Privacy Policy

Last updated: April 16, 2026

1. Data Controller

Closly ("we", "us", or "our") operates the website closly.app and all associated subdomains (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

For any privacy-related inquiries, you can reach us at privacy@closly.app.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information

When you create an account, we collect your name, email address, and password. If you sign in via a third-party provider (Google), we receive your name, email address, and profile identifier from that provider. We do not receive or store your third-party account password.

2.2 Voice and Call Data

Our Service provides AI-powered simulated voice calls for sales training purposes. When you participate in a training call, we collect:

  • Audio recordings of the simulated call
  • Transcripts generated from those recordings
  • AI-generated feedback, evaluation scores, and performance summaries
  • Call duration and technical metadata

2.3 Chat and Messaging Data

When you interact with AI-simulated leads via our text chat feature, we store the messages exchanged during those training sessions.

2.4 Usage and Performance Data

We collect data about how you use the Service, including appointment scheduling activity, performance audit results, and general interaction patterns within the platform.

2.5 Technical Data

We automatically collect certain technical information, including browser type, device type, IP address, and pages visited. We also store your audio device preferences (microphone and speaker selection) locally on your device.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Providing the Service: to create and manage your account, deliver AI-powered voice training, generate feedback and performance analytics, and facilitate team management features.
  • Improving the Service: to analyze usage patterns, diagnose technical issues, and develop new features.
  • Communication: to send you essential service-related notifications (e.g., account verification, security alerts, material changes to our terms).
  • Legal compliance: to comply with applicable laws, regulations, and legal processes.

4. Legal Bases for Processing (GDPR Art. 6)

We rely on the following legal bases to process your personal data:

  • Performance of a contract (Art. 6(1)(b)): processing is necessary to provide the Service you have signed up for, including account management, AI training calls, and performance analytics.
  • Legitimate interest (Art. 6(1)(f)): processing is necessary for our legitimate interests in improving the Service, ensuring security, and preventing abuse, provided these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): where we rely on your consent (e.g., for optional analytics), you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)): where we are required by law to process certain data.

5. Third-Party Service Providers

We share your data with the following categories of third-party processors, each of which processes data on our behalf and under our instructions:

  • Supabase, Inc. (United States) — authentication services and database hosting. Processes your account credentials and session data.
  • Vapi, Inc. (United States) — AI voice call infrastructure. Processes your voice audio during simulated training calls.
  • OpenAI, Inc. (United States) — AI language model services. Processes call transcripts and chat messages to generate training feedback, evaluations, and performance audits.
  • Vercel, Inc. (United States) — hosting, content delivery, and anonymized web analytics.

We do not sell your personal data to any third party, nor do we share it for advertising purposes.

6. International Data Transfers

Some of our third-party service providers are based in the United States. When your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • The EU-U.S. Data Privacy Framework, where the recipient is certified
  • EU Standard Contractual Clauses (SCCs) approved by the European Commission

You may request a copy of the relevant safeguards by contacting us at privacy@closly.app.

7. Cookies and Local Storage

We use strictly necessary cookies to manage your authenticated session. These cookies (prefixed with sb-) are set by our authentication provider (Supabase) and are essential for the Service to function. They cannot be disabled.

We use Vercel Web Analytics, which collects anonymized, aggregated usage data without placing any cookies on your device.

We store your audio device preferences (microphone and speaker selection) in your browser's local storage. This data never leaves your device.

We do not use any marketing, advertising, or third-party tracking cookies.

8. Data Retention

We retain your personal data for as long as your account is active and as needed to provide the Service. When you or your organization's administrator deletes your account, we will delete or anonymize your personal data within 30 days, unless we are legally required to retain certain data for a longer period (e.g., for tax or legal compliance purposes).

Call recordings, transcripts, and AI-generated feedback are retained for the lifetime of your account to enable ongoing performance tracking and training analytics.

9. Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of access (Art. 15): you may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): you may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): you may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Art. 18): you may request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20): you may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): you may object to processing based on legitimate interest at any time.
  • Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@closly.app. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority in your EU Member State of residence, place of work, or place of the alleged infringement.

10. Automated Decision-Making

Our Service uses artificial intelligence to generate training feedback, performance scores, and coaching suggestions. These AI-generated outputs are provided solely for educational and training purposes. They do not constitute automated decision-making that produces legal effects or similarly significantly affects you within the meaning of GDPR Art. 22.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/HTTPS), secure authentication mechanisms, and access controls limited to authorized personnel.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Age Requirement

The Service is intended for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a prominent notice on our Service or by sending you an email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: privacy@closly.app