Draft — these legal documents are a starting template for a Florida-based title and closing platform. Review with licensed counsel before holding them out as binding terms.

Privacy Policy

Last updated: May 28, 2026

This Privacy Policy describes how Title Company Agency LLC d/b/a GoodCloser (“GoodCloser,” “we,” “us”) collects, uses, and shares information when you use our title and closing platform at goodcloser.com (the “Service”).

We are a Florida company. As a title-and-closing-software provider, we handle highly sensitive information — driver licenses, social security numbers, bank-account numbers, mortgage details — and our handling is governed by the federal Gramm-Leach-Bliley Act (GLBA), Florida Information Protection Act (FIPA), Florida Digital Bill of Rights, the California Consumer Privacy Act (CCPA) where applicable, and the EU General Data Protection Regulation (GDPR) for any EU residents.

1. Who this Policy applies to

This Policy applies to (a) visitors to our marketing pages, (b) Users of the Service (closers, processors, attorneys, admins), and (c) data subjects whose information is processed through the Service in the course of a closing transaction — including buyers, sellers, borrowers, agents, and beneficial owners.

For data we process on behalf of a Customer (a title agency or law firm using the Service), GoodCloser acts as a data processor. The Customer is the data controller and is primarily responsible for the lawful basis of collection. See our Data Processing Agreement.

2. Information we collect

2.1 Account information

Name, email, phone, role, employer, password (hashed), and authentication tokens.

2.2 Transaction information

File numbers, property addresses, sale prices, loan amounts, closing dates, party names (buyer/seller/borrower/lender), agent contacts, and all documents uploaded to the Service in connection with a closing.

2.3 Sensitive personal information (SPI)

Necessary to perform a closing: tax identification numbers (SSN, ITIN, EIN), date of birth, government-issued ID copies, beneficial-ownership disclosures, bank-account and routing numbers, wire instructions, payoff statements, signature images, and IRS 1099-S filings.

2.4 Financial and accounting data

Trust-account balances, escrow ledger entries, bank transactions imported via Plaid or Mercury, journal entries, premium remittance, and reconciliation records.

2.5 Compliance data

OFAC sanctions-screening queries and results, Form 8300 alerts, BSA/AML monitoring events, audit log entries (who did what, when), call-back logs for wire verification.

2.6 Usage data

Pages viewed, features used, errors encountered, IP address, device type, browser. Collected for security, support, debugging, product improvement.

2.7 Cookies and similar technologies

We use cookies for session management (essential, always on), and — only with your consent — for product analytics (PostHog) and error tracking (Sentry). See Section 9 below.

3. How we use information

Service delivery — provide the Service, host documents, route signatures, generate disclosures, run compliance checks.
AI-assisted features — title-chain analysis, document triage, OCR, natural-language search, fraud-signal detection. Models are operated by GoodCloser and our subprocessors (currently Anthropic).
Compliance & legal — OFAC screening, Form 8300 detection, BSA monitoring, 1099-S preparation, retention required by state title-agency law (typically 7 years).
Support — respond to questions, troubleshoot issues, train Users.
Security & fraud prevention — detect and respond to unauthorized access, wire fraud, account takeovers; rate-limit abuse.
Product improvement — aggregated, de-identified analysis of how features are used. We do not train AI models on Customer Data without separate written consent.
Communications — service announcements, billing, security notifications. Marketing emails are opt-in.

4. How we share information

We share information with:

Subprocessors who provide the underlying infrastructure (hosting, AI, payments, e-signature, identity verification). Current list and DPAs at /legal/dpa.
Authorized recipients of a closing — buyers, sellers, lenders, real estate agents, underwriters, county recorders — to the extent necessary to complete the transaction.
Government & regulators — IRS (1099-S, Form 8300), FinCEN (SARs where required), state regulators, courts pursuant to lawful process.
Successor entities in a merger, acquisition, or sale of assets, subject to the protections of this Policy.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

5. Retention

We retain transaction files for at least seven (7) years after the closing date, as required by Florida title-agency law. Account information is retained for the life of the account plus one year. Audit log entries are retained at least seven (7) years. Analytics data is retained no more than 25 months.

You can request earlier deletion subject to legal-hold and statutory-retention exceptions. See Section 7 (Your Rights).

6. Security

Encryption in transit (TLS 1.2+) and at rest (AES-256 via Supabase Storage and Postgres).
Row-Level Security policies isolate every Customer’s data at the database layer.
SOC 2 Type II controls aligned across our subprocessors (Supabase, Cloudflare, Stripe).
Mandatory multi-factor authentication for all platform admins.
Daily automated backups with point-in-time recovery.
Annual penetration test; quarterly vulnerability scans.
Incident-response plan with 72-hour breach-notification target where applicable.

7. Your rights

Subject to applicable law, you have the right to:

Access the personal information we hold about you;
Correct inaccurate or incomplete information;
Delete your personal information, subject to retention obligations;
Port your data in a machine-readable format;
Opt out of analytics cookies and non-essential communications;
Object to certain processing or restrict processing;
Lodge a complaint with the Florida Attorney General, the FTC, your state regulator, or the relevant EU supervisory authority.

To exercise any right, contact privacy@goodcloser.com. We will respond within 45 days (FL) or 30 days (GDPR / CCPA).

8. International transfers

Personal information is stored on Supabase (US-East) and Cloudflare’s global edge. If you are located outside the United States, your information will be transferred to and processed in the US. For EU/UK data, we rely on Standard Contractual Clauses with our subprocessors.

9. Cookies

We classify cookies into three categories:

Essential — always on. Session, authentication, CSRF tokens. Cannot be disabled without breaking the Service.
Analytics — off by default. PostHog product analytics. Enabled only after consent via the cookie banner.
Error tracking — off by default. Sentry. Enabled only after consent.

You can change your preferences at any time by clicking Cookie settings in the footer.

10. Children

The Service is not directed to anyone under 18. We do not knowingly collect personal information from minors. If you believe we have, contact us immediately.

11. Changes

We may update this Policy from time to time. Material changes will be communicated by email or in-product notice at least 14 days before they take effect. The “Last updated” date above will be revised.

12. Contact

Privacy questions: privacy@goodcloser.com
Data Protection Officer: dpo@goodcloser.com
Mailing address: Title Company Agency LLC, [Street Address], Naples, FL 34108, USA