Privacy Policy

Last updated: 2026-05-14. This document is the CloseHunt starting baseline, adapt with your DPO before going live.

1. Who we are

CloseHunt ("we", "us") is the controller for data you submit when you create an account, and the processor for the lead data you upload on behalf of your end-customers.

2. Data we process

• Account data: name, work email, hashed password.
• Workspace data: organisation name, settings, integration tokens.
• Customer-uploaded lead data: business contact details, company info, intent signals.
• Conversation data: outbound + inbound turns across every connected channel (email, LinkedIn, WhatsApp, Telegram, IG, Messenger, SMS, voice transcripts).
• Operational logs: activity records, consent events, webhook payloads, LinkedIn-safety incidents.

3. Legal basis

We process account data under contract performance (Art.6.1.b). Lead data you upload is processed under the legal basis YOU select per import (consent, contract, or legitimate interest), that choice is recorded in the audit log and exposed via the data-subject access endpoint.

4. Data subject rights

If you are a contact whose data is in a CloseHunt workspace, you may exercise the following GDPR rights at any time:

• Access (Art.15), request a copy of your data.
• Rectification (Art.16), request correction.
• Erasure (Art.17), request deletion.
• Restriction (Art.18), temporarily stop processing.
• Object (Art.21), stop outreach. Use the public opt-out form.

Email privacy@closehunt.io for any other request.

5. Sub-processors

We use the following sub-processors. Customers can request the full live list (including the social-channel hosted-authentication and voice infrastructure providers we use under contract) via DPA.

• Hosting & database: configurable (Vercel / AWS / GCP).
• Email (optional mass-send): Brevo, only when you bring your own Brevo API key.
• Billing: Stripe.
• AI inference: OpenAI / Anthropic.
• CRM sync (optional): HubSpot, only when you connect it.
• Team notifications (optional): Slack, only when you connect a webhook.
• Enrichment (optional): providers you connect with your own keys (Apollo, Hunter, Clearbit, Lusha, Dropcontact, RocketReach, Kaspr, ZoomInfo, People Data Labs, Snov, UpLead, Anymailfinder, Findymail).

6. Retention

Lead data is retained for as long as your workspace is active. On account deletion, all data is purged within 30 days. Activity logs are retained for 13 months for security audit purposes.

7. Security

Passwords are bcrypt-hashed. Webhook secrets and API keys are random per workspace. All traffic is HTTPS. We never automate LinkedIn outside our opt-in Autopilot mode (with workspace risk acknowledgement) and we never scrape protected sources.

8. Contact

DPO: dpo@closehunt.io.