C
Closi
Legal

Privacy Policy

Last updated: May 18, 2026

1. Introduction

Closi is an AI-native CRM platform built for U.S. real estate brokerages. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It applies to closi.co, the Closi web app, the Closi Assistant on WhatsApp and email, the Sara AI BDR, the Copilot, and any other Closi-branded service that links to this policy (collectively, the "Service").

The Service is operated by Closi, Inc., a Delaware C-Corporation with a principal place of business at 541 W Brickell Ave, Suite 4400, Miami, FL 33131, United States. For purposes of applicable U.S. state privacy laws, Closi acts as a service provider / processor with respect to your brokerage's leads, contacts, and communications, and as a business / controller with respect to your account and our own usage analytics.

This policy covers:

  • Customers — brokerage owners, broker-agents, and team members who sign up for and use Closi.
  • Leads & contacts — individuals whose information our customers upload, import, or capture in Closi.
  • Visitors — anyone browsing the marketing site or interacting with the Closi Assistant before signing up.

2. Information we collect

Account information

  • Name, email address, and password hash (we store only a bcrypt hash — never the plaintext password).
  • Brokerage name, MLS region, time zone, and brokerage association.
  • User role (e.g., platform_admin, owner, broker_agent).
  • Optional profile data you add (phone, bio, photo).

Brokerage and lead data

  • Lead records you create, import, or capture: name, email, phone (in E.164 format), notes, stage, source, tags, and any custom fields.
  • Conversation transcripts and metadata from channels you connect: WhatsApp messages handled by Sara, email threads, Google Meet transcripts ingested by the Copilot, and SMS where applicable.
  • Files you upload to a lead or to the Knowledge Base (PDFs, images, audio, documents).
  • AI-extracted signals (e.g., budget ceiling, timeline, neighborhood interest) derived from those conversations and notes.

OAuth tokens & integration credentials

  • Access and refresh tokens for Google (Gmail, Calendar, Meet), Follow Up Boss (FUB), and BrokerMint, when you connect those integrations.
  • API keys or secrets you paste into Closi for third-party services.
  • All such credentials are encrypted at rest using AES-256-GCM with per-tenant key derivation. They are never written to application logs or analytics.

Billing information

  • Subscriptions are processed by Stripe, our payment processor. We do not store full card numbers, CVV codes, or bank account details on our infrastructure — Stripe handles card data under its PCI-DSS Level 1 attestation.
  • We retain a Stripe customer ID, the last four digits of the payment instrument, billing address, invoice history, and tax identifiers where applicable.
  • Primary billing currency is U.S. dollars (USD).

Usage and device data

  • IP address, user agent, browser/device type, and approximate location derived from IP.
  • Click events, page views, and timestamps for in-app navigation.
  • AI usage metrics — per-call records in our ai_usage_metric table, including model name, prompt and completion token counts, and USD cost. Used for billing, capacity planning, and abuse detection.
  • Error reports and stack traces (scrubbed of message bodies).

Cookies and similar technologies

Closi uses a minimal set of strictly necessary and functional cookies. Because Closi does not operate in the European Union and does not place advertising or cross-context behavioral tracking cookies, neither the California Consumer Privacy Act nor the Texas Data Privacy and Security Act requires a consent banner — and we do not present one. The cookies we set are:

  • closi_session — httpOnly, secure, SameSite=Lax; required for authentication.
  • closi_locale — your language preference (en-US, pt-BR).
  • closi_theme — dark/light/system preference.
  • Cloudflare Turnstile cookies on auth and signup forms for bot detection.

3. How we use information

We use the information described above to:

  • Operate the Service — authenticate you, render the UI, sync leads, send messages from Sara, run the Copilot, and process uploaded documents.
  • Provide AI features — Sara qualifies leads, the Copilot reads conversations and surfaces next-best actions, the Knowledge Base answers broker questions, and the AI BDR drafts replies for human review.
  • Customer support — respond to your questions, debug issues, and reach you about service updates.
  • Billing and account management — process subscription payments through Stripe, send invoices and renewal notifications, and collect fees due.
  • Security and fraud prevention — rate-limit abusive traffic, record append-only audit log entries in lead_event, enforce the permission matrix, and investigate suspected misuse.
  • Product improvement — aggregate, anonymized usage analytics. We do not use individual brokerage data to train shared models or surface it to other tenants.
  • Legal compliance — comply with subpoenas, court orders, and applicable real estate and consumer privacy laws.

4. AI-specific disclosures

Closi is an AI-native product. The following disclosures apply to every feature that involves a large language model or audio transcription.

Models used

  • Anthropic Claude — powers Sara (the AI BDR), the Closi Assistant, and the in-app Copilot.
  • OpenAI Whisper — transcribes audio uploads (voice notes from leads, Google Meet recordings).
  • OpenAI embeddings — vectorizes Knowledge Base articles for retrieval-augmented generation (RAG).

Provider data retention

Closi operates with zero data retention enabled by contract with each AI provider. Anthropic and OpenAI process your prompts and the model's outputs under enterprise terms that prohibit retention beyond the request lifetime and prohibit any use of your content to train their foundation models. Your conversations, lead data, and Knowledge Base contents are never used by an AI provider to train a public model and are never made available to another customer.

Human-in-the-loop safeguards

Closi enforces human-in-the-loop checkpoints before Sara or the Copilot takes any high-risk action. Specifically, a broker must explicitly approve before Closi will:

  • Hand off a lead to a broker. When Sara determines a lead has heated up to handoff-ready, the platform alerts the broker and waits for the broker to take over the conversation rather than continuing autonomously.
  • Send a brand-new outbound message to a buyer who has not yet replied to the brokerage. Cold outreach drafted by Sara always surfaces in a review queue for a broker to read, edit, and send.
  • Mutate data in external systems. Any action that writes to BrokerMint, Follow Up Boss, Google Workspace, or another connected integration requires explicit broker confirmation in-app.

Limitations of AI output

  • AI outputs may contain errors, hallucinations, or omissions. They should never be relied upon for legal, tax, financial, or fiduciary advice.
  • The broker — not Closi — remains fully responsible for any communication ultimately sent to a lead.

Audit trail

Every AI call is logged in ai_usage_metric with the model, prompt token count, completion token count, USD cost, latency, and the user or system actor that initiated it. Owners can review the audit trail from the Settings → AI Usage dashboard.

5. Sharing & subprocessors

We do not sell personal information. We share it only with the subprocessors below, each under a written data-processing agreement that restricts their use of the data to providing services to Closi.

We may also disclose information when required by law (subpoena, court order), to protect the rights and safety of Closi or third parties, or in connection with a corporate transaction (merger, acquisition, financing) — in which case we will notify you to the extent legally permitted.

6. Data retention

  • Active tenants — lead, conversation, signal, and file data is retained for as long as your brokerage maintains an active Closi subscription.
  • Suspended tenants. If a subscription payment fails and is not cured within the 14-day dunning grace period (see Section 7 of the Terms of Service), the tenant is marked as suspended. Customer Data is preserved during suspension. If the account remains suspended for 90 days without reactivation, Customer Data is anonymized in accordance with the retention schedule below.
  • After cancellation — you have 30 days to export your data via CSV/JSON before access is suspended.
  • Backups — encrypted database backups are retained for 90 days beyond the export window, then purged.
  • Audit log — entries in lead_event are retained for 7 years, matching the documentation window required by most U.S. state real estate boards for transaction records and broker supervision.
  • Billing records — invoices, tax records, and Stripe payment metadata are retained for at least 7 years to satisfy U.S. federal and state tax record-keeping obligations.
  • Marketing analytics — aggregated, non-identifying usage statistics may be retained indefinitely.

7. Your rights

Depending on where you live, you may have the following rights under the California Consumer Privacy Act (CCPA / CPRA), the Texas Data Privacy and Security Act (TDPSA), and similar state laws:

  • Right to know / access — request a copy of the personal information we hold about you.
  • Right to correct — request correction of inaccurate information.
  • Right to delete — request deletion of your personal information (right to be forgotten), subject to legal hold exceptions.
  • Right to portability — receive your data in a structured, machine-readable format.
  • Right to opt out of sale or sharingClosi does not sell personal information and does not share it for cross-context behavioral advertising.
  • Right to non-discrimination — we will not deny service, change prices, or degrade quality because you exercised a privacy right.

To exercise these rights, email privacy@closi.co from the address associated with your account. We respond to verified requests within 45 days, as permitted by applicable state law. If you are a lead whose data was uploaded by a brokerage using Closi, your request will be forwarded to that brokerage (the data controller), and we will assist as a service provider.

8. Security

  • Encryption in transit — TLS 1.3 across all public endpoints.
  • Encryption at rest — AES-256-GCM for OAuth tokens, API keys, and brokerage secrets; encrypted database backups.
  • Brokerage isolation — Postgres Row-Level Security (RLS) enforces a hard boundary; cross-brokerage reads are blocked at the database layer regardless of application bugs.
  • Audit log — append-only lead_event table records every mutation with actor, timestamp, and prior payload.
  • Permission matrix — role-based access is tested in CI on every pull request.
  • Key rotation — encryption keys can be rotated without downtime via the platform-settings infrastructure.
  • SOC 2 status. Closi follows SOC 2-aligned controls and is working toward formal SOC 2 Type II certification, with a target completion in 2026. We do not currently hold ISO 27001 or HIPAA attestations. Closi is not a HIPAA-covered entity and the Service is not designed to process protected health information.

9. International transfers

Closi is hosted in the United States (AWS us-east-1, Northern Virginia). If you access the Service from outside the U.S., your information will be transferred to and processed in the United States, which may have different data-protection laws than your country.

Closi is intentionally focused on U.S. brokerages at this stage and does not actively market to the European Union or the United Kingdom. We have not appointed an EU representative or Data Protection Officer and do not claim formal GDPR certification. For the limited cases where an EU or UK data subject's information is processed through the Service, Closi relies on the European Commission's Standard Contractual Clauses (SCCs), including the UK International Data Transfer Addendum where applicable, as the legal mechanism for the transfer. EU and UK data subjects may exercise access, correction, deletion, portability, and objection rights by contacting privacy@closi.co.

10. Children's privacy

The Service is intended for real estate professionals and is not directed to children. We do not knowingly collect personal information from children under 13 (the threshold set by the Children's Online Privacy Protection Act, COPPA). Under the CCPA, California minors between 13 and 16 additionally have the right to affirmatively opt in before any sale of their personal information — Closi does not sell personal information, so this opt-in is not triggered today. If we learn that we have collected information from a child under 13, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page always reflects the current version. For material changes — changes that expand the categories of information we collect or the purposes for which we use it — we will provide at least 30 days' notice by email to the address associated with your account before the change takes effect. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

Questions, requests, or concerns? Reach us at:

  • Email: privacy@closi.co
  • Mail: Closi, Inc., 541 W Brickell Ave, Suite 4400, Miami, FL 33131, United States.
Privacy Policy · Closi · Closi