Privacy Policy

1. Data Controller

The data controller responsible for data processing on this website is:

Closelook Venture GmbH
Walter-Kollo-Str. 24
14513 Teltow, Germany
Email: [email protected]

We take the protection of your personal data seriously. This privacy policy explains how we handle your data when you use our websites (closelook.io, closelook.net) and related services.

2. Access Data and Hosting

You can visit our websites without providing personal information. Each time a page is accessed, the web server automatically stores a server log file containing the requested file name, your IP address, date and time of access, data volume transferred, and the requesting provider. This data is used solely for ensuring trouble-free operation and improving our services, pursuant to Art. 6(1)(f) GDPR.

2.1 Hosting — Cloudflare

Our websites are hosted via Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare acts as our hosting provider and content delivery network (CDN). All access data is processed on Cloudflare's servers. Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF).

Cloudflare may process data including IP addresses, system configuration information, and other information about traffic to and from our websites for security, performance, and analytics purposes.

2.2 Newsletter Platform — Substack

Our newsletter is operated via Substack, Inc. (111 Sutter Street, San Francisco, CA 94104, USA). When you subscribe to our newsletter on substack.closelook.net, Substack collects your email address, subscription preferences, and reading activity. Substack's own privacy policy governs data processing on their platform. Substack processes data in the United States under the EU-U.S. Data Privacy Framework.

3. Payment Processing

We use Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA) to process payments for subscriptions and individual report purchases. When you make a payment, Stripe collects your payment information (credit card details, billing address, email) directly. We do not store your credit card information on our servers. Stripe is certified under the EU-U.S. Data Privacy Framework. For details, see Stripe's Privacy Policy.

4. Cookies and Tracking Technologies

4.1 General Information

We use cookies and similar technologies on our websites. Cookies are small text files stored on your device. Some cookies are deleted after your browser session ends (session cookies), while others remain on your device to recognize your browser on subsequent visits (persistent cookies).

Strictly necessary cookies are used without consent to provide the requested service. For all other cookies and tracking technologies, we obtain your consent before activation via our consent management tool.

4.2 Consent Management — Cloudflare Zaraz

We use Cloudflare Zaraz Consent Management Platform to inform you about cookies and tracking technologies used on our websites, and to obtain, manage, and document your consent pursuant to Art. 7(1) GDPR. When you interact with the consent modal, your consent preferences are stored in a first-party cookie. You can change your consent preferences at any time by clearing your browser cookies and revisiting the site.

4.3 Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for statistical analysis of website usage. Google Analytics uses cookies to collect information about your visit including pages viewed, time spent, referral source, and device/browser information. Your IP address is anonymized. This processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Google Analytics only activates after you consent to the "Analytics" purpose in our consent modal.

Google is certified under the EU-U.S. Data Privacy Framework. You can opt out of Google Analytics at any time by withdrawing your consent or installing the Google Analytics Opt-out Browser Add-on.

4.4 LinkedIn Insight Tag

We use the LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to measure the effectiveness of our LinkedIn advertising campaigns and to understand how visitors interact with our website after clicking on LinkedIn content. The Insight Tag collects data about page visits, referral URLs, IP addresses, device and browser characteristics, and timestamps. This processing is based on your consent pursuant to Art. 6(1)(a) GDPR and only activates after you consent to the "Marketing" purpose in our consent modal.

LinkedIn is certified under the EU-U.S. Data Privacy Framework. For details, see LinkedIn's Privacy Policy.

4.5 Google Tag Manager

5. Data Processing for Communication

When you contact us (e.g., via email or contact form), we collect personal data you voluntarily provide pursuant to Art. 6(1)(b) GDPR to process your inquiry. After complete processing, your data will be deleted unless you have consented to further use or we are legally required to retain it.

Data relating to customer inquiries will be restricted after complete processing and deleted after expiry of statutory retention periods (tax and commercial law) pursuant to Art. 6(1)(c) GDPR.

6. Social Media Presence

We maintain online presences on LinkedIn and X (formerly Twitter). When you visit our profiles on these platforms, the respective platform operator may collect and process data for market research and advertising purposes. Please refer to the privacy policies of each platform for details:

• LinkedIn Privacy Policy
• X / Twitter Privacy Policy

7. AI Search Engines and Machine-Readable Data

7.1 llms.txt and AI Bot Access

We provide machine-readable files (llms.txt and llms-full.txt) at the root of our website to help AI search engines (such as Perplexity, ChatGPT, Google Gemini, and Claude) understand and accurately represent our content. These files contain publicly available information about our research products, frameworks, and services. They do not contain personal data of users or subscribers.

Our robots.txt file explicitly permits crawling by AI bots including GPTBot (OpenAI), ClaudeBot (Anthropic), PerplexityBot, Google-Extended, and Amazonbot. This is done to ensure our research is accurately cited by AI-powered search engines. No personal data is shared with these services through crawling. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in accurate representation of publicly available content).

7.2 Schema.org Structured Data

We embed Schema.org structured data (JSON-LD) on our pages to help search engines and AI systems understand our content structure. This includes metadata such as article titles, publication dates, author names (Thomas Look), organization information (Closelook Venture GmbH), product descriptions, and breadcrumb navigation. All structured data reflects publicly available information and does not contain personal data of visitors or subscribers.

8. Newsletter and Subscription Services

8.1 Substack

Our newsletter is operated through Substack Inc. (San Francisco, CA, USA). When you subscribe to our newsletter via Substack, Substack processes your email address and subscription preferences. Substack acts as a joint controller for subscriber data. This processing is based on your consent pursuant to Art. 6(1)(a) GDPR when you subscribe.

Substack may use tracking technologies in emails (open tracking, click tracking) to measure newsletter performance. For details, see Substack's Privacy Policy. You can unsubscribe at any time via the unsubscribe link in every email.

8.2 Stripe Payments

Subscription payments are processed through Substack, which uses Stripe Inc. (San Francisco, CA, USA) as its payment processor. When you subscribe to a paid tier (C+ Intelligence or C+ Exclusive), Stripe processes your payment information (credit card data, billing address). We do not receive or store your full credit card number. Stripe is certified under the EU-U.S. Data Privacy Framework. For details, see Stripe's Privacy Policy.

9. Hosting and Content Delivery

9.1 Cloudflare Pages

Our website is hosted on Cloudflare Pages (Cloudflare Inc., San Francisco, CA, USA). Cloudflare provides content delivery network (CDN) services, DDoS protection, and web application firewall functionality. When you access our website, Cloudflare may process your IP address, browser information, and request data for security and performance optimization purposes. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in secure and performant website operation).

Cloudflare is certified under the EU-U.S. Data Privacy Framework. For details, see Cloudflare's Privacy Policy.

9.2 Google Fonts

We load web fonts (DM Sans, Source Serif 4, JetBrains Mono) from Google Fonts (Google Ireland Limited). When you load a page, your browser contacts Google's servers to retrieve the font files, which may transmit your IP address. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in consistent visual presentation). Google is certified under the EU-U.S. Data Privacy Framework. We plan to migrate to self-hosted fonts to eliminate this third-party request.

10. Third Country Data Transfers

Some of our service providers are based in the United States. Where applicable, data transfers to the US are covered by the EU-U.S. Data Privacy Framework adequacy decision. Where service providers are not certified under the DPF, we rely on EU Standard Contractual Clauses as appropriate safeguards.

Despite all contractual and technical measures, the level of data protection in third countries may not be equivalent to that in the EU. In particular, local authorities may have access rights to personal data that are not sufficiently limited from a European data protection perspective.

11. Your Rights

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15) — request information about your personal data we process
• Right to rectification (Art. 16) — request correction of inaccurate data
• Right to erasure (Art. 17) — request deletion of your data, subject to legal exceptions
• Right to restriction (Art. 18) — request restriction of processing in certain circumstances
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to lodge a complaint (Art. 77) — file a complaint with a supervisory authority

Right to Object

Where we process personal data based on legitimate interests (Art. 6(1)(f) GDPR), you may object to such processing at any time with effect for the future. For direct marketing purposes, you may exercise this right at any time without restriction. For other purposes, objection is possible where grounds relating to your particular situation apply.

12. Contact

For questions regarding the collection, processing, or use of your personal data, or to exercise your rights, please contact us at:

Closelook Venture GmbH
Email: [email protected]