Privacy Policy

1. Introduction

Closelio ("we," "our," or "us") is operated by Closelio Inc. We are committed to protecting the personal information of our users and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform at closelio.ai and app.closelio.ai (the "Service").

Please read this policy carefully. By using Closelio, you agree to the practices described here.

2. Information We Collect

2.1 Information you provide directly

• Account information: Name, email address, password (hashed), phone number
• Business information: Agency name, agent license information
• Payment information: Processed by Stripe. We do not store credit card numbers — Stripe handles all payment data under their own PCI-DSS compliance
• Lead data: Contact information (names, phone numbers) you upload for SMS outreach campaigns
• Campaign content: Message templates, AI instructions, pipeline configurations you create

2.2 Information collected automatically

• Usage data: Pages visited, features used, session duration, IP address
• Device information: Browser type, operating system
• Log data: API requests, error logs (phone numbers are masked in all logs)

2.3 Information from third parties

• Twilio: SMS delivery status, inbound message content
• Google Calendar: Calendar availability when you connect your calendar (read-only access to free/busy times)
• OpenAI: We send message content to OpenAI for AI response generation. See Section 5 for details.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Closelio platform
• Process SMS campaigns on your behalf
• Generate AI responses to your leads using your configured instructions
• Send you service notifications (account, billing, security alerts)
• Provide customer support
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Analyze usage patterns to improve our product

We do not use your data or your leads' data for advertising purposes. We do not sell data to third parties.

4. Lead Data and TCPA Compliance

Your responsibilities

When you use Closelio to contact leads via SMS, you are responsible for:

• Ensuring you have obtained proper consent from leads as required by the Telephone Consumer Protection Act (TCPA) and applicable state laws
• Maintaining records of consent
• Honoring opt-out requests promptly
• Ensuring your lead lists were obtained lawfully

Our role

Closelio is a technology platform. We process SMS messages on your behalf as a service provider. You remain the party responsible for TCPA compliance with respect to your outreach campaigns.

Opt-out handling

Closelio automatically processes STOP, UNSUBSCRIBE, CANCEL, QUIT, and OPTOUT replies and halts all further messaging to that number immediately. This is built into our system and cannot be disabled.

5. Third-Party Services

6. Data Storage and Security

• All data is stored in the United States (AWS US-East-1)
• Data is encrypted at rest (AES-256) and in transit (TLS 1.3)
• Twilio credentials stored in our system are encrypted with a unique master key
• We use JWT-based authentication with cryptographically secure tokens
• Access to production systems is limited to authorized personnel only
• We conduct regular security reviews

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Retention

• Account data: Retained while your account is active and for 90 days after cancellation
• Lead data: Retained while your account is active. You can delete lead data at any time from the platform.
• SMS conversation history: Retained for 12 months
• Billing records: Retained for 7 years as required by law
• Logs: Retained for 30 days

You may request deletion of your data at any time by contacting us at privacy@closelio.ai.

8. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Objection: Object to certain types of processing

To exercise any of these rights, email privacy@closelio.ai. We will respond within 30 days.

California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information.

9. Children's Privacy

Closelio is a business-to-business platform intended for insurance professionals. We do not knowingly collect personal information from anyone under 18 years of age. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice in the app. Your continued use of Closelio after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or requests: