Back to Home

Privacy Policy

Privacy Policy

Last Updated: January 10, 2026
Effective Date: January 10, 2026

1. Company Information

Service Name: CloseYourLead
Website: https://closeyourlead.com
Email: legal@closeyourlead.com
Data Protection Officer: dpo@closeyourlead.com

2. Introduction

This Privacy Policy describes how CloseYourLead ("we," "our," or "us") collects, uses, and protects your personal information when you use our Service.

We are committed to protecting your privacy and ensuring compliance with:

  • GDPR (General Data Protection Regulation - EU)
  • CCPA (California Consumer Privacy Act)
  • CAN-SPAM Act (Email regulations)

3. Information We Collect

3.1 Personal Information

  • Account Information: Email address, name, password (encrypted)
  • Profile Information: Full name, real estate license information, business details
  • Payment Information: Credit card details (processed securely by Stripe, not stored by us)
  • Contact Information: Phone number, business address (optional)

3.2 Lead Data

  • Client Information: Lead names, email addresses, phone numbers, preferences
  • Property Preferences: Location, price range, property types, bedrooms/bathrooms
  • Communication History: Email opens, clicks, engagement metrics
  • Custom Fields: Any additional information you add about your leads

3.3 Technical Information

  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages visited, actions performed
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Location Data: General location (country/region) based on IP address

3.4 Third-Party Data

  • Property Listings: Data from Zillow, Realtor.com, Redfin APIs
  • Email Metrics: Delivery status, open rates, click rates from Resend

4. How We Use Your Information

We use your information for:

  • Service Provision: Provide, maintain, and improve CloseYourLead
  • Property Matching: Match properties to your leads' preferences
  • Email Delivery: Send property alerts on your behalf
  • Authentication: Secure account access and session management
  • Payment Processing: Process subscriptions via Stripe
  • Analytics: Understand usage patterns and improve user experience
  • Communication: Send transactional emails (welcome, password reset, billing)
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce Terms of Service
  • Customer Support: Respond to your inquiries and provide assistance

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Consent: You have given explicit consent (e.g., account creation, marketing emails)
  • Contract: Processing is necessary to fulfill our service agreement
  • Legal Obligation: Required to comply with legal requirements (e.g., tax records)
  • Legitimate Interests: Necessary for our business operations (e.g., fraud prevention, service improvement)

6. Data Storage and Security

6.1 Storage Location

  • Database: Supabase PostgreSQL (US regions, EU available upon request)
  • File Storage: Supabase Storage with encryption
  • Backups: Automated daily backups with 90-day retention

6.2 Security Measures

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access control (RBAC)
  • Authentication: Secure password hashing (bcrypt), optional 2FA
  • Monitoring: 24/7 security monitoring and logging
  • Compliance: SOC 2, GDPR, CCPA compliant infrastructure
  • Session Management: Secure, httpOnly cookies with CSRF protection

6.3 Retention Period

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: 30-day soft delete period, then permanent deletion
  • Audit Logs: Retained for 1 year for security and compliance
  • Backups: 90-day retention for disaster recovery
  • Financial Records: Retained for 7 years as required by law

7. Data Sharing and Disclosure

We may share your information with:

7.1 Service Providers

  • Stripe: Payment processing (PCI-DSS compliant)
  • Resend: Transactional email delivery
  • Supabase: Authentication, database, and storage
  • Zillow/Realtor.com/Redfin: Property data APIs (we send search criteria, receive listings)
  • Vercel: Infrastructure hosting

All service providers are bound by data processing agreements and GDPR compliance.

7.2 Legal Requirements

We may disclose information when required by:

  • Court orders or legal process
  • Law enforcement requests
  • Protection of our rights or safety
  • Compliance with legal obligations

7.3 Business Transfers

In the event of a merger, acquisition, or sale, your data may be transferred to the new entity. You will be notified of any such change.

7.4 With Your Consent

We may share data with third parties when you explicitly consent.

7.5 What We DO NOT Do

  • We do not sell your personal information
  • We do not sell your lead data
  • We do not share data with advertisers
  • We do not use your data for marketing to your leads

8. Your Rights

8.1 GDPR Rights (EU Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in machine-readable format (CSV, JSON)
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge Complaint: File complaint with supervisory authority

8.2 CCPA Rights (California Users)

  • Right to Know: Know what personal information is collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Not be discriminated against for exercising rights

8.3 How to Exercise Your Rights

  • Data Export: Settings → Privacy → Export Data (CSV format)
  • Data Deletion: Settings → Privacy → Delete Account
  • Email Requests: Send to legal@closeyourlead.com with subject "Privacy Request"
  • Response Time: We will respond within 30 days (GDPR/CCPA requirement)

8.4 Verification Process

To protect your privacy, we verify your identity before processing requests:

  • Account email verification
  • Security questions
  • Two-factor authentication (if enabled)

9. Cookies and Tracking Technologies

9.1 Types of Cookies

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Preference Cookies: Remember your settings (theme, language)
  • Analytics Cookies: Understand usage patterns (with consent)
  • Marketing Cookies: Not used (we do not run ads)

9.2 Cookie Management

You can control cookies through:

  • Browser settings (disable non-essential cookies)
  • Our cookie banner (accept/reject on first visit)
  • Account settings (manage preferences)

Disabling essential cookies may affect functionality.

9.3 Do Not Track

We respect "Do Not Track" browser settings and do not track users across third-party websites.

10. International Data Transfers

  • Data may be processed in the United States
  • We use Standard Contractual Clauses (SCCs) approved by EU Commission
  • All transfers comply with GDPR Article 46 requirements
  • EU users can request data storage in EU regions

11. Children's Privacy

  • CloseYourLead is not intended for users under 18 years old
  • We do not knowingly collect information from children
  • If we learn we have collected children's data, we will delete it immediately
  • Parents/guardians may contact us to request data deletion

12. Email Communications

12.1 Transactional Emails

We send essential emails for:

  • Account creation and verification
  • Password resets
  • Billing notifications
  • Security alerts

You cannot opt-out of transactional emails (required for service operation).

12.2 Marketing Emails

We may send:

  • Product updates and new features
  • Tips for using CloseYourLead
  • Industry news and best practices

You can opt-out anytime via:

  • Unsubscribe link in emails
  • Settings → Notifications → Marketing Emails

12.3 Property Alert Emails

Emails sent to your leads on your behalf:

  • Sent from your email address (via our infrastructure)
  • Include unsubscribe links (CAN-SPAM compliant)
  • You are responsible for obtaining proper consent from recipients
  • We monitor for spam complaints and abuse

13. Third-Party Links

Our Service may contain links to third-party websites (e.g., property listings). We are not responsible for their privacy practices. Please review their privacy policies.

14. Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours (GDPR requirement)
  • Notification via email to registered address
  • Details of breach, data affected, and remediation steps
  • Notification to supervisory authorities as required

15. California-Specific Disclosures

15.1 CCPA Categories of Information

We collect the following categories:

  • Identifiers (name, email, IP address)
  • Commercial information (subscription history)
  • Internet activity (usage logs)
  • Professional information (real estate license)

15.2 Sale of Personal Information

We do not sell personal information as defined by CCPA.

15.3 California "Shine the Light" Law

California residents can request information about data shared with third parties for marketing purposes. We do not share data for third-party marketing.

16. Changes to This Privacy Policy

  • We may update this Privacy Policy periodically
  • Changes posted on this page with updated "Last Updated" date
  • Material changes notified via email to registered users
  • Continued use after changes constitutes acceptance
  • Previous versions available upon request

17. Data Protection Officer

For EU users and privacy inquiries:

Email: dpo@closeyourlead.com
Subject Line: "GDPR Request - [Access/Deletion/Portability/etc.]"
Response Time: Within 30 days

18. Supervisory Authority

EU users have the right to lodge a complaint with their national data protection authority:

19. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Email: legal@closeyourlead.com
Subject: Privacy Policy Inquiry
Mailing Address: [Your Business Address]
Response Time: Within 5 business days

20. Compliance Summary

This Privacy Policy complies with:

  • GDPR (EU 2016/679) - General Data Protection Regulation
  • CCPA (California Civil Code § 1798.100) - California Consumer Privacy Act
  • CAN-SPAM Act - Email marketing regulations
  • PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)
  • SOC 2 - Security and privacy framework

Audit Trail: This document was last reviewed and updated on January 10, 2026 to ensure compliance with current privacy regulations.

© 2026 CloseYourLead. All rights reserved.