billing-related identifiers, and transaction history where necessary for billing and invoicing.
      Location: Various (may include locations outside the EEA).
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR.

    6. Google LLC – Google Analytics
      Service: Usage analytics on CAPAC’s marketing website and web application (e.g. pages visited, events, session information) to understand how users interact with the Service and to improve it.
      Personal Data processed: online identifiers (e.g. cookies or similar IDs), truncated IP address, device and browser information, usage and event data, timestamps and approximate location derived from IP.
      Location: Various (may include locations outside the EEA).
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR (such as the European Commission’s standard contractual clauses or an adequacy decision), in combination with configuration measures (e.g. IP anonymisation where available).

    7. Microsoft Corporation – Clarity
      Service: Session replay and user experience analytics on CAPAC’s marketing website and web application to understand behaviour, detect issues and improve the user experience.
      Personal Data processed: online identifiers (e.g. cookies or similar IDs), IP address (which may be truncated or masked), device and browser information, usage and interaction data (e.g. mouse movements, clicks, scrolls), timestamps and approximate location derived from IP, subject to configuration.
      Location: Various (may include locations outside the EEA).
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR, together with appropriate configuration settings.

    8. Slack Technologies, LLC (Slack)
      Service: Internal communication and collaboration platform used by CAPAC’s team, including for customer support and incident management related to the Service.
      Personal Data processed: contact details (such as name and email) and limited account or usage information that may be shared in support or operational communications, as well as the content of such communications.
      Location: Various (may include locations outside the EEA).
      Transfers: Where data is transferred outside the EEA, CAPAC relies on appropriate safeguards in accordance with Chapter V GDPR.

    Optimizing Manual Bidding for LinkedIn Ads.

    Pricing →
    Contact Us →
    Terms & Conditions →
    LinkedIn Page →
    © CAPAC 2025