Privacy Policy
Last updated: May 28, 2026
Close It Yourself ("CIY," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, how long we keep it, and the choices you have when you use closeityourself.com and related services (the "Service"). By using the Service, you agree to this policy. If you do not agree, do not use the Service.
The Service is intended for residents of the United States only. Personal data processed through the Service is stored on servers located in the United States.
1. Information We Collect
Account information (via third-party sign-in)
- Name and email address from Google or Apple
- Profile picture URL (Google only, if present)
- The provider's stable account identifier for authentication
Profile and preferences you provide
- Buying status, timeline, budget, and saved search preferences
- Saved locations, points of interest, and commute origins
- Email notification preferences
Property activity
- Property searches and filters
- Saved, toured, and watched properties
- Buyer timeline steps, checklist state, and personal notes
- Records of under-contract properties and offers you record
- Service-provider selections (e.g., attorneys, inspectors)
- Notifications sent to you and agent inquiry records
Uploaded documents
When you use the document storage feature, we store the files you upload (e.g., pre-approval letters, inspection reports, disclosures) and metadata (filename, size, mime type, associated property or provider). Uploaded documents are stored in Amazon Web Services S3 in the United States. You control what you upload. We recommend redacting account numbers, Social Security numbers, and other sensitive data before uploading.
AI chat content
- Prompts you submit and responses returned by the AI
- Conversation metadata (conversation id, timestamps)
Payment information
Purchases are processed by Stripe, Inc. Stripe collects your payment method details directly. We receive only a customer identifier, subscription status, and transaction metadata. We do not store full credit or debit card numbers. Stripe's handling of your payment data is governed by Stripe's own privacy policy.
Technical and usage data
- IP address, browser type, device type, and operating system
- Pages visited, features used, and actions taken
- Referring URL and approximate geographic location (country/region level, derived from IP)
- Diagnostic logs, error reports, and request timing
This data is used for security, debugging, and product analytics. We use PostHog to collect product analytics events; PostHog processes this information on our behalf under a data-processing agreement.
2. How We Use Information
- Provide the Service, authenticate you, return property search results, power the AI assistant, store your saved properties and documents, send notifications you requested.
- Billing, process your one-time payment and manage your purchase and access period.
- Communicate with you, service emails (sign-up confirmation, receipts, account reminders, password recovery) and support responses. You can opt out of non-essential emails in your account preferences.
- Improve the Service, analyze aggregated usage patterns to fix bugs, improve features, and make product decisions.
- Security and fraud prevention, detect and prevent abuse, fraud, and unauthorized access; enforce our Terms.
- Legal compliance, comply with applicable laws and respond to valid legal process.
We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you. We do not use your information for political, racial, or other sensitive profiling.
3. Service Providers (Data Processors)
We share data with the following service providers solely to operate the Service. Each operates under contractual restrictions and is not permitted to use your data for its own purposes (except where noted).
| Provider | Purpose | Data |
|---|---|---|
| Authentication (OAuth) | Name, email, account id | |
| Apple | Authentication (Sign in with Apple) | Name, email (or relay), account id |
| Stripe | Payment processing | Payment card handled by Stripe; we receive customer id + status |
| OpenRouter (third-party LLM vendor) | AI chat responses | Prompts + context you submit |
| RapidAPI marketplace and its API providers | Property listings | Search parameters (location, filters) |
| Amazon Web Services | Document storage (S3), infrastructure hosting | Uploaded files and metadata |
| Resend | Transactional email delivery | Name, email, message content |
| Mapbox | Maps and address geocoding | Address strings and coordinates |
| PostHog | Product analytics | Event data and pseudonymous user id |
We may also disclose information: (a) with your consent; (b) to comply with a valid subpoena, court order, or other legal process; (c) to protect our rights, safety, or property, or those of our users or the public; or (d) to a successor entity in connection with a merger, acquisition, or sale of assets (subject to continued protection under this policy).
We do not sell your personal information, and we do not share it with third parties for cross-context behavioral advertising.
4. AI Training
We do not permit our AI vendor to train its foundation models on your prompts or our content. Chat prompts are sent to the vendor for inference only. We retain chat transcripts on our servers to provide conversation history and may use aggregated, de-identified statistics (e.g., response latency, error counts) to improve the Service.
5. Data Retention and Deletion
- Active accounts. We keep your data for as long as your account is active and as needed to provide the Service.
- Premium users: 7 days after close. When you mark a home as closed in the Service, uploaded documents and transaction-related data are deleted seven (7) days after that event. You may download all of your data at any time from your account page before or during that window.
- Deletion requests. You may request deletion of your account and personal data at any time. We will delete or de-identify your data within thirty (30) days of a verified request, except where we are required to retain records for legal, tax, fraud-prevention, or accounting purposes.
- Backups. Deleted data may persist in encrypted backups for a limited period (generally no more than 90 days) before being overwritten in the ordinary course.
- Inactive accounts. We may delete accounts that have been inactive for more than twenty-four (24) months after providing reasonable notice.
6. Security
We use reasonable administrative, technical, and physical safeguards to protect personal data, including encrypted transmission (HTTPS), encryption at rest for documents in S3, authentication through established identity providers (Google, Apple), access controls, and CSRF and rate-limiting protections on sensitive endpoints. No system is completely secure, however, and we cannot guarantee absolute security. If a breach occurs that triggers a notification obligation under applicable law, we will notify affected users as required.
7. Your Rights and Choices
Depending on where you live, you may have some or all of the following rights regarding your personal data:
- Access / portability. Request a copy of the personal data we hold about you. You can also self-serve a data export from your account page.
- Correction. Request correction of inaccurate personal data.
- Deletion. Request deletion of your personal data (subject to legal retention exceptions).
- Opt-out of sale or sharing. We do not sell or share personal data for cross-context behavioral advertising, so there is nothing to opt out of, but you may submit a confirmatory request.
- Appeal. If we deny your request, you may appeal by replying to our response email within sixty (60) days.
- Non-discrimination. We will not discriminate against you for exercising any of these rights.
To exercise any of these rights, email support@closeityourself.com. We may need to verify your identity before acting on a request (for example, by confirming you control the email address on your account). An authorized agent may submit a request on your behalf with written authorization.
8. State-Specific Notices
Some U.S. states grant residents additional privacy rights.
Indiana (Indiana Consumer Data Protection Act, effective Jan. 1, 2026)
Indiana residents have the rights described in Section 7, including the right to confirm whether we process your personal data, access it, correct inaccuracies, delete it, obtain a portable copy, and opt out of sale, targeted advertising, or profiling that produces significant effects. If we deny your request, you have the right to appeal within a reasonable time.
California (CCPA / CPRA)
California residents may request access to, correction of, and deletion of personal information, and may limit the use of sensitive personal information. We do not sell personal information or share it for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals as opt-out requests.
Texas, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws
Residents of these states may exercise substantially similar rights. Submit requests as described in Section 7. We will respond within the time required by the applicable law (generally 45 days, with a one-time extension where permitted).
9. Cookies and Local Storage
We use cookies and browser local storage for essential purposes (keeping you signed in, remembering your theme and preferences, CSRF protection) and for analytics. We do not use third-party advertising cookies. You can control cookies through your browser settings; disabling essential cookies may prevent parts of the Service from functioning. We honor the Global Privacy Control (GPC) signal where required.
10. Children's Privacy
The Service is intended for adults (18+) and is not directed to children. We do not knowingly collect personal information from anyone under 13, and we do not knowingly allow anyone under 18 to create an account. If you believe a child has provided us personal information, contact us at support@closeityourself.com and we will promptly delete it.
11. Do Not Track and Global Privacy Control
Our Service does not currently respond to Do Not Track (DNT) signals because there is no consistent industry standard. Where required by law, we treat a Global Privacy Control (GPC) signal as a request to opt out of sale or sharing; as noted above, we do not sell or share personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or in-product notice). The "Last updated" date reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance.
13. Contact
Questions or requests? Contact us at support@closeityourself.com.