Privacy Policy

Last updated: May 9, 2026

1. Who we are

ClosePack ("we", "us", "our") is a software-as-a-service product operated by an individual entrepreneur registered in Ukraine ("FOP"). Our product helps US-based accounting firms automate month-end close operations.

For privacy-related questions, contact: privacy@closepack.app

2. What data we collect

We collect the minimum data required to operate the service:

  • Account data: email address, encrypted password (or magic-link tokens), subscription status.
  • Payment data: processed by our merchant of record (Paddle) — we never see or store credit card details. We receive only confirmation that payment was successful and the customer ID.
  • Uploaded financial data (CSV files): Trial Balance, A/R Aging, General Ledger CSV exports that you upload for processing. This data is processed in memory and deleted within 24 hours of upload. We do not retain copies.
  • Generated outputs (PDF, Excel): close packages we generate are stored temporarily on Cloudflare R2 with a 24-hour automatic deletion policy.
  • Usage logs: IP address, browser type, timestamps of API calls — kept for 30 days for security and debugging, then deleted.

3. What we do NOT collect

  • We do not store your QuickBooks credentials. We do not connect to QuickBooks via OAuth.
  • We do not store your clients' financial data beyond the 24-hour processing window.
  • We do not sell or share data with third parties for marketing purposes.
  • We do not use your uploaded data for AI training.

4. How we use your data

Account and payment data: to authenticate you, charge subscriptions, and provide customer support.

Uploaded financial data: solely to compute the close package you requested. Discarded immediately after.

Usage logs: to detect fraud, debug bugs, and improve performance.

5. Where we store data

Account data is stored in Supabase (Postgres database hosted in the United States). Generated files are temporarily stored in Cloudflare R2. Application servers run on Railway and Vercel.

All data is encrypted at rest and in transit (TLS 1.2+).

6. Sub-processors

We use the following sub-processors who may process data on our behalf:

  • Paddle — payment processing and billing (Merchant of Record)
  • Supabase — database and authentication
  • Cloudflare — temporary file storage (R2) and CDN
  • Vercel — frontend hosting
  • Railway — backend hosting
  • Resend — transactional email delivery

7. Your rights

Depending on your jurisdiction, you may have rights including:

  • Access to your personal data we hold
  • Correction of inaccurate data
  • Deletion of your account and associated data
  • Export of your data in a portable format
  • Restriction or objection to processing

To exercise these rights, email privacy@closepack.app. We respond within 30 days.

8. Cookies

We use only essential cookies for authentication (session tokens). We do not use marketing or tracking cookies. We do not use third-party analytics that profile users.

9. Children

ClosePack is a B2B service and is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to this policy

We may update this policy occasionally. Material changes will be communicated via email to registered users at least 14 days before they take effect.

11. Contact

Privacy questions: privacy@closepack.app

General contact: hello@closepack.app