Privacy Policy

Last updated: February 16, 2026

This Privacy Policy describes how OpenShut LLC ("OpenShut," "we," "us," or "our") collects, uses, discloses, and protects the personal information of users ("you" or "your") of the OpenShut platform at openshut.me (the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Account Information. When you create an account, we collect your name, email address, organization name, job title, and authentication credentials managed through our identity provider (Clerk).

Billing Information. Payment details (credit card numbers, billing addresses) are collected and processed by our payment processor (Stripe). We do not store full credit card numbers on our servers. We receive only the last four digits, expiration date, and billing address for record-keeping.

Uploaded Documents. When you upload documents (financial statements, organizational documents, borrower materials, fund documents), we process them to extract data and generate your requested output. Uploaded documents are stored in encrypted cloud storage.

Generated Documents. Documents we generate on your behalf are stored in your organization's isolated environment and are accessible only by authorized members of your organization.

Usage Data. We automatically collect information about how you use the Service, including pages visited, features used, deals created, documents generated, timestamps, IP addresses, browser type, and device information.

Cookies and Similar Technologies. We use essential cookies required for authentication and session management. We use analytics cookies to understand how the Service is used. You can disable non-essential cookies in your browser settings, though this may affect functionality.

2. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain the Service
  • To process your documents and generate requested output
  • To process transactions and send related billing information
  • To manage your account and provide customer support
  • To send service-related communications (account confirmations, billing notices, security alerts, technical updates)
  • To monitor and analyze usage patterns to improve the Service
  • To detect, prevent, and address fraud, security issues, and technical problems
  • To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Document Handling and AI

Your uploaded documents are processed solely to provide the Service. Specifically:

  • Documents are encrypted at rest using AES-256 encryption and in transit using TLS 1.3
  • Each organization's data is logically isolated from all other organizations
  • Download links for generated documents expire after one hour
  • We do not use your documents, deal data, or generated output to train, fine-tune, or improve any AI or machine learning models
  • Document processing uses third-party AI services for text extraction and legal language generation only; financial figures are calculated separately and are never AI-generated
  • You retain full ownership of all uploaded and generated documents
  • You may delete your documents at any time through the Service

4. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your information, including:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • Organization-level data isolation
  • Expiring document download links
  • Full audit trails of all user actions
  • Role-based access controls
  • Regular security reviews

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

5. Third-Party Services

We use the following categories of third-party service providers to operate the Service:

  • Authentication: Clerk (identity management and single sign-on)
  • Payment Processing: Stripe (payment collection and subscription management)
  • Cloud Infrastructure: Amazon Web Services (compute, storage, and document processing)
  • Database: Supabase (managed PostgreSQL hosting)
  • AI Processing: Third-party AI providers for text extraction and legal language generation

Each third-party provider processes your data only as necessary to provide their specific service and is bound by their own privacy policies and applicable data processing agreements. We do not share your data with third parties for advertising or marketing purposes.

6. Data Retention

We retain your information as follows:

  • Account Information: Retained for as long as your account is active and for up to 30 days after account deletion to allow for account recovery
  • Uploaded Documents: Retained until you delete them or close your account
  • Generated Documents: Retained until you delete them or close your account
  • Billing Records: Retained for 7 years as required by applicable tax and accounting regulations
  • Audit Logs: Retained for 2 years for security and compliance purposes
  • Usage Data: Retained in aggregated, anonymized form indefinitely for analytics

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing of your personal information in certain circumstances

To exercise any of these rights, contact us at privacy@openshut.me. We will respond to your request within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at privacy@openshut.me.

9. International Data Transfers

The Service is operated from the United States. If you are accessing the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at:

OpenShut LLC
Email: privacy@openshut.me