Privacy Policy

CloseDesk (operated by Jonathan Lancaster) takes data privacy seriously. This page explains exactly what we collect, what we do with it, and what we don't do with it. Plain English over legalese.

What we collect

From the firm using CloseDesk:

Account info: your email, your firm's name, your role.
Client roster: names, contact emails, phone numbers, industry, and cadence preferences you import or enter.
Documents your clients upload through the portal (PDFs, CSVs, etc.) — stored encrypted in Supabase Storage.
Workflow state: cycles, doc requests, tasks, and activity logs.
Connected-service metadata from Gmail/Outlook and QuickBooks Online (sender address, QBO realm ID, scopes granted, refresh token — encrypted at rest with AES-256-GCM).
Email-send metadata: subject lines, recipient addresses, send timestamps, and Gmail message IDs of chase emails we send through your mailbox.

What we do NOT collect

Inbox content. We never read your Gmail or Outlook inbox. The OAuth scopes we request are gmail.send and Mail.Send — send-only. We cannot read any message we did not send.
Bookkeeping write-back to QuickBooks. Our QBO scope is com.intuit.quickbooks.accounting with read-only intent. We never post journal entries, transactions, or modifications.
Your clients' banking credentials, SSNs, or PHI. CloseDesk is out of scope for HIPAA — please don't use it for protected health information.
Cookies for cross-site tracking, analytics that profile individual users, or ad-targeting data. We use Supabase's session cookie for auth and that's it.

Why we collect what we collect

To run the workflow you signed up for: send chase emails, organize doc uploads, surface a review queue, and keep an audit trail of what happened on each close cycle. Period.

Who can see your data

Other firms cannot. Every firm is a separate tenant in Postgres row-level-security; no cross-firm queries are possible.

We share data only with these subprocessors, and only as required to operate:

Supabase (Postgres database + storage + auth) — US-hosted.
Vercel (web hosting + edge functions) — US-hosted.
Resend (transactional email — sign-in OTPs and our own communications). Chase emails to your clients are sent through your own connected Gmail/Outlook, not Resend.
Google (Gmail API for chase email send) — only when you OAuth.
Microsoft (Microsoft Graph for Outlook send) — only when you OAuth.
Intuit (QuickBooks Online API) — only when you OAuth.

We do not sell your data, share it with advertisers, or use it to train external ML models.

How we protect your data

Encrypted in transit (HTTPS everywhere).
Encrypted at rest in Supabase. OAuth refresh tokens are additionally encrypted with AES-256-GCM using a key not stored alongside the database.
Tenant isolation enforced at the database layer via row-level security.
No sensitive data in client-side code or logs.
SOC 2 Type I in progress. We'll publish the report when we have it. HIPAA is explicitly out of scope.

How long we keep your data

We retain firm and workflow data for as long as your account is active, plus 30 days after deletion to allow for accidental-deletion recovery. After that, your data is purged from our systems. Our database backups age out within 30 days.

Activity logs are retained for one year for audit purposes. Email-send metadata (subjects, timestamps, recipients) is retained for one year.

Your rights

Export:download a complete archive of your firm's data at any time from Settings.
Delete: delete your account from Settings; data is purged within 30 days.
Disconnect integrations: Settings → Mail account or Integrations removes our access to Gmail / Outlook / QuickBooks. Stored refresh tokens are deleted immediately.
Correct: edit or remove client/contact data directly in the workspace.
Ask:if you have a question or request that doesn't fit the above, email hello@close-desk.com. We respond within five business days.

Children

CloseDesk is for professional bookkeeping and accounting firms and is not directed at children under 13. We don't knowingly collect data from anyone under 13.

International users

Our infrastructure is US-hosted. If you use CloseDesk from outside the US, your data is transferred to and processed in the United States. By using the service, you consent to that transfer.

Changes

If we materially change this Privacy Policy, we will email account owners at least 30 days before the change takes effect.

Contact

Privacy questions: hello@close-desk.com.

Operator: Jonathan Lancaster · close-desk.com