Legal
Privacy Policy
Effective Date: 29 March 2026 · Controller: Valueclose ApS, registered in Denmark
1. Who We Are
Valueclose ApS (“Valueclose,” “we,” “us,” “our”) is a company registered in Denmark. We operate a B2B value selling training platform at valueclose.com.
As a Danish-registered entity, we are subject to the General Data Protection Regulation (GDPR) and Danish data protection law. This Privacy Policy also includes disclosures required by the California Consumer Privacy Act (CCPA) for California residents who use the platform as end users.
For questions about this policy or to exercise your rights, contact: [email protected]
2. What Data We Collect and Why
We collect only the personal data necessary to operate the Service. Below is a full account of what we collect, why, and the lawful basis under GDPR.
2.1 Account data
| Data | Purpose | Lawful basis |
|---|---|---|
| Name | Identify you within the platform and to other participants in your sessions | Contract performance (Art. 6(1)(b)) |
| Email address | Account login, transactional notifications, and system communications | Contract performance (Art. 6(1)(b)) |
| Password (stored as a cryptographic hash, never in plain text) | Authentication | Contract performance (Art. 6(1)(b)) |
2.2 Company and team data
| Data | Purpose | Lawful basis |
|---|---|---|
| Company name | Associate your account with your organisation | Contract performance (Art. 6(1)(b)) |
| Your role within your company | Enable role-based access controls and session configuration | Contract performance (Art. 6(1)(b)) |
2.3 Training session data
| Data | Purpose | Lawful basis |
|---|---|---|
| Session scores (numerical) | Display your performance within the session and on your profile | Contract performance (Art. 6(1)(b)) |
| Written feedback you receive from other participants | Deliver private post-session debrief to you | Contract performance (Art. 6(1)(b)) |
| Written feedback you give to other participants | Deliver private post-session debrief to the recipient | Contract performance (Art. 6(1)(b)) |
| Session participation records | Maintain session history and team performance data | Contract performance / legitimate interest (Art. 6(1)(b)/(f)) |
Session scores and written feedback are private to the individual recipient. We do not make individual scores or written feedback visible to other participants beyond what the session design explicitly permits (e.g., aggregate team scores on a shared scoreboard).
2.4 Invitation data
| Data | Purpose | Lawful basis |
|---|---|---|
| Email addresses of people you invite | Send the invitation on your behalf | Legitimate interest (Art. 6(1)(f)) |
Invitation email addresses are used solely to send the relevant invitation. We do not use them for marketing. We retain them only until the invitation is accepted, declined, or expires.
2.5 Technical and usage data
| Data | Purpose | Lawful basis |
|---|---|---|
| IP address | Security, fraud prevention, and abuse detection | Legitimate interest (Art. 6(1)(f)) |
| Session cookies and authentication tokens (JWT) | Maintain your logged-in session | Strictly necessary. No consent required for functional cookies. |
| Browser and device type (server logs) | Debugging and service improvement | Legitimate interest (Art. 6(1)(f)) |
2.6 Billing and payment data
| Data | Purpose | Lawful basis |
|---|---|---|
| Name, email address, and billing address provided at checkout | Transmitted to Stripe, Inc. to process subscription payments and generate invoices | Contract performance (Art. 6(1)(b)) |
Valueclose does not store full payment card details. Card data is processed exclusively by Stripe, Inc. and is subject to Stripe's own privacy policy and PCI DSS compliance programme.
3. Cookies
We use strictly necessary cookies to keep you logged in (session authentication). We do not currently use analytics cookies or advertising cookies. If we introduce optional cookies in future, we will update our Cookie Policy and obtain your consent before setting them.
4. How We Share Your Data
We do not sell your personal data. We do not share it for advertising purposes. We share data only in the following limited circumstances.
4.1 Processors
We use the following third-party service providers to operate the Service. Each is engaged under a Data Processing Agreement and processes data only on our documented instructions.
| Processor | Role | Location | Transfer mechanism |
|---|---|---|---|
| DigitalOcean, LLC | Cloud infrastructure | EU | Data stored in EU, no transfer outside EEA |
| Scaleway SAS | Cloud infrastructure | EU (France) | EU entity, no transfer outside EEA |
| Brevo SAS | Transactional email (invitations, notifications, password resets) | EU (France) | EU entity, no transfer issue |
| Cloudflare, Inc. | Image storage and content delivery | US (EU data centre options) | EU-US Data Privacy Framework / Standard Contractual Clauses |
| Stripe, Inc. | Payment processing (subscription billing) | US | EU-US Data Privacy Framework / Standard Contractual Clauses; receives billing contact data only, not training session data |
4.2 Other session participants
Within a training session, other participants will see your name and any scores or feedback the session design makes visible to others (e.g., aggregate team scores). Private feedback and individual score breakdowns are not visible to other participants.
4.3 Your company administrator
Your company's Sales Leader or Team Manager may be able to see aggregate team performance data and your participation history within sessions run by your company. They do not see your private session feedback.
4.4 Legal requirements
We may disclose personal data if required to do so by applicable law, court order, or regulatory authority, or if necessary to protect the rights, property, or safety of Valueclose, our users, or the public.
4.5 Business transfers
If Valueclose is involved in a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users before any such transfer and ensure the receiving entity maintains equivalent protections.
5. International Data Transfers
Valueclose ApS is registered in Denmark and your data is stored on servers in the EU (EU-based infrastructure). Where data is transferred to processors outside the European Economic Area (notably Cloudflare and Stripe), we ensure appropriate safeguards are in place: either the EU-US Data Privacy Framework adequacy decision or Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Data Retention
| Data category | Retention period |
|---|---|
| Account data (name, email), retained for legal and tax compliance | Up to 5 years from account closure, in accordance with Danish accounting law (Bogføringsloven) and applicable EU VAT rules. Personal identifiers (name and email) are deleted within 30 days of an account deletion request where no legal retention obligation applies. |
| Session scores and written feedback | Duration of your account, plus 30 days after deletion request or termination |
| Company account and team data | 90 days after company account termination |
| Invitation email addresses | Until invitation is accepted, declined, or expires (maximum 30 days) |
| Technical logs (IP addresses, server logs) | 90 days from collection |
| Payment records (invoices, subscription history) | As required by applicable tax and accounting law (typically 5 years) |
We may retain data beyond these periods where required by applicable law or to defend against legal claims.
7. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights. To exercise any of them, contact [email protected]. We will respond within one month of receiving your request.
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your personal data where there is no overriding legitimate reason for us to retain it.
- Right to restriction of processing (Art. 18): You may ask us to restrict processing of your data in certain circumstances.
- Right to data portability (Art. 20): You may request a machine-readable copy of data you provided to us under a contract or consent basis.
- Right to object (Art. 21): You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet, dt.dk) or the supervisory authority in your country of residence.
8. California Residents: CCPA Disclosure
This section applies to California residents who use the Valueclose platform as individual end users and supplements the rest of this Privacy Policy.
Categories of personal information collected:
- Identifiers (name, email address, IP address)
- Professional or employment-related information (company name, company role)
- Internet or other electronic network activity (login activity, device type)
- Inferences drawn from the above (session performance scores)
Do we sell or share personal information? No. Valueclose does not sell personal information and does not share personal information for cross-context behavioural advertising purposes.
Your CCPA rights:
- Right to know what personal information is collected, used, disclosed, or sold.
- Right to delete personal information (subject to certain exceptions).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing (not applicable: we do not sell or share).
- Right to non-discrimination for exercising your rights.
To exercise your CCPA rights, contact [email protected]. We will respond within 45 days. We may need to verify your identity before processing your request.
9. Automated decision-making
GDPR Article 22 gives you the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you. Valueclose does not use automated decision-making of this kind. All session scores are generated by human participants during live training sessions. No algorithmic or AI-driven process makes decisions about individual users that produce legal or comparably significant effects. We will update this section and notify you if this changes.
10. Security
We implement technical and organisational measures appropriate to the risk of processing, including:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
- Encryption at rest: Data stored on our cloud infrastructure is encrypted at rest.
- Password security: Passwords are stored exclusively as cryptographic hashes and are never stored or transmitted in plain text.
- Access controls: Internal access to production data is restricted on a least-privilege basis. Role-based access controls are enforced at both the application and database layers. Administrative access requires secure authentication and is logged for audit purposes.
- Network security: Network-level security controls are applied at the hosting layer, including firewall rules and private networking between application services.
No system is completely secure; we cannot guarantee the absolute security of your data. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with GDPR.
11. Children
The Service is intended solely for business use by adults (18 years and older). We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact [email protected] and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related questions, to exercise your data subject rights, or to report a concern:
Email: [email protected]
Controller: Valueclose ApS, Denmark
Danish supervisory authority: Datatilsynet (dt.dk)
See also: Terms of Service