Privacy Policy

Captain Obvious ("Captain Obvious", "we", "us", or "our"), operated by Joseph Kinsley from 10 Brookwood Road, Clifton, NJ 07012, respects your privacy and takes the handling of your personal information seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have to access or delete it.

This policy applies to captainobvious.fun and the services we provide through it: web design and hosting, the SEO Engine, the TV Station signage platform, the Captain Obi AI assistant, business email, domains, marketing automation, and any other service we operate under the Captain Obvious name.

If you are a customer of one of our clients (for example, you bought a ticket through a venue we host, or interacted with a business whose website we built), that business is the controller of your relationship with them — but your data may pass through our infrastructure. Section 4 explains exactly what passes through and what does not.

We use the information described in Section 2 for these specific purposes:

• To deliver the service you asked for — building your website, hosting your site, running your SEO, displaying content on your TV signage, answering your support requests, processing your subscription
• To communicate with you — replying to your inquiries, sending invoices and renewal reminders, sending security alerts
• To improve our services — analyzing aggregated, de-identified usage of our admin tools to identify rough edges. We do not analyze individual customer data to "train" anything against you.
• To investigate abuse and protect our infrastructure — security logs are reviewed when we see signs of attack
• To comply with the law — for example, retaining transaction records for tax purposes, or responding to a valid court order

What we do NOT do with your data: we do not use it to target ads at you, we do not feed it to third-party AI training models, we do not enrich our profiles of you from data brokers, we do not score you for anything you did not consent to.

We share your information only with the service providers we use to run our infrastructure, and only the data they need. We do not sell or rent information. Below is the complete, current list of sub-processors and what each one receives.

Payment processing

• Stripe, Inc. (United States) — processes card payments. Stripe holds card details; we receive only a customer ID and last 4 digits.
• PayPal Holdings, Inc. (United States) — processes PayPal payments.

AI and automated processing

• Anthropic, PBC (United States) — provides the Claude model that powers Captain Obi. When you chat with Obi, the message content is sent to Anthropic API to generate a response.
• OpenAI, L.L.C. (United States) — fallback AI provider in specific automation tasks.
• Perplexity AI, Inc. (United States) — research queries inside Captain Obi.

Infrastructure

• Cloudflare, Inc. (United States) — DNS, DDoS protection, and a web application firewall sit in front of our servers.
• Self-hosted Mailcow — all transactional email is sent through our own Mailcow server on dedicated infrastructure. Email content does not pass through SendGrid, Mailgun, Postmark, or similar third-party transactional email providers.
• GoDaddy, LLC (United States) — handles domain registration when you buy a domain through us.
• Google LLC (PageSpeed Insights API) — when you run a free SEO audit, your target URL is sent to Google PageSpeed Insights to generate the report.
• Twilio, Inc. (United States) — SMS notifications, if you opt in.

Anti-abuse

• Google reCAPTCHA / Cloudflare Turnstile / hCaptcha — bot-prevention challenges may run on form submissions.

Other sharing

• Legal compliance — if served with a valid court order, subpoena, or government request.
• Successor in interest — if Captain Obvious is acquired or merged, your data may transfer to the acquirer subject to the protections of this policy.

We do not authorize any sub-processor listed above to use your information for their own purposes.

We retain your information only as long as we need it for the purpose it was collected, or as long as the law requires.

• Authentication tokens — refresh tokens automatically expire and are deleted.
• Captain Obi chat conversations — retained for active customers as part of their service history. Inactive conversations are flagged for deletion after the retention window in your service agreement.
• Verification codes — expire automatically (typically within hours) and are deleted from active storage.
• Lead and form submissions — retained while we are in active discussion. If you do not become a customer, your lead record is purged or anonymized within 24 months.
• Customer records (active customers) — retained for the duration of your service relationship plus any period legally required afterward.
• Billing and transaction records — retained for 7 years as required by U.S. federal and New Jersey state tax law.
• Server access logs — retained for up to 90 days for security investigations, then rotated and deleted.
• Email delivery logs — retained for 90 days for delivery verification and troubleshooting on our self-hosted Mailcow server.

If you ask us to delete your information sooner, we will do so to the extent we are legally permitted (we cannot, for example, delete transactional records during the required 7-year tax retention period).

Under New Jersey law, and depending on where you reside, you may have additional rights under other laws (such as the California Consumer Privacy Act or the EU General Data Protection Regulation). The following rights are available to all of our customers, regardless of jurisdiction:

• Right to access — request a copy of the personal information we hold about you
• Right to correction — ask us to fix inaccurate or out-of-date information
• Right to deletion — ask us to delete your personal information (subject to the retention requirements in Section 6)
• Right to portability — receive a copy of your information in a structured, machine-readable format
• Right to opt out — unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or emailing privacy@captainobvious.fun
• Right to non-discrimination — exercising any of the above rights will not result in worse service, higher prices, or any other punishment

To exercise any of these rights, email privacy@captainobvious.fun. We will respond within 30 days. We may need to verify your identity before fulfilling a request, particularly for deletion or data-export requests, to protect against impersonation.

9.1 Children privacy

Our services are intended for businesses and adults. We do not knowingly collect personal information from children under 13. If you believe a minor has provided information to us, please contact us and we will delete it.

9.2 International users

Our infrastructure is located in the United States. If you access our services from outside the U.S., your information will be transferred to and processed in the United States. Several of our sub-processors (listed in Section 4) also operate in the U.S.

9.3 Third-party links

Our site links to third-party sites we do not control. We are not responsible for their privacy practices. Please review their privacy policies before providing information.

9.4 Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will notify active customers by email at least 30 days before the change takes effect, when reasonably possible.

9.5 Governing law

This Privacy Policy is governed by the laws of the State of New Jersey, without regard to its conflict-of-laws principles.