Privacy Policy
Last updated: [Date]
1. Who We Are
CloseQ is a B2B SaaS platform for sales call quality analysis and team coaching, operated by [Company Name], registered at [Company Address], registration number [Company Registration Number].
For the purposes of the General Data Protection Regulation (GDPR), we act as a data processor when processing call data on behalf of our customers (the data controllers), and as a data controller for our own account management, marketing, and website operations.
Data Protection Contact: privacy@closeq.io
2. What Data We Collect
2.1 Account Data
When you create an account or are invited to a workspace, we collect your full name, email address, role in the organization, timezone, and interface preferences.
2.2 Call Data
When calls are uploaded or synced through integrations, we process audio recordings, call metadata (duration, timestamp, outcome), client information (name, email, phone — as provided by you or your integration), talk ratio data, and representative comments.
2.3 AI-Generated Data
Our platform uses artificial intelligence to analyze call recordings. This generates transcriptions, call summaries, quality scores (0–100), coaching notes, recommendations, and identified issues.
2.4 Workspace & Team Data
Team name, invitations (invited email, status), integration connection tokens (encrypted), and API keys for data ingestion (stored as cryptographic hashes).
2.5 Technical Data
IP address, browser user-agent (server logs), pages visited, and error logs.
2.6 Website Visitors
When you visit our website, we collect only data necessary for the site to function. We do not use third-party analytics or advertising trackers.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the CloseQ service | Performance of contract (Art. 6(1)(b)) |
| AI transcription and analysis of calls | Legitimate interest (Art. 6(1)(f)) — core service |
| User authentication and session management | Performance of contract (Art. 6(1)(b)) |
| Sending service-related emails | Performance of contract (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. AI Processing
What the AI Does
Converts audio to text (speech-to-text), analyzes call content against sales quality frameworks, generates coaching feedback, quality scores, and recommendations, and identifies conversation patterns and areas for improvement.
What the AI Does NOT Do
We do not perform emotion recognition or sentiment analysis of employees. Our AI evaluates the content, structure, and technique of sales conversations — not the emotional state of participants. This is in compliance with the EU AI Act (Regulation 2024/1689). We do not use biometric identification, and we do not make automated decisions with legal or similarly significant effects without human oversight.
Human Oversight
All AI-generated outputs are presented as suggestions for review by managers and team members. No automated decisions are made solely based on AI analysis.
We do not use your data to train AI models. Your data is processed solely for the purpose of providing the service.
5. Data Sharing
We share personal data only with service providers (sub-processors) necessary to operate CloseQ. Each has been assessed for GDPR compliance, and we have Data Processing Agreements in place. See the full list on our Sub-processor List.
Data within CloseQ is shared within your workspace according to role-based access controls. We do not sell personal data to third parties or share data for advertising purposes.
6. International Data Transfers
Some of our sub-processors are based outside the European Economic Area (EEA). We ensure appropriate safeguards for all international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-US Data Privacy Framework where applicable.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| User account data | Duration of subscription + 90 days |
| Call audio recordings | Per workspace settings, default 12 months |
| Transcriptions & AI analysis | Duration of subscription |
| Server/application logs | 90 days |
| Billing and payment records | As required by tax law (5–10 years) |
After the retention period expires, data is deleted or irreversibly anonymized. When a customer terminates their subscription, all data is deleted within 90 days.
8. Your Rights
Under the GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Restriction — limit how we process your data
- Data Portability — receive your data in a machine-readable format (JSON, CSV)
- Objection — object to processing based on legitimate interest
- Withdraw Consent — where consent is the legal basis
If you are a CloseQ user, contact your workspace administrator (your employer), who is the data controller for your call data. For your account data or as a website visitor, contact us directly at privacy@closeq.io. We respond within 30 days.
You have the right to lodge a complaint with a supervisory authority. In Poland, the relevant authority is Prezes Urzędu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warszawa.
9. Data Security
We implement appropriate technical and organizational measures including: encryption in transit (TLS) and at rest (AES-256), Row-Level Security at the database level, role-based access controls, secure authentication (httpOnly cookies, PKCE), API keys stored as cryptographic hashes, and time-limited signed URLs for audio file access.
11. Children's Data
CloseQ is a business-to-business service not intended for individuals under 18. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 30 days before they take effect.
13. Contact
For questions about this Privacy Policy: privacy@closeq.io