This Privacy Policy describes how KNWN4, LLC ("we," "us," or "our"), operating as DealCloser Autopilot, collects, uses, and shares information when you use our website at dealcloserautopilot.com and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Information You Provide
- Account & License Information: When you purchase a plan, we collect your name, email address, and payment information (processed by Stripe — we do not store your full credit card number).
- Configuration Data: When you use our configurator tool, we collect the business information you enter (company name, offer description, target audience, messaging preferences, etc.). This data is stored securely and used solely to power your automation workflows.
- Support Communications: When you contact us at [email protected], we collect the contents of your messages and any information you provide.
- LinkedIn OAuth Credentials: When you connect your LinkedIn account through our portal, we initiate an OAuth flow via our third-party provider Unipile. Your LinkedIn access credentials are stored server-side by DCA and are used solely to execute your configured automation workflows. You can disconnect your LinkedIn account at any time through your portal.
- API Keys: If you provide an OpenAI API key for AI-powered features, it is stored in our encrypted server-side vault and decrypted only when needed to make API calls on your behalf for lead enrichment, message generation, and reply classification.
Information Collected Automatically
- Usage Data: We may collect information about how you access and use the Service, including your IP address, browser type, pages visited, and time spent on pages.
- Analytics: We use Google Analytics to understand website traffic and usage patterns. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to our site. You can learn more about Google Analytics' data practices at Google's Privacy Policy.
- Cookies: We use essential cookies for site functionality, including secure session authentication for the dashboard. Authentication is managed through Clerk, our identity provider.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process transactions and send related information (purchase confirmations, welcome emails)
- Store and serve your configuration settings to power your automation workflows
- Respond to your support requests and communications
- Send administrative messages about your account, such as license expiration reminders
- Monitor and analyze usage trends to improve the Service
- Detect, prevent, and address technical issues or fraud
3. How We Share Your Information
We do not sell your personal information. We may share your information with the following categories of third parties, only as necessary to provide the Service:
- Payment Processor (Stripe): To process payments securely. Stripe's privacy policy is available at stripe.com/privacy.
- Email Service (Resend): To send transactional emails (welcome emails, license recovery, etc.).
- Hosting (Cloudflare): Our website and API are hosted on Cloudflare's infrastructure.
- LinkedIn API Provider (Unipile): To facilitate LinkedIn OAuth authentication and execute automation actions (connection requests, messages, profile views) on your behalf. Unipile acts as a sub-processor under our instruction.
- AI Providers (OpenAI, Anthropic, Google): To process lead data for enrichment, generate personalized messages, and classify replies. Lead profile data and relevant configuration context may be sent to these providers only as needed to perform the requested AI task.
We may also disclose your information if required by law or if we believe such action is necessary to comply with legal obligations, protect our rights, or ensure the safety of our users.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract Performance: Processing necessary to provide the Service you purchased (license management, configuration storage, workflow execution).
- Legitimate Interest: Processing for security, service reliability, and product improvement, where our interests do not override your fundamental rights.
- Consent: Where you have given explicit consent, such as opting into marketing communications.
- Legal Obligation: Processing required to comply with applicable laws (e.g., tax records, fraud prevention).
You may withdraw consent at any time by contacting us at [email protected]. Withdrawal does not affect the lawfulness of processing performed before the withdrawal.
5. Data Storage & Retention
Your data is stored on Cloudflare's global infrastructure using their Workers KV storage service and D1 database. Data is processed in Cloudflare's edge network, which includes servers in the EEA.
Retention periods:
- Configuration & license data: Retained for the duration of your subscription plus 30 days following cancellation.
- Lead data: Retained until you delete it. Leads marked "do not contact" are automatically purged after 90 days.
- Message performance data: Retained for 12 months after the last interaction.
- Audit logs: Error and security-event logs are retained for 30 days; activity logs are retained for 90 days.
- Billing records: Retained as required by applicable tax and accounting laws.
- LinkedIn OAuth credentials: Retained for the duration of your subscription. Upon cancellation, credentials are removed from our systems within 30 days.
- API keys (OpenAI): Retained for the duration of your subscription. Deleted within 30 days of cancellation.
We may retain aggregated, anonymized data indefinitely for analytics and product improvement purposes.
6. Data Security
We implement commercially reasonable security measures to protect your information, including:
- All data transmitted over HTTPS/TLS encryption
- Authentication managed through Clerk with secure JWTs and session tokens
- API access controls, rate limiting on sensitive endpoints, and input sanitization
- No storage of full payment card details (handled entirely by Stripe)
However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
7. Third-Party Services
Our Service integrates with the following third-party services to provide automation functionality. These services act as sub-processors under our instruction:
- Unipile (LinkedIn API access): Facilitates LinkedIn OAuth authentication and executes automation actions on your behalf. Your LinkedIn OAuth credentials are stored server-side by DCA and passed to Unipile solely to perform authorized actions. Unipile's privacy policy is available at unipile.com/privacy-policy.
- OpenAI, Anthropic, and Google (AI processing): Used for lead enrichment, personalized message generation, and reply classification. Lead profile data and relevant workflow context may be sent to these providers. These providers process data under their respective data processing agreements and, where offered by contract or API policy, are configured not to use customer API data for model training.
- Cloudflare (infrastructure): Hosts our dashboard, API workers, and database (D1). All data is encrypted at rest and in transit. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
- Clerk (authentication): Manages user authentication and identity. Clerk's privacy policy is available at clerk.com/legal/privacy.
Your use of these platforms through our Service is governed by our agreements with these providers. We are responsible for ensuring they process your data in accordance with this Privacy Policy.
8. Your Rights (GDPR & CCPA)
You have the following rights regarding your personal data:
- Access (Art. 15 GDPR): Request a copy of all personal data we hold about you. You can use the self-service data export in your portal, or contact us.
- Rectification (Art. 16 GDPR): Request correction of inaccurate personal data via your portal settings or by contacting us.
- Erasure / Right to be Forgotten (Art. 17 GDPR): Request permanent deletion of your personal data. Individual leads can be hard-deleted from your portal. For full account data purge, contact us or use the API endpoint.
- Data Portability (Art. 20 GDPR): Export all your data in structured JSON format via the self-service export tool in your portal.
- Restriction of Processing (Art. 18 GDPR): Request that we restrict processing of your data while a complaint is being resolved.
- Objection (Art. 21 GDPR): Object to processing based on legitimate interest.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time.
Self-Service Tools: Your portal provides self-service data export (JSON download of all your data) and individual lead deletion. For full account data purge or any other rights request, contact us at [email protected]. We respond to all data rights requests within 30 days.
California Residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, email us at [email protected].
9. International Data Transfers
Your data is processed on Cloudflare's global edge network, which includes servers in the EEA, US, and other regions. Cloudflare participates in the EU-US Data Privacy Framework. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as appropriate.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us: