Privacy Policy
How we collect, use, and protect your data.
Who we are
Closio AI is an AI-powered proposal generation tool operated by Abdullah Khan. Our registered address and contact details are available at closioai.com/contact. For all privacy-related enquiries, contact us at privacy@closioai.com.
What data we collect
Account data
When you create an account we collect your full name, email address, company name, and job title. This data is required to provide the service.
Proposal data
All proposals you create, including client names, project details, and generated content, are stored securely in our database. This data belongs to you and can be exported or deleted at any time.
Usage data
We collect anonymous usage data including pages visited, features used, and session duration. This helps us improve the product. We use PostHog for analytics — data is anonymised and not sold to third parties.
Payment data
We do not store your payment card details. All payments are processed by Polar.sh who act as Merchant of Record. Polar's privacy policy applies to payment data.
Communications
If you contact us by email, we store that correspondence. If you subscribe to our email list via Loops.so, your email and name are stored in Loops.
How we use your data
- To provide and improve the Closio AI service
- To authenticate your account and keep it secure
- To send transactional emails — proposal notifications, payment confirmations, team invites
- To send product updates if you have opted in
- To respond to support requests
- To detect and prevent fraud or abuse
Who we share data with
We do not sell your data. We share data only with the third-party services required to operate Closio AI.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database and file storage | All app data — encrypted at rest |
| Clerk.dev | User authentication | Email, name, account metadata |
| Anthropic | AI proposal generation | Project brief data sent per request |
| Polar.sh | Payment processing | Email, subscription status |
| Resend | Transactional email | Email address, name |
| Loops.so | Email marketing | Email, name, company — only for opted-in users |
| Vercel | Hosting | Server logs — IP addresses — 30-day retention |
| Cloudflare | Bot protection and DNS | IP address — request metadata |
| Docuseal | E-signatures (self-hosted) | Signature data stored on our own server |
Data storage and security
Your data is stored in Supabase's hosted PostgreSQL database with Row Level Security (RLS) enabled — meaning each user can only access their own data. Data is encrypted at rest and in transit using TLS 1.3. Signature images and signed PDFs are stored in Supabase Storage with encrypted buckets.
Your rights under GDPR
If you are located in the European Economic Area, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate data we hold about you
- Right to erasure — request deletion of your personal data
- Right to data portability — receive your data in a machine-readable format
- Right to restrict processing — ask us to limit how we use your data
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent
To exercise any of these rights, email privacy@closioai.com. We will respond within 30 days.
Your rights under CCPA
If you are a California resident, you have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@closioai.com.
Cookies
We use essential cookies required to operate the service — authentication session cookies and security tokens. We do not use advertising or tracking cookies.
Data retention
- Account data — retained while your account is active. Deleted within 30 days of account deletion request.
- Proposal data — retained while your account is active. You can delete individual proposals at any time.
- Payment records — retained for 7 years for tax and legal compliance.
- Server logs — retained for 30 days then automatically purged.
- Email communications — retained for 2 years.
Children's privacy
Closio AI is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@closioai.com and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by displaying a notice in the app. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
For all privacy matters: privacy@closioai.com. For general enquiries: hello@closioai.com.