Privacy Policy

Lux & Grand LLC, doing business as CloseRelay ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature and real estate transaction management platform (the "Service"). By accessing or using CloseRelay, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Personal Information

When you create an account or use our Service, we may collect the following personal information:

• Full name and professional title
• Email address
• Phone number
• Company or brokerage name
• Mailing address
• Real estate license number (where applicable)
• Billing and payment information

1.2 Electronic Signature Data

When you or your clients use our e-signature features, we collect:

• Signature images (drawn, typed, or uploaded)
• Signer name and email address
• Timestamp of each signature event
• IP address at the time of signing
• Browser and device information used during signing
• Audit trail data for legal compliance

1.3 Usage Data

We automatically collect certain information when you interact with the Service:

• Pages visited and features used
• Time spent on the platform
• Click patterns and navigation paths
• Error logs and performance data

1.4 Device and Technical Information

We collect technical information including:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Referring URLs

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service
• To process and facilitate electronic signatures on documents
• To create and manage your account
• To process payments and manage subscriptions
• To send transactional emails (signature requests, document notifications, account alerts)
• To send transactional SMS/text messages to document signers (signature request notifications, reminders, and confirmations)
• To provide customer support and respond to inquiries
• To generate audit trails for signed documents
• To improve, personalize, and optimize the Service
• To detect, prevent, and address fraud or security issues
• To comply with legal obligations and enforce our terms
• To send marketing communications (with your consent, where required by law)

3. Electronic Signature Data Handling

We understand the sensitivity of electronic signature data and treat it with the highest level of care:

• Legal Compliance: Our e-signature process is designed to comply with the Electronic Signatures in Global and National Commerce Act (ESIGN) and the Uniform Electronic Transactions Act (UETA).
• Audit Trails: We maintain comprehensive audit trails for each signed document, including signer identity, timestamp, IP address, and method of authentication. IP addresses, device/browser information, and email addresses are collected for audit and security purposes but are not treated as definitive proof of a signer's legal identity.
• Document Integrity: CloseRelay applies SHA-256 cryptographic hashing and tamper-evident controls to signed documents. These measures are designed to detect unauthorized modification after signing. The authoritative executed copy of each signed document is retained by CloseRelay.
• Identity and Authentication: CloseRelay authenticates signers through access to a unique email link. Senders may optionally enable one-time verification code (OTP) authentication on a per-relay basis for additional security. CloseRelay does not independently verify a signer's legal identity (e.g., via government-issued identification). Users are responsible for ensuring that the correct recipients are designated.
• Access Control: Only authorized parties (document sender and designated signers) can access signature data and signed documents.
• Retention: Signature data and signed documents are retained for the duration specified in our data retention policies (see Section 5) or as required by law.
• Sensitive Document Content: Documents uploaded to the Service may contain sensitive personal information (such as Social Security numbers, financial account details, or health information). Users should avoid uploading information they are not authorized to share. We process document content only to provide the Service and do not access, analyze, or use the contents of your documents for any purpose other than providing, maintaining, and improving the Service as described in these policies.

3A. SMS/Text Message Communications

CloseRelay sends transactional SMS/text messages to facilitate real estate document signing. These messages are sent as part of the signature request process initiated by a CloseRelay user (the document sender) and are necessary to complete the transaction.

When You May Receive a Text Message

You may receive an SMS message from CloseRelay when a real estate professional uses our platform to send you a document for electronic signature. These are one-time, transactional messages directly related to a document signing request. Specifically, you may receive:

• A notification that you have a document to review and sign
• A reminder if a signature request is still pending
• A confirmation that your signature has been received

How We Obtain Your Phone Number

Your phone number is provided to CloseRelay by the real estate professional (agent, broker, transaction coordinator, etc.) who is sending you a document for signature as part of the real estate transaction. CloseRelay does not independently collect phone numbers for SMS purposes. No marketing messages are sent.

Message Frequency and Costs

• Message Frequency: You will typically receive 1–3 messages per signature request (initial notification, optional reminder, and completion confirmation). These are transactional messages only.
• Message and Data Rates: Standard message and data rates may apply depending on your mobile carrier and plan. CloseRelay does not charge any fees for these messages.

Opt-Out

Although these messages are transactional and related to a document you have been asked to sign, you may opt out of receiving SMS messages at any time by:

• Replying STOP to any message you receive from CloseRelay
• Contacting us at privacy@closerelay.com

If you opt out, you will no longer receive SMS notifications for signature requests. The document sender may still reach you via email. Reply HELP to any message for assistance, or contact us at privacy@closerelay.com.

SMS Data and Privacy

• Your phone number is used solely for delivering transactional signature request notifications. No marketing or promotional messages are sent.
• We do not sell, rent, or share your phone number with third parties for marketing purposes.
• SMS messages are delivered through our third-party messaging provider, Twilio, Inc. Twilio processes your phone number solely to deliver messages on our behalf and is bound by contractual data protection obligations.

Supported Carriers

SMS notifications are available on most major U.S. mobile carriers. Carriers are not liable for delayed or undelivered messages. T-Mobile is not liable for delayed or undelivered messages.

4. Data Security and Encryption

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.2 or higher
• Data at rest is encrypted using AES-256 encryption
• Row-level security (RLS) policies ensure data isolation between accounts
• Regular security audits and vulnerability assessments
• Secure authentication with password hashing and optional multi-factor authentication
• Role-based access controls for team accounts
• Automated backups with encrypted storage

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

Security Incident Notification: In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law. Notifications may be provided via email, in-app notification, or other reasonable means. We will include information about the nature of the breach, the data involved, and steps you can take to protect yourself.

5. Data Retention

We retain your data according to the following policies:

• Account Data: Retained for as long as your account is active and for a reasonable period thereafter to fulfill legal obligations.
• Signed Documents and Audit Trails: Retained for a minimum of 7 years from the date of signing, or longer as required by applicable real estate regulations or law.
• Usage and Analytics Data: Retained in aggregate, anonymized form for up to 3 years.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).

Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as maintaining audit trails for signed documents).

6. Third-Party Services

We use the following third-party services to operate CloseRelay. Each provider has been selected for their strong privacy and security practices:

We may also use analytics and monitoring tools to improve the Service. We do not sell your personal information to any third party.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential Cookies: Required for authentication, security, and core functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve the experience.
• Preference Cookies: Store your settings and preferences (such as theme and layout choices).

You can manage cookie preferences through your browser settings. Please note that disabling essential cookies may prevent certain features from functioning properly. We do not use advertising or cross-site tracking cookies.

Do Not Track Signals: Some browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, CloseRelay does not currently respond to DNT browser signals. However, we do not engage in cross-site tracking, sell personal information for targeted advertising, or share personal data with third parties for their own advertising purposes.

8. Children's Privacy

CloseRelay is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at the address provided below.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, including standard contractual clauses and encryption, to ensure your data is protected in accordance with this Privacy Policy and applicable laws.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request a machine-readable copy of your data.
• Objection: Object to certain processing of your personal information.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within 30 days, or as required by applicable law.

11. CCPA and GDPR Compliance

California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell personal data)
• Non-discrimination for exercising your privacy rights

General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR. We process your data based on one or more of the following legal bases:

• Performance of a contract (providing the Service to you)
• Legitimate interests (improving our Service, preventing fraud)
• Consent (marketing communications)
• Legal obligation (tax records, regulatory compliance)

State Privacy Laws

Residents of certain U.S. states (including Colorado, Connecticut, Virginia, Utah, and others) may have additional privacy rights under applicable state privacy laws. We will honor applicable state privacy laws and respond to verified requests in accordance with those laws. To exercise your state privacy rights, please contact us using the information in Section 14.

12. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share your information.
• Service Providers: With trusted third-party vendors who assist in operating the Service (see Section 6), bound by contractual data protection obligations.
• Transaction Participants: Document and signature information is shared with other parties involved in the same transaction (e.g., co-signers, sending agents).
• Legal Requirements: When required by law, subpoena, court order, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
• Safety and Fraud Prevention: To protect the rights, property, or safety of Lux & Grand LLC (doing business as CloseRelay), our users, or the public.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically for the latest information.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: