Privacy Policy
Last updated: February 22, 2026
ContractorQuoter (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the “Service”).
1. Information We Collect
1.1 Information You Provide
- Account information: Name, email address, phone number, business name, trade type, and business address when you register or update your profile.
- Business details: License number, insurance information, logo, brand colors, and tagline used to customize your quotes.
- Quote data: Client names, contact information, labor and material line items, pricing, terms, and notes included in estimates you create.
- Payment information: Billing details processed securely by Stripe. We do not store your full credit card number on our servers.
1.2 Information We Collect Automatically
- Usage data: Pages viewed, quotes created, features used, and actions taken within the Service.
- Device information: Browser type, operating system, screen resolution, and device identifiers.
- Log data: IP address, access times, and referring URLs when you access the Service.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service.
- Generate and deliver branded PDF quotes on your behalf.
- Send quotes to your clients via SMS and email.
- Verify recipient identity before granting access to quotes.
- Process subscription payments and manage billing.
- Send transactional notifications (e.g., quote accepted, payment receipts).
- Monitor usage for plan enforcement (e.g., Solo tier weekly limits).
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
3. How We Store Your Data
- Database: Your account and quote data is stored in a PostgreSQL database hosted on Supabase with encryption at rest and in transit (TLS).
- File storage: PDFs and uploaded logos are stored on Cloudflare R2 with signed URL access controls. Files expire after a configurable time period.
- Authentication: Your identity is managed by Clerk, an industry-standard authentication provider. Passwords are hashed using bcrypt and never stored in plaintext.
- Verification codes: One-time verification codes for quote access are bcrypt-hashed before storage and cannot be read by our systems.
4. Third-Party Services & Data Sharing
We share your information only with the third-party services necessary to operate the Service. We never sell your data.
| Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS delivery & verification codes | Recipient phone numbers, message content |
| Stripe | Subscription billing & payments | Email, payment method, billing address |
| SendGrid | Email delivery (quotes & notifications) | Recipient email, email content, PDF attachments |
| Clerk | Authentication & identity management | Name, email, OAuth tokens |
| Supabase | Database hosting | All application data (encrypted) |
| Cloudflare R2 | File storage (PDFs, logos) | Uploaded files |
| Sentry | Error tracking & monitoring | Error logs, user IDs (no PII) |
5. Your Rights (GDPR & CCPA)
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data. You can delete your account from Settings, which removes all associated data within 30 days.
- Right to data portability: Request your data in a machine-readable format.
- Right to restrict processing: Request that we limit how we use your data.
- Right to object: Object to processing of your data for specific purposes.
To exercise any of these rights, contact us at privacy@contractorquoter.com. We will respond within 30 days.
6. Data Retention
- Active accounts: Data is retained for as long as your account is active.
- Deleted accounts: When you delete your account, all personal data and associated quotes, clients, and files are permanently removed within 30 days.
- Cancelled subscriptions: Your data remains accessible for 30 days after subscription cancellation.
- Verification codes: Expire after 10 minutes and are automatically purged.
7. Cookies & Tracking
We use essential cookies for authentication and session management. We use privacy-respecting analytics (PostHog with cookieless mode) that honor Do Not Track browser settings. We do not use third-party advertising cookies or trackers.
8. Security
We implement industry-standard security measures including:
- TLS encryption for all data in transit.
- Encryption at rest for database storage.
- Bcrypt hashing for verification codes.
- Signed URLs with expiration for file access.
- Rate limiting on authentication and verification endpoints.
- Role-based data isolation (users can only access their own data).
9. Children's Privacy
The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice within the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: privacy@contractorquoter.com
- Product: ContractorQuoter