Legal

Privacy Policy

Last Updated: April 2026 • Effective Date: April 1, 2026

This Privacy Policy governs the use of CLOZR's platform, website, API, and related services (collectively, the "Services") operated by CLOZR, Lda., a company incorporated under Portuguese law ("CLOZR", "we", "us", or "our"). By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1 Who We Are

CLOZR is an AI-powered B2B field sales execution and coaching platform. We process voice recordings submitted by sales representatives to extract structured sales data, score visit quality, and deliver targeted coaching feedback to sales teams and their managers.

For the purposes of EU/EEA data protection law (GDPR), CLOZR acts as a Data Processor for audio content submitted by your sales team (on behalf of your company as Data Controller), and as a Data Controller for account management, billing, and platform usage data.

2 What Data We Collect

Account & Identity Data

Full name, work email, company name, job title, phone number, and password (hashed). Collected when you register or onboard.

Voice & Audio Data

Audio recordings (voice notes) submitted by sales representatives after field visits. These are processed using AI transcription and immediately discarded from our temporary processing buffer after analysis is complete. Audio files may be retained on encrypted storage for a maximum of 90 days to support playback review, after which they are permanently deleted.

Sales & Visit Data

Transcripts, AI-extracted CRM data (client names, budgets, objections, next steps), visit scores, and coaching feedback. This data belongs to your company and is retained for the duration of your subscription plus 30 days following cancellation, unless you request earlier deletion.

Billing & Payment Data

Payment card details are processed exclusively by our PCI-DSS-compliant payment processor (Stripe). We do not store raw card numbers. We retain billing records (amounts, dates, plan) as required by applicable financial and tax regulations.

Usage & Technical Data

IP addresses, browser/device type, session timestamps, feature usage logs, and error logs. Used for security monitoring, fraud prevention, and product improvement.

Communications Data

Messages sent via our contact form, support tickets, and email correspondence.

3 Legal Basis for Processing (GDPR)

We rely on the following legal bases to process your personal data:

  • Contractual necessity: Processing required to provide you the Services under our Terms of Service (account data, visit processing, billing).
  • Legitimate interests: Security monitoring, fraud prevention, product analytics, and service improvement — where such interests are not overridden by your fundamental rights.
  • Legal obligation: Retaining billing records as required by tax and accounting law.
  • Consent: Where we ask for marketing communications or optional analytics tracking, we rely on your explicit consent, which you may withdraw at any time.

4 How We Use Your Data

  • Deliver, operate, and maintain the Services
  • Transcribe voice notes and extract structured sales data via AI
  • Generate and deliver AI coaching feedback to sales reps and managers
  • Detect and prevent misuse, fraud, and abuse of the platform
  • Process billing and manage your subscription
  • Respond to support requests and communications
  • Send transactional emails (invoices, alerts, weekly reports you configure)
  • Comply with legal obligations

We never use your voice data or sales data to train public AI models. Your data stays in your isolated environment only.

5 Data Security & Storage

We apply enterprise-grade security measures to protect all data:

  • Encryption in transit: All data transmitted between your devices and our servers uses TLS 1.3.
  • Encryption at rest: All stored data (including audio files and database records) is encrypted with AES-256.
  • Access controls: Strict role-based access controls ensure employees can only access data necessary for their job function.
  • Infrastructure: We use Supabase (hosted on EU-region AWS) for database storage. All data remains within the European Economic Area by default.
  • Isolation: Each company's data is logically isolated via Row Level Security (RLS). One company cannot access another's data under any circumstances.

Despite our best efforts, no security system is impenetrable. In the event of a data breach affecting your rights, we will notify you and the appropriate supervisory authority within 72 hours as required by GDPR.

6 Data Sharing & Third Parties

We do not sell, rent, or trade your personal or company data to third parties. We share data only with the following categories of trusted sub-processors, each bound by strict Data Processing Agreements (DPAs):

Supabase
Database & authentication infrastructure. EU region.
OpenAI
AI transcription (Whisper) and coaching generation (GPT API). Data is not used for model training per our enterprise Data Processing Agreement.
Stripe
Payment processing. PCI-DSS Level 1 compliant.
Resend
Transactional email delivery (reports, alerts). Processes email addresses only.
Vercel
Web application hosting and CDN. EU edge network.

We may disclose data to law enforcement or legal authorities if required by applicable law, a court order, or to protect the legal rights, safety, and property of CLOZR, our users, or the public.

7 Data Retention

AUDIO

Raw voice notes retained for max 90 days then permanently deleted.

VISITS

Visit transcripts, scores, and coaching data retained for the lifetime of your subscription + 30 days post-cancellation.

ACCOUNT

Account data retained for 30 days after account deletion request, then permanently purged.

BILLING

Invoices and transaction records retained for 7 years as required by Portuguese/EU tax law.

LOGS

Server and access logs retained for 90 days for security purposes.

8 Your Rights

Under GDPR and applicable data protection law, you have the following rights regarding your personal data:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we process your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@getclozr.app. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in Portugal: CNPD — Comissão Nacional de Proteção de Dados).

9 Cookies & Tracking

We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may impair platform functionality.

10 Children's Privacy

Our Services are designed exclusively for business use by adults aged 18 and over. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted data, we will delete it promptly.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last Updated" date at the top of this document. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

12 Contact & Data Protection Officer

For privacy-related questions, data requests, or concerns, contact us at:

CLOZR, Lda.

Privacy & Data Protection

privacy@getclozr.app