This Privacy Policy explains what data Kloup collects, how we use it, and the choices you have. We're built around the idea that founders own their fundraising data — we treat your workspace as yours, not a training corpus.
1. Data we collect
Account data
When you sign in with Google, we receive your email, name, and profile photo. We don't store Google passwords; OAuth tokens (refresh + access) are stored encrypted at rest in our database and used only to call the APIs you've explicitly connected.
Customer Data
Anything you put into your workspace: investor pipeline entries, contacts, rounds, data-room files, investor updates, notes, and integrations data (Calendar events, emails). This data is logically isolated per organization and never mixed across tenants.
Operational telemetry
Standard server logs (IP, user agent, request paths, response status) retained for 30 days for debugging and abuse prevention. We don't run third-party analytics on signed-in workspace pages.
2. How we use data
- To provide and improve the Service;
- To deliver investor emails you draft (via SendGrid);
- To enrich contacts you ask us to enrich (via Apollo);
- To generate AI drafts you ask for (via OpenAI / Anthropic);
- To detect abuse and protect the platform;
- To comply with legal obligations.
We do not sell your data, share Customer Data with advertisers, or use it to train shared models. AI providers receive only the specific context required for the task and operate under zero-retention agreements where available.
3. Sharing
We share data only with the sub-processors required to run the Service:
- Cloudflare — hosting (Workers, Pages, D1, R2, KV)
- Google — OAuth, Calendar, Drive integrations
- SendGrid — outbound email delivery
- Apollo.io — contact enrichment (when enabled)
- OpenAI / Anthropic — AI drafts (when enabled)
We may also disclose data when required by law, to protect rights, or in connection with a corporate transaction (with notice and continued privacy commitments).
4. Data location and transfers
Customer Data is stored on Cloudflare's global network with primary storage in the ENAM region. Data may be processed in the United States, European Union, or other regions where our sub-processors operate. We rely on Standard Contractual Clauses for cross-border transfers.
5. Retention
We keep Customer Data for as long as your workspace is active. When you delete a workspace, data is removed from the live database immediately (cascade-deleted across all tables) and from backups within 35 days. You can also delete individual records anytime through the app.
6. Your rights
Depending on your jurisdiction (GDPR, LGPD, CCPA, and others), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Most rights are self-serve through Settings → Profile and Data Export. For anything else, email privacy@kloup.com.
7. Cookies
We use a single first-party cookie-equivalent (localStorage) for authentication. No third-party cookies, no tracking pixels, no advertising networks on app surfaces. This marketing site uses no analytics cookies.
8. Children
Kloup is not directed to children under 16. We don't knowingly collect data from children. If you believe a child has provided us data, contact privacy@kloup.com and we'll delete it.
9. Security
See our dedicated Security page for encryption, access controls, incident response, and how to report a vulnerability.
10. Changes
Material changes are announced at least 14 days in advance via email and in-app banner. The "Last updated" date at the top of this page always reflects the current version.
11. Contact
Privacy questions: privacy@kloup.com. Data Protection Officer: dpo@kloup.com.