Privacy Policy

Account information. When you sign up we collect your name, email address, and password (hashed). If you subscribe to a paid plan we collect billing details through Stripe (see Section 7).

Contacts & leads. You may import or manually create contacts and leads inside Closr. This data can include names, email addresses, phone numbers, property preferences, notes, tags, and any custom fields you add.

Email sending via Gmail OAuth. When you connect your Gmail account, Closr requests permission to send emails on your behalf and read your email address to identify the connected account. Closr does not request access to read your inbox, search your mail, or view message content. Inbound replies are captured through a dedicated Closr reply address, not by reading your Gmail inbox.

SMS & voice data via Twilio. When you use Closr to send SMS messages or make voice calls, those messages and call metadata (timestamps, duration, recipient phone numbers) are processed through Twilio and stored in your Closr account.

Email tracking data. Closr uses tracking pixels (small transparent images) embedded in outgoing emails to detect when a recipient opens an email. We also use link-wrapping to detect when a recipient clicks a link. This data includes the time of the open or click and approximate IP-based geolocation.

Usage & browsing data. We collect standard usage data such as pages viewed, features used, browser type, device information, IP address, and session duration to improve the product and diagnose issues.

AI interaction data. Your interactions with Closr's AI features (campaign generation, message drafting, lead scoring, signal detection, and the Cloe & Cody chat assistants) are logged to deliver and improve the service.

Closr uses Claude by Anthropic as its content engine. When you use smart features — including campaign generation, message drafting, lead scoring, signal detection, and conversations with Cloe or Cody — relevant data (such as contact details, conversation context, and your instructions) is sent to Anthropic's API for processing.

Anthropic processes this data to generate a response and does not store your inputs or outputs for model training, in accordance with their API data usage policy. Data is transmitted over encrypted connections (TLS).

We retain AI-generated outputs (e.g., drafted messages, scores, campaign plans) within your account so you can review, edit, and use them.

To connect your Gmail account, Closr requests the following OAuth scopes:

• gmail.send — Send emails on your behalf (campaign emails, follow-ups, direct messages)
• userinfo.email — Read your email address to identify your account
• calendar.events — View and create calendar events for property showings, client meetings, and follow-up reminders

Closr does not request access to read your inbox, modify labels, access message content, or read any calendar data beyond events Closr creates. Inbound email is captured through a dedicated Closr reply address, not by reading your Gmail mailbox.

You can revoke Gmail access at any time from your Google Account permissions page or from Closr's Settings → Integrations. Revoking access will stop all email sending functionality.

Closr embeds a small, invisible tracking pixel in outgoing campaign and follow-up emails. When a recipient loads the email, the pixel is requested from our servers, recording an "open" event.

Links in your emails may be wrapped through our tracking domain so we can record click events before redirecting the recipient to the destination URL.

This tracking data is visible only to you (the Closr user) and is used for engagement analytics and AI signal detection. Recipients are not individually notified of tracking; however, you are responsible for complying with applicable email and privacy regulations in your jurisdiction.

SMS messages and voice calls made through Closr are processed by Twilio. Twilio may temporarily store message content and call recordings as necessary to deliver and route communications. Refer to Twilio's Privacy Policy for details.

Message content, recipient phone numbers, and call metadata are stored in your Closr account as part of your contact activity history.

Closr uses cookies strictly for authentication and session management. We use Supabase Auth cookies to keep you signed in and to refresh your session securely.

We do not use advertising cookies, social media tracking cookies, or third-party analytics cookies. We may use basic, privacy-respecting analytics (e.g., page views) to improve the product.

Payments are processed by Stripe. We never see or store your full credit card number. Stripe provides us with a tokenized reference, the last four digits of your card, and your billing email. Refer to Stripe's Privacy Policy for details on how they handle payment data.

Your data is stored in a Supabase-hosted PostgreSQL database. Our database infrastructure is hosted in Canada. All data is encrypted at rest and in transit (TLS 1.2+).

The Closr web application is hosted on Vercel. Static assets and server-side functions are served from Vercel's edge network.

We implement industry-standard security practices, including encrypted connections, secure credential storage, role-based access controls, and regular security reviews.

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data, contacts, campaigns, and activity history within 30 days. Some data may be retained longer if required by law or for legitimate business purposes (e.g., billing records).

You can request deletion of your account and all associated data at any time by contacting us at privacy@getclosr.app.

Closr integrates with the following third-party services that may process your data:

• Anthropic (Claude AI) — AI processing for campaign generation, message drafting, lead scoring, signal detection, and chat assistants
• Google (Gmail API) — Email sending via OAuth
• Twilio — SMS messaging, voice calling, and phone number provisioning
• ElevenLabs — Voice cloning and AI-powered voice calls on your behalf
• SignWell — Electronic document signing for offer documents and agreements
• Resend — System notification emails (confirmations, alerts)
• Stripe — Payment processing and subscription management
• Vercel — Application hosting and edge delivery
• Supabase — Database hosting, authentication, and file storage (hosted in Canada)

You have the right to:

• Access your personal data and request a copy of it
• Correct inaccurate personal data
• Delete your account and associated data
• Export your contacts, leads, and activity data in a machine-readable format
• Withdraw consent for specific data processing (e.g., disconnect Gmail)

To exercise any of these rights, contact us at privacy@getclosr.app. We will respond within 30 days.

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). This means:

• We collect personal information only for identified, reasonable purposes
• We obtain meaningful consent before collecting, using, or disclosing personal information
• We limit collection to what is necessary for the purposes identified
• We protect personal information with appropriate security safeguards
• We are transparent about our policies and practices
• We provide individuals with access to their personal information upon request

Closr is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the application. Your continued use of Closr after changes are posted constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: