ClosingMind — Privacy Policy
Last updated: [EFFECTIVE DATE]
⚠️ BETA DOCUMENT — REVIEW BY LICENSED COUNSEL REQUIRED BEFORE PUBLIC LAUNCH. This Privacy Policy was drafted to be comprehensive and Arizona-specific, but it has not been reviewed or approved by a licensed attorney. It is a strong starting point for the Arizona private beta, not final legal advice. Have an attorney review it — and confirm the sub-processor list and breach-notification procedures are accurate — before any public launch. Items in [BRACKETS] must be filled in by the operating company, and the sub-processor list and data flows must be kept accurate as the product changes.
In plain language: ClosingMind is used by real-estate agents who enter information about themselves and their clients to compute estimates. We hold that information to run the service, we do not sell it, and we only share it with the vendors that power the app. If you are an agent, you are responsible for having the right to enter your clients' information. This Policy explains what we collect, how we use it, who we share it with, and your choices.
1. Who We Are and Scope
This Privacy Policy describes how [LEGAL ENTITY NAME] ("we," "us," "ClosingMind"), handles personal information in connection with the ClosingMind application and website (the "Service"). ClosingMind is offered to licensed real-estate agents in Arizona.
Two roles. For an agent's own account information, we act as a controller. For the client information an agent enters to build a deal, we act as a service provider / processor: the agent is the controller of that client information and is responsible for the lawful basis, notices, and consents for collecting and using it (see Section 4).
2. Information We Collect
a) Account information you give us when you register and use the Service — your name, email address, password (stored hashed by our authentication provider), and your employing-brokerage name and real-estate license information (which we collect to support broker-identification requirements under ADRE rules, A.A.C. R4-28-502 and A.R.S. § 32-2153).
b) Deal information you enter — the facts you put into the app to build a deal, including personal and financial information about your clients, such as client names, ages, household income, property addresses, mortgage balances, sale and purchase prices, and similar deal details. ClosingMind uses this to compute estimates; it does not invent or supplement it.
c) Usage, device, and log information — information generated automatically when you use the Service, such as IP address, browser and device type, pages and features used, timestamps, and diagnostic/error data captured by our error-monitoring provider.
d) Local storage and cookies — the Service stores deal data and preferences in your browser's local storage to function, and uses cookies or similar technologies that are strictly necessary to operate the Service and keep you signed in. This local data is wiped from the browser when you sign out (a safeguard for shared-device situations consistent with A.R.S. § 18-552).
We do not intentionally collect Social Security numbers, government-ID numbers, payment-card numbers, or special-category data, and you should not enter them.
3. How We Use Information
We use information to: (a) provide, operate, and secure the Service and compute the estimates you request; (b) create and sync your deals across your devices through our database provider; (c) authenticate you and protect against fraud, abuse, and security incidents; (d) provide support and respond to you; (e) maintain, debug, and improve the Service, including through aggregated or de-identified analytics that cannot reasonably identify you, your clients, or a deal; and (f) comply with law and enforce our Terms of Service.
We process client information only on the agent's behalf and instructions to provide the Service. We do not use client information for our own independent purposes, and we do not use it for advertising.
4. The Agent–Client Relationship (controller / processor)
When you, as an agent, enter your clients' information, you are the controller of that information and we are your processor / service provider. You represent that you have the necessary rights, authority, consents, and notices to collect that information and to provide it to us for processing, and that doing so complies with your agency, fiduciary, privacy, and licensing obligations. If a client wishes to exercise rights over information you entered, you are responsible for responding; we will assist you as reasonably required.
5. How We Share Information — Sub-Processors
We share information only as follows:
- Service sub-processors that power ClosingMind and process information on our behalf under contract, limited to providing the Service. As of the date above, these are:
- Supabase — database and authentication (stores your account and deal data);
- Vercel — application hosting and delivery;
- Sentry — error and performance monitoring (diagnostic/log data); and
- Anthropic — AI text generation, only if and when the optional AI-narrative feature is enabled, and only the inputs needed to generate that text. [Confirm with the provider whether inputs are used to train models; ClosingMind's intent is that customer data is not used for model training — verify and state accurately.]
- Share links you create. When you generate a shareable client view, the people you send the link to can view the information you chose to include. You control whether and with whom to share.
- Legal and safety. We may disclose information if required by law, subpoena, or legal process, or to protect the rights, safety, or property of any person, or to investigate fraud or security incidents.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.
We do not sell your or your clients' personal information, and we do not share it for cross-context behavioral advertising (terms used under the California Consumer Privacy Act, as amended by the CPRA). We do not give or receive anything of value for referrals of settlement-service business (consistent with RESPA § 8).
6. Data Retention
We retain account and deal information for as long as your account is active and as needed to provide the Service, and afterward as required for legitimate business or legal purposes. You may request deletion or export of your data as described in Section 8. Local-storage deal data is cleared from your browser on sign-out; data also stored with our database provider can be re-synced on your next sign-in until deleted.
7. Security and Data-Breach Notification
We use reasonable administrative, technical, and physical safeguards designed to protect information, consistent with the spirit of the FTC Safeguards Rule (16 C.F.R. part 314) and the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.) where applicable. These include encryption in transit, access controls, sign-out data wiping for shared devices, and tokenized share links. No system is perfectly secure, and we cannot guarantee absolute security.
Breach notification. In the event of a breach of the security of the system involving unauthorized acquisition of unencrypted (or unredacted) personal information, we will investigate and provide notice to affected individuals and, where required, to the Arizona Attorney General and the three nationwide consumer reporting agencies, in accordance with Arizona's data-breach notification law (A.R.S. § 18-552) and any other applicable law. Where we act as a processor for an agent's client information, we will notify the agent without undue delay so the agent can meet its own notification obligations.
8. Your Rights and Choices
You may access, correct, update, export, or delete your account and deal information by using in-app controls or by contacting us at [PRIVACY EMAIL]. We will verify your request and respond as required by law. If you are a California resident or otherwise have rights under another state's privacy law, you may have additional rights (such as the right to know, delete, correct, and to opt out of "sale"/"sharing" — and we do not sell or share for advertising); contact us to exercise them, and we will not discriminate against you for doing so. For client information an agent entered, please contact the agent (the controller); see Section 4.
You can also control cookies through your browser, though disabling strictly necessary cookies may prevent the Service from working.
9. AI Processing
If the optional AI-narrative feature is enabled, the deal inputs needed to generate the narrative are sent to our AI sub-processor (Anthropic) to produce text, which is then reviewed by you before any client use. The AI is constrained so that it does not invent dollar figures, and any AI output is an estimate, not advice. [Confirm and state the provider's data-use/retention and no-training position accurately.]
10. Children's Privacy
The Service is for licensed real-estate professionals and is not directed to children under 13, and we do not knowingly collect personal information from children under 13 (consistent with the Children's Online Privacy Protection Act, 15 U.S.C. § 6501 et seq.). If you believe a child provided us information, contact us and we will delete it.
11. Communications
We may send you service and account messages. We will obtain any consent required for marketing emails or text messages and honor opt-outs, consistent with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.) and the Telephone Consumer Protection Act (47 U.S.C. § 227). You can opt out of marketing messages using the unsubscribe link or by contacting us.
12. Where Information Is Processed
ClosingMind is operated in the United States and intended for use in Arizona. Information is processed in the United States by us and our sub-processors. We do not currently target users outside the United States.
13. Changes to this Policy
We may update this Policy. If we make material changes, we will provide notice (for example, in-app or by email) and update the "Last updated" date. Your continued use after the changes take effect constitutes acceptance.
14. Contact Us
[LEGAL ENTITY NAME] [MAILING ADDRESS] Privacy: [PRIVACY EMAIL]