Privacy Policy

Last updated: 14 April 2026

This Privacy Policy explains how FRAXBIT DIGITAL SRL("Fraxbit," "we," "us," or "our"), the operator of the ClosePeak service (the "Service"), collects, uses, discloses, and protects information when you access or use closepeak.com, our mobile or desktop applications, APIs, and any other products or services that link to this Privacy Policy (collectively, the "Service"). By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with any part of this Privacy Policy, you must not use the Service. This Privacy Policy is incorporated by reference into our Terms of Service.

1. Who we are and how to contact us

The data controller for personal information processed in connection with the Service is FRAXBIT DIGITAL SRL, a company registered in Romania. You can contact us by email at privacy@closepeak.com for any privacy-related questions, requests, or complaints.

2. Information we collect

We collect information in the following categories:

2.1 Information you provide directly

  • Account information: name, email address, password (stored only as a salted hash), profile image, and workspace name.
  • Billing information: billing name, email, country, and payment method details. Payment card details are processed and stored by our payment processor, Stripe, Inc.; we never receive or store full card numbers.
  • Workspace content:any data you or members of your workspace create, upload, or import into the Service — including leads, contacts, companies, notes, tasks, conversations, messages, templates, automations, tags, custom fields, and attachments ("Customer Data").
  • AI prompts and outputs: when you use AI features, the text of your prompts and the generated responses.
  • Communications with us: emails, support tickets, feedback submissions, and any other correspondence.
  • Third-party credentials: OAuth tokens, API keys, or similar credentials that you choose to connect (for example, Google Workspace, Gmail, Instagram, TikTok, Anthropic, OpenAI).

2.2 Information collected automatically

  • Device and log data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, timestamps, clickstream data, and crash reports.
  • Usage data: feature usage, session duration, frequency of use, and interaction patterns.
  • Cookies and similar technologies: session cookies, persistent cookies, and local storage, used for authentication, preferences, security, and analytics. See Section 10 for details.

2.3 Information from third parties

  • OAuth providers: if you sign in with Google or a similar provider, we receive your name, email address, and profile image as authorized by you.
  • Public data sources: when you use the Lead Finder or similar discovery features, we query public APIs (for example, Google Places, PageSpeed Insights, Companies House) and return the results to you. We do not retain this data outside your workspace.

3. How we use your information

We use the information described above to:

  • Provide, operate, maintain, and improve the Service;
  • Authenticate you and secure your account;
  • Process payments, subscriptions, trials, refunds, and other billing events;
  • Send transactional emails (account notices, receipts, password resets, security alerts, and service announcements);
  • Respond to your requests, questions, and support tickets;
  • Detect, investigate, and prevent fraud, abuse, security incidents, and activity that violates our Terms of Service;
  • Generate aggregated and anonymized usage statistics to improve the Service and develop new features;
  • Comply with legal obligations and enforce our agreements;
  • With your consent, send you marketing communications about product updates, promotions, and related services. You can opt out at any time via the unsubscribe link in any such email.

We do not sell your personal information or your Customer Data. We do not use your Customer Data to train generative AI models. When you use AI features, prompts and outputs are transmitted to the AI provider you have configured (for example, Anthropic or OpenAI) only to fulfill your request.

4. Legal bases for processing (EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, we rely on the following legal bases:

  • Performance of a contract: to provide the Service you have requested, authenticate you, and process your payments.
  • Legitimate interests: to secure the Service, prevent fraud and abuse, improve the product, and communicate with you about your account. We assess these interests against your rights and freedoms in each case.
  • Consent: for non-essential cookies, marketing communications, and certain optional integrations. You can withdraw your consent at any time.
  • Legal obligation: to comply with applicable laws, court orders, and regulatory requirements.

5. How we share information

We share information only as described below:

5.1 Subprocessors and service providers

We use trusted third parties to operate and deliver the Service. These subprocessors may access personal information only as necessary to perform their services and are bound by contractual confidentiality and data protection obligations:

  • Hosting and infrastructure: our virtual private server provider (Verpex Hosting), which hosts the Service and database.
  • Payment processing: Stripe, Inc. (card processing, invoicing, tax calculation).
  • Transactional email: our SMTP provider for sending account and system emails.
  • Authentication: Google LLC (if you sign in with Google).
  • AI providers:Anthropic, PBC and OpenAI, L.L.C., when you use AI features and have configured an API key. Prompts and outputs are transmitted directly to the provider you have chosen, and governed by that provider's terms and privacy policy.
  • Public data APIs: Google LLC (Places and PageSpeed Insights) and similar sources, used only for Lead Finder queries you initiate.

5.2 Within your workspace

Information you submit to a workspace is visible to other members of that workspace according to their role and permissions. If you are invited to an existing workspace, its owner and administrators may see your name, email address, role, and activity within the workspace.

5.3 Legal and safety disclosures

We may disclose information if we reasonably believe disclosure is required or permitted to: (i) comply with applicable law, regulation, subpoena, court order, or other legal process; (ii) protect the rights, property, or safety of Fraxbit, our users, or the public; (iii) enforce our Terms of Service or investigate potential violations; or (iv) detect, prevent, or address fraud, security, or technical issues.

5.4 Business transfers

If Fraxbit is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any material changes to this Privacy Policy.

6. International data transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United Kingdom, the European Union, and the United States. Where such transfers are subject to laws like the UK GDPR or the EU GDPR, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Agreement, to protect your information.

7. Data retention

We retain your information for as long as your account is active and for a reasonable period afterwards to comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data: retained while the account is active. Following cancellation or deletion, account and workspace data are permanently deleted within 90 days, except where we are required or permitted by law to retain them longer.
  • Billing records: retained for as long as required by applicable tax and accounting laws (typically 6–10 years).
  • Logs and security records: retained for up to 12 months for security, fraud prevention, and troubleshooting.
  • Backups: residual copies may remain in encrypted backups for up to 30 days following deletion.

8. Security

We implement reasonable technical and organizational measures designed to protect your information, including encryption of data in transit (HTTPS/TLS), encryption of sensitive fields at rest, access controls, password hashing with bcrypt, rate limiting, regular software updates, and audit logging. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials, API keys, and OAuth tokens confidential.

9. Your rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you;
  • Rectification: correct inaccurate or incomplete information;
  • Erasure: request deletion of your information, subject to legal retention requirements;
  • Restriction: ask us to temporarily limit how we process your information;
  • Portability: receive a copy of your data in a structured, machine-readable format;
  • Objection: object to processing based on legitimate interests or direct marketing;
  • Withdraw consent: where we rely on consent, you can withdraw it at any time without affecting prior lawful processing;
  • Complaint:lodge a complaint with a data protection authority (for UK users, the Information Commissioner's Office at ico.org.uk).

To exercise these rights, email privacy@closepeak.com. We will respond within one month of receipt, subject to reasonable verification of your identity. Certain rights may be limited where they conflict with our legitimate interests, contractual obligations, or legal duties.

Customer Data: If you are an end user whose personal information has been uploaded to a workspace by another party (for example, as a lead or contact), please direct your requests to the workspace that controls that data. Fraxbit acts as a data processor for Customer Data and will assist workspace owners in responding to such requests.

10. Cookies and similar technologies

We use cookies and similar technologies for the following purposes:

  • Strictly necessary: authentication, session management, security, and load balancing. These cannot be disabled without breaking the Service.
  • Preferences: remembering your settings (for example, sidebar state, active workspace).
  • Analytics: understanding how the Service is used so we can improve it. Subject to your consent where required.

You can manage cookies through your browser settings. Disabling strictly necessary cookies will prevent you from using the Service.

11. Children

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice in the Service before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

13. Contact

For questions or requests relating to this Privacy Policy, contact:

FRAXBIT DIGITAL SRL
Email: privacy@closepeak.com