Meet CLOS - the world's #1 App for Virtual Photoshoots & Remote Castings

CLOS INC. — PRIVACY POLICY

Last updated: April 22, 2026
Effective date: April 22, 2026

This Privacy Policy explains how CLOS Inc. ("CLOS," "we," "us," or "our")
collects, uses, shares, and protects personal information when you use our
Services, including:

• Our website at https://clos.vc
• Our website at https://closapp.space
• Our web application at https://web.closapp.space
• Our mobile application "CLOS" on iOS and Android
• Any related services we provide
(collectively, the "Services")

By using the Services, you agree to the practices described in this
Privacy Policy. If you do not agree, please do not use the Services.

WHO WE ARE (DATA CONTROLLER)

The data controller responsible for your personal information is:

CLOS Inc.
447 Broadway, 2nd Floor, #557
New York, NY 10013
United States
Email: privacy@clos.vc

INFORMATION WE COLLECT

We collect the following categories of information:

2.1 Information you provide directly:

• Account data: name, email address, username, password (stored as a
salted hash), profile photo (if provided).
• Content you upload: photos, videos, and other media you capture or
upload through the Services.
• Communications: messages you send to our support team, survey
responses, and feedback.
• Business details: if you use Enterprise features, your company name,
role, and billing contact.

2.2 Payment information:

When you purchase a paid plan, payment is processed by our third-party
payment processors — primarily Stripe, Inc. on the web, and Apple or
Google for in-app purchases. These processors collect and handle your
payment card number, expiration date, CVV, and billing address
directly. CLOS does NOT receive, store, or have access to your full
payment card number. We receive only limited information such as card
brand, last four digits, expiration month/year, and billing country,
which we use to manage your subscription and prevent fraud.

2.3 Information collected automatically:

• Device and log data: IP address, device type and model, operating
system and version, browser type, language, time zone, crash logs,
and diagnostic data.
• Usage data: features used, actions taken, session duration, virtual
rooms created, and storage consumed.
• Cookies and similar technologies: we use cookies and similar
technologies on our websites for authentication, preferences, and
analytics. See Section 9 for details.

2.4 Information from third parties:

• Authentication providers: if you sign in via Apple, Google, or
another provider, we receive basic profile data from that provider.
• Analytics and infrastructure providers: see Section 6.

HOW WE USE INFORMATION

We use personal information to:

• Create and manage your account.
• Provide, operate, and maintain the Services, including hosting your
User Content.
• Process subscriptions and payments through our payment processors.
• Communicate with you about your account, updates, and support.
• Send marketing emails where permitted by law (you can unsubscribe at
any time).
• Improve, personalize, and develop the Services.
• Monitor usage, detect and prevent fraud, abuse, and security
incidents.
• Comply with legal obligations, including tax, accounting, and
anti-fraud laws.

Legal bases (for users in the EEA, UK, and Switzerland): we rely on
(a) performance of a contract with you; (b) our legitimate interests in
operating and securing the Services; (c) your consent (which you may
withdraw at any time); and (d) compliance with legal obligations.

HOW WE SHARE INFORMATION

We do not sell your personal information. We share it only as follows:

4.1 Service providers (processors). We share information with vendors who
help us run the Services under contracts that require them to protect
your data and use it only for the services we request. These include:

• Stripe, Inc. — payment processing (https://stripe.com/privacy)
• Apple, Inc. — iOS in-app subscriptions
• Google LLC — Android in-app subscriptions and Firebase services
• RevenueCat, Inc. — subscription lifecycle management
(https://www.revenuecat.com/privacy)
• Branch Metrics, Inc. — deep linking and attribution
(https://branch.io/policies/#privacy)
• Google Firebase — analytics, crash reporting, performance
(https://firebase.google.com/support/privacy)
• Cloud hosting providers — for storage and compute

4.2 Other users. If you invite another user to a virtual room, or if a
shoot includes multiple participants, those participants will see your
username, profile photo, and the content shared in that session.

4.3 Legal and safety. We may disclose information if we believe in good
faith that disclosure is necessary to comply with law, respond to valid
legal process, enforce our Terms, protect the safety of any person, or
address fraud or security concerns.

4.4 Business transfers. If we are involved in a merger, acquisition,
financing, or sale of assets, your information may be transferred to the
acquiring party, subject to this Privacy Policy.

4.5 With your consent. We may share information in other ways with your
explicit consent.

INTERNATIONAL DATA TRANSFERS

We are headquartered in the United States. Your information may be
transferred to, stored in, and processed in the United States and other
countries where our service providers operate. These countries may have
data protection laws different from those in your country.

For transfers from the EEA, UK, or Switzerland to countries not deemed
to provide an adequate level of protection, we use appropriate
safeguards, including the European Commission's Standard Contractual
Clauses or equivalent mechanisms.

DATA RETENTION

We retain personal information for as long as necessary to provide the
Services and for legitimate business or legal purposes:

• Account data: retained while your account is active and for up to
90 days after you close your account, except where longer retention
is required by law.
• User Content: retained while stored in your CLOS Cloud. Deleted
content is removed from active systems within 30 days and from
backups within 90 days.
• Payment records and invoices: retained for 7 years to comply with
tax and accounting laws.
• Log data: typically retained for 90 days, longer if needed to
investigate security incidents.

SECURITY

We use commercially reasonable technical and organizational measures to
protect personal information, including encryption in transit (TLS),
encryption at rest for stored content, access controls, and regular
security reviews. No system is 100% secure, and we cannot guarantee
absolute security. Please protect your password and notify us at
security@clos.vc if you suspect unauthorized access.

YOUR RIGHTS

Depending on where you live, you may have the following rights regarding
your personal information:

• Access — request a copy of the personal information we hold about
you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete your personal information (subject to
legal exceptions).
• Objection / restriction — object to or restrict certain processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent — where we rely on consent, withdraw it at any
time.
• Opt out of marketing — unsubscribe using the link in our emails or
by emailing privacy@clos.vc.

To exercise any of these rights, email privacy@clos.vc. We will respond
within the timeframe required by applicable law (typically 30 days). You
may also lodge a complaint with your local data protection authority.

8.1 California residents (CCPA/CPRA). You have the right to know what
personal information we collect, to delete it, to correct it, and to opt
out of "sale" or "sharing" of personal information. We do not sell or
share your personal information as those terms are defined under
California law. To exercise your rights, email privacy@clos.vc.

8.2 Authorized agents. You may designate an authorized agent to make a
request on your behalf. We will require verification of the agent's
authority.

COOKIES AND TRACKING

Our websites use cookies and similar technologies to:

• Keep you signed in and remember your preferences (essential).
• Measure traffic and understand how users interact with the site
(analytics).
• Attribute installs and referrals (Branch).

You can control cookies through your browser settings. Disabling
essential cookies may prevent parts of the Services from working
correctly. Where required by law, we will ask for your consent before
setting non-essential cookies.

CHILDREN

The Services are not directed to children under the age of 13 (or 16 in
the EEA/UK). We do not knowingly collect personal information from
children. If you believe a child has provided us with personal
information, email privacy@clos.vc and we will delete it promptly.

THIRD-PARTY LINKS

The Services may contain links to third-party websites or services. This
Privacy Policy does not apply to those third parties. Please review
their privacy policies before providing them with your information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If the changes are
material, we will notify you by email or through the Services at least
30 days before they take effect. The "Last updated" date at the top
shows when this policy was last revised.

For privacy questions, requests, or complaints:

Email: privacy@clos.vc
Security issues: security@clos.vc
General support: support@clos.vc

CLOS Inc.
447 Broadway, 2nd Floor, #557
New York, NY 10013
United States

END OF PRIVACY POLICY