Privacy Policy
Last updated May 22, 2026
Effective Date: May 22, 2026
1. Introduction
Klosa CRM (“Klosa”, “we”, “us”, or “our”) operates the website klosacrm.com and provides a customer relationship management platform for real estate professionals. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
2. Information We Collect
Information you provide directly:
- Full name and email address when creating an account
- Contact information for contacts you add to the platform
- Deal information, property details, and notes you enter
- Payment information (processed by Stripe — we never store your card details)
- Email provider credentials (encrypted and stored securely)
- Names and email addresses of third-party participants you invite to Transaction Portals
- Documents and comments uploaded by portal participants
- Contract documents you create, and the names, email addresses, IP addresses, and signing timestamps of external contract signers
Information collected automatically:
- IP address and browser type
- Pages visited and features used within the platform
- Email open and click events when you send email blasts through the platform
3. How We Use Your Information
We use your information to:
- Provide, operate, and improve the Klosa CRM platform
- Process payments and manage your subscription
- Send you service-related emails (account confirmation, billing receipts)
- Respond to your support requests
- Monitor platform performance and fix issues
4. Your Data Belongs to You
All contacts, deals, tasks, and other data you enter into Klosa CRM is yours. We do not sell, rent, or share your data with third parties for marketing purposes. We do not use your business data to train AI models or for any purpose other than providing you the Service.
5. Data Storage and Security
Your data is stored on Supabase (PostgreSQL database hosted on AWS). We use industry-standard encryption for sensitive data including email provider credentials. Access to your data is protected by Row Level Security — meaning each user can only access their own data.
6. Third-Party Services
Klosa uses the following third-party services:
- Stripe— payment processing. Subject to Stripe’s Privacy Policy.
- Supabase — database and file storage.
- Brevo — transactional email delivery for system emails.
- Anthropic— AI-powered auto-fill features. Text you submit for AI processing is sent to Anthropic’s API.
- Vercel — website hosting.
7. Email Blasts
When you use Klosa to send email blasts to your contacts, you are responsible for complying with applicable email laws including CAN-SPAM and GDPR. Klosa provides unsubscribe functionality — contacts who unsubscribe will be automatically excluded from future blasts.
7b. Transaction Portal
When you create a Transaction Portal, you share a link with third parties who may access it without a Klosa account. Those participants can upload documents and leave comments. You are responsible for ensuring you have authorization to share portal access with those parties. Klosa stores participant names, email addresses, uploaded files, and comments solely to operate the portal.
7c. Contracts & Electronic Signatures
When you use Klosa Contracts to send a document for signature, Klosa stores the contract PDF and information about each external signer on your behalf — including their name, email address, IP address, and the date and time they signed. We act as a data processor for this information: it is collected and retained solely to generate the signed document, operate the signing workflow, and provide an audit record to you. You are the data controller and are responsible for having a lawful basis to send contracts to, and collect signatures from, those parties.
Signed contract PDFs and signer records are stored for as long as your account is active and are deleted when your account is cancelled, in line with the data retention terms below.
8. Data Retention
We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow reactivation. After 30 days, your data is permanently deleted from our servers. You may request deletion of your data at any time by contacting us.
9. Your Rights
You have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Export your data (via CSV export)
To exercise these rights, contact us at support@klosacrm.com.
10. Children’s Privacy
Klosa CRM is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions: support@klosacrm.com
