Legal

Privacy Policy

Last updated: March 20, 2026

1. Introduction

ClosedHand Inc. (“ClosedHand”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp AI sales agent platform.

By using ClosedHand, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Business Information: Business name, website URL, product catalogs, pricing, and payment configuration.
  • AI Model API Keys: Your personal API keys for AI providers (OpenAI, Google, Anthropic, etc.) that you enter to power your AI sales agents.
  • Payment Information: Billing details processed securely through our payment provider. We do not store full credit card numbers.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, session duration, referral sources, and interaction patterns.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Conversation Data: Messages exchanged between your AI agent and your customers on WhatsApp. This data is stored to enable conversation history, analytics, and agent training.

2.3 Information from Third Parties

  • E-Commerce Platforms: Product data, pricing, stock levels, and order information from WooCommerce, Shopify, or other connected stores.
  • WhatsApp: Phone numbers and message content from WhatsApp conversations facilitated through your connected account.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To operate, maintain, and improve the ClosedHand platform and all its features.
  • AI Agent Functionality: To power your WhatsApp AI sales agents with the AI models and product data you configure.
  • Analytics: To provide you with performance insights, conversation analytics, and sales tracking through your dashboard.
  • Communication: To send you service updates, billing notifications, and security alerts.
  • Support: To respond to your inquiries when you contact us.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Data Security

We implement industry-leading security measures to protect your information:

  • AES-256-GCM Encryption: All sensitive data, including your AI API keys, are encrypted at rest using military-grade AES-256-GCM encryption — the same standard used by banks and government agencies.
  • HTTPS/TLS: All data transmitted between your browser and our servers is encrypted in transit using TLS 1.3.
  • Access Controls: Role-based access controls and multi-factor authentication protect your account from unauthorized access.
  • Self-Hosted Option: For maximum privacy, you can use Ollama (self-hosted AI), ensuring 100% of your conversation data stays on your own infrastructure.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

  • AI Model Providers: Conversation content is sent to your chosen AI provider (OpenAI, Google, etc.) to generate responses. This is essential for the AI agent functionality. You control which provider is used.
  • Payment Processors: Billing information is shared with our payment processor to handle transactions.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

6. Data Retention

  • Account Data: Retained as long as your account is active. Upon account deletion, data is purged within 30 days.
  • Conversation Data: Retained according to your plan level and settings. Free plan conversations are retained for 90 days.
  • Billing Records: Retained for 7 years as required by applicable tax and financial regulations.
  • API Keys: Immediately deleted upon removal from your account settings.

7. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data (“right to be forgotten”).
  • Portability: Receive your personal data in a structured, machine-readable format.
  • Restriction: Request limitation of processing of your personal data.
  • Objection: Object to processing of your personal data for specific purposes.

To exercise any of these rights, please contact our privacy team at security@closedhand.io.

8. Cookies & Tracking

ClosedHand uses essential cookies for:

  • Authentication: Session cookies to keep you logged in.
  • Preferences: Remembering your dashboard settings and language preferences.
  • Analytics: Understanding how users interact with the Platform to improve our service.

We do not use third-party advertising trackers. You can control cookie settings through your browser preferences.

9. Children's Privacy

ClosedHand is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure adequate protection for international data transfers through appropriate safeguards as required by applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email at least 30 days before they take effect. The “Last updated” date at the top of this page indicates when this policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please reach out:

For more information about our security practices, visit our Security & Privacy section. Review our full Terms of Service for additional legal information.