Privacy Policy
Effective Date: 05-30-2026
1. Eligibility
QuoteChecker.ai is offered exclusively to individuals who: (i) are at least 18 years old, (ii) are physically located in the United States, and (iii) use a valid U.S.-issued payment method with a U.S. billing address. If you do not meet all three conditions, do not use the Service.
New subscriptions include a 14-day refund window. If you are not satisfied during your first 14 days, email contact@quotechecker.ai and we will refund your first payment in full.
2. Information We Collect
| Category | Specific Data | Purpose |
|---|---|---|
| Information you provide | • Uploaded quotes (text or files) • Region selection • Contractor or company name (optional) • Tone or delivery preferences • Account credentials (email, account identifier) |
Operate the audit and messaging features and personalize your experience |
| Information collected automatically (minimized) | • IP address and basic device information (browser, operating system) • Anonymous, cookie-free analytics |
Security, abuse prevention, and service diagnostics |
| Information generated by the service | • Audit results and transparency scores • Per-line metro-benchmark comparisons |
Display results and let you save or compare audits |
| Contact form submissions | • Name (optional), email, topic, and message • Your account identity and email if you are signed in when submitting • Coarse request metadata (IP, browser, timestamp) appended to the notification |
Deliver your message to our support inbox, route replies back to you, and investigate abuse of the form |
| Consent-based marketing (after a free audit) | • Email address, vertical (contractor / auto / solar), and your express consent to receive marketing communications • Consent, unsubscribe, and deletion-request timestamps |
Send the one-off audit copy you requested; send consent-based marketing communications you opted into; honor one-click unsubscribe and deletion |
| Creator / affiliate program | • Applicant name, email, channel URL, requested slug, and consent to the Creator Program Terms • Application-review outcome and reason • Payout account identifiers when approved • Per-commission records (invoice, subscription, plan, amounts, status) |
Evaluate applications, provision the creator landing page, attribute referrals, and calculate and pay monthly commissions |
| Wall of Shame submissions | • Quoted price, benchmark price, metro, audit type, category, and an optional one-line comment • A one-way hash of your IP (never the raw IP) used to deduplicate votes and reports • Anonymous up/down votes and anonymous reports |
Display the community overcharge signal with moderated comments; prevent ballot-stuffing and abuse |
| Internal operator access (authorized personnel only) | • Limited records of access to administrative tools used to operate the Service, retained for security and audit purposes | Investigate abuse of administrative tools. This information is not visible to customers or the public. |
| Read-only audit share links (Pro) | • A randomly generated link associated with a specific saved audit • Your account identity as the owner, an optional note, an expiration time, a revoked flag, view count, and last-viewed timestamp • Recipients are not asked for any data — they simply load the link you sent them |
Let you send a read-only copy of a saved audit to another person without requiring them to have an account; let you revoke, expire, and review the link's history |
| Peer-to-peer referrals (Pro) | • A personal referral link tied to your account • A short-lived attribution cookie placed in your friend's browser when they click the link, so the discount can be applied at checkout • A record of each successful referral (parties, subscription identifiers, reward status), retained until both sides have been rewarded or the attribution window has closed; limited fraud signals retained for up to 90 days to review challenged rewards |
Apply your friend's first-month discount, credit your reward after the 14-day refund window closes, prevent self-referrals and abuse, and audit challenged rewards |
| Security and abuse-prevention state | • Rate-limit counters, session and request-validation cookies, and other transient signals used to deter abuse | Stop brute-force attempts, prevent duplicate submissions, and deter automated scanners |
We do not use marketing pixels, behavioral advertising, or cross-site tracking.
3. How We Use Your Information
- Analyze and score contractor quotes you submit
- Generate on-demand clarification messages
- Let you view, save, and compare audits in your account
- Enforce usage limits, prevent fraud, and secure the platform
- Provide support and comply with lawful requests
We never sell or rent your personal data.
4. Data Storage & Retention
| Data Type | Storage | Retention Period |
|---|---|---|
| Audit results & account details | Encrypted storage in U.S. regions | Until you delete them or close your account |
| Account-deletion record (billing/legal defense packet: email, account & Stripe identifiers, plan, terms-acceptance time, usage counts, and any dispute metadata) | Encrypted storage; the linked Stripe customer reference is also retained | Retained up to 540 days after you delete your account to handle chargebacks, fraud, and billing/legal claims, then purged automatically |
| Clarification messages | Generated on demand; not stored after delivery | N/A |
| Uploaded files | Processed in memory for text extraction; not retained as files | Minutes |
| Inputs and outputs sent to AI providers | U.S.-based AI providers | Up to 30 days where the provider retains content solely to detect and prevent abuse |
| Contact-form submissions | Delivered to our support inbox; the message body is not retained in our own database | Governed by our email provider's retention; you may request deletion of any message we retain |
| Consent-based marketing list | Encrypted storage | Until you click the unsubscribe or deletion link in any message we send, or the consent-based marketing series concludes |
| Creator applicant and commission records | Encrypted storage | Retained while you are an active creator plus 7 years after program exit for tax, clawback, and 1099 purposes (IRS standard). Payment records are also retained by our payment processor. |
| Wall of Shame published entries | Encrypted storage | Retained while the entry is public. Suppressed entries remain stored but hidden for audit; you may request removal through the report link on the entry. |
| Anonymous vote and report records (Wall of Shame) | Encrypted storage; only one-way hashes of identifiers are kept | Retained for abuse-pattern analysis; no raw IPs stored |
| Internal access log | Encrypted storage, restricted to authorized personnel | Up to 365 days, then eligible for deletion. Shared with law enforcement only in response to a lawful request, or preserved longer as evidence in a security investigation. |
| Read-only audit share links | Encrypted storage; the link itself is the access credential | Until you revoke the link or its chosen expiration elapses (default 30 days, maximum 365 days). Revoked or expired records are retained for at least 90 days for audit and abuse investigation, then eligible for deletion. Deleting the underlying audit revokes every link pointing at it. |
| Rate-limit and security telemetry | Encrypted storage | Rolling windows (minutes to hours); automatically purged |
| Cookie-banner dismissal | Your browser's local storage — never sent to our servers | Until you clear your browser storage |
Back-ups are encrypted at rest and destroyed on a rolling schedule.
We do not retain uploaded PDFs or images. Files are processed in memory to extract text, then erased. No copies are written to durable storage and uploaded files are never used to train any model.
Where AI providers retain inputs or outputs to detect and prevent abuse, that data is excluded from model training and is purged automatically after the retention window. If a provider's retention policy changes materially, we will update this Policy and notify you where feasible.
5. Service Providers
We engage vetted, U.S.-focused providers in the following categories to operate the Service:
- Secure user authentication and account management;
- Subscription billing, payment processing, and creator-program payouts;
- Managed database and file storage;
- AI-powered text analysis and content moderation;
- Image-to-text processing for uploaded files;
- Aggregate, cookie-free site analytics;
- Transactional email delivery (audit copies, account notifications, contact-form messages);
- Serverless hosting and content delivery; and
- Public business-directory metadata used solely for our internal creator-outreach research.
Each provider accesses personal information solely to perform the service it provides to us and is bound by written terms requiring it to meet or exceed our security and confidentiality standards. We will provide a current list of subprocessors upon request and will give advance notice of material changes where feasible.
Enterprise customers may request a data processing addendum (DPA) subject to legal review.
6. Use of AI
QuoteChecker.ai submits your text to trusted AI engines to generate analyses and summaries. AI providers may retain inputs and outputs for up to 30 days solely to detect and prevent abuse, as required by their safeguards.
Any retained model outputs are excluded from training and are automatically purged after the retention window. We do not allow AI partners to use your content to improve their models.
Outputs are informative; confirm them before relying on them.
7. Your Rights & Controls
At any time, you may:
- Access the data stored in your account
- Export audits in a portable format
- Delete your entire account (which erases associated data)
Self-service controls are under Settings. For additional requests, contact support. We aim to acknowledge privacy requests within two U.S. business days and complete them promptly, subject to verifying your identity and legal requirements.
8. Your California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) gives you specific rights regarding personal information we collect. This section describes those rights and how to exercise them; the categories and purposes referenced below correspond to §§2 and 3 above.
Categories of personal information we have collected in the preceding 12 months
- Identifiers — email address, account identifier, IP address, and basic device identifiers derived from your browser.
- Commercial information — subscription plan, billing status, promotion-code use, and creator-program commission records (where applicable).
- Internet or other network activity — limited logs of access to internal administrative tools by authorized personnel, rate-limit counters, session and request-validation cookies, and audit-tool usage metrics.
- Geolocation data (coarse) — country, region, or city inferred from your IP. We do not collect precise geolocation.
- Inferences — audit results and transparency scores we generate from text you submit. We do not build marketing profiles.
- Audio, visual, thermal, olfactory, or biometric data — none. We do not collect any of these categories.
- Sensitive personal information — none. We do not collect government IDs, precise geolocation, health data, financial account numbers, religious or philosophical beliefs, union membership, genetic data, biometric identifiers, or the contents of private communications. Payment-card numbers are handled by our payment processor and never touch our servers.
Sources and purposes
We collect personal information directly from you (account sign-up, quote submissions, contact-form messages, creator-program applications, Wall of Shame entries) and automatically through your interactions with the Service (IP address, browser metadata, rate-limit counters). We use each category solely for the business purposes described in §3: delivering audits, securing the platform, processing payments, supporting you, and investigating abuse of administrative tools. We do not use personal information for marketing or targeted advertising.
“Sale” and “Sharing” disclosure
We do not sell or share personal information as those terms are defined by the CCPA / CPRA. Specifically:
- We do not exchange personal information for money or other valuable consideration.
- We do not share personal information with third parties for cross-context behavioral advertising. There are no advertising pixels, marketing trackers, or data brokers on this site.
- Personal information disclosed to our service providers is shared only for the limited business purposes defined in our contracts with those providers, and qualifies as “service provider” treatment under Cal. Civ. Code § 1798.140(ag), not as a “sale” or “sharing.”
Because we do not sell or share, we do not need to honor Global Privacy Control signals as an opt-out — there is nothing to opt out of — but we respect them as a signal of privacy preference and will not change that posture without updating this section.
Your CCPA rights
As a California resident, you may request that we:
- Disclose the specific pieces and categories of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we shared it (the “right to know”).
- Correct inaccurate personal information we maintain about you.
- Delete personal information we hold about you, subject to the exceptions in Cal. Civ. Code § 1798.105(d) (e.g., completing a transaction, detecting security incidents, complying with a legal obligation such as 7-year 1099 retention for Creator Program payouts).
- Port your data in a portable, readily usable format. Our audit-history export (Settings → Export) covers the largest data set; additional categories are available by request.
- Limit use of sensitive personal information — not applicable to us, because we do not collect any. See the categories list above.
- Opt out of sale or sharing — not applicable to us, as stated above. This section serves as our “Do Not Sell or Share My Personal Information” notice in lieu of a dedicated link.
- Be free from retaliation for exercising any of these rights. We will not deny service, charge different prices, or provide a different level of quality because you exercised a CCPA right.
How to exercise your rights
Email contact@quotechecker.ai with the subject line “CCPA request” and describe which right you are exercising. To prevent impersonation, we will verify your identity before fulfilling any non-trivial request — typically by confirming control of the email address on your QuoteChecker account. We will respond within 45 days (extendable once by 45 additional days with notice, per Cal. Civ. Code § 1798.130(a)(2)).
Authorized agents acting on your behalf must provide (a) your written permission, signed by you, and (b) proof of the agent’s identity. We may still require you to verify your identity directly with us before we act.
“Shine the Light” (Cal. Civ. Code § 1798.83)
California residents who have an account with us may request once per calendar year information about any personal information we shared with third parties for those third parties’ own direct-marketing purposes. We did not share personal information for third-party direct-marketing purposes in the preceding calendar year, and we have no intention of doing so. Send any “Shine the Light” request to the address above.
Notice of financial incentive
We do not offer financial incentives or price differences in exchange for personal information.
9. Security Measures
We apply commercially reasonable administrative, technical, and organizational safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. These safeguards include:
- Encryption of all traffic in transit and personal information at rest;
- Access controls that limit personal information to authorized personnel and to the systems that need it to provide the Service;
- Authentication and rate-limit controls on every account-affecting request;
- Verification of inbound notifications from our payment processor and other security-sensitive providers;
- Automated moderation of community-submitted content to remove identifying information before publication;
- Anti-abuse controls on public forms (including measures designed to deter automated submissions);
- A transparency notice on each static page describing the small set of essential cookies we set and confirming that we do not deploy advertising pixels, cross-site trackers, or data resale;
- Regular vulnerability review and periodic third-party security testing;
- Logging and review of access to administrative tools by authorized personnel; and
- Retention of access and security logs for the periods summarized in §4.
No system can guarantee absolute security. We continue to strengthen our safeguards as the Service evolves.
Security researchers may report potential issues to contact@quotechecker.ai; we commit to timely review and coordinated updates. We are not currently SOC 2 or ISO 27001 certified. We follow aligned controls and will share details with enterprise customers upon request, subject to legal review.
10. Changes to This Policy
Material changes will be posted with an updated effective date. Where required or feasible, we will also notify you through the service or via email. Continued use after the effective date constitutes acceptance of the revised Policy.
11. What Changed
We will note material updates to this Policy in this section after they are made. Any new obligations that require legal review are routed through counsel before they become customer-facing defaults. Enterprise commitments may be offered upon request rather than guaranteed by default.
12. Contact
For questions or data requests, email: contact@quotechecker.ai
QuoteChecker.ai provides informational insights only and does not constitute legal or contracting advice. Consult a qualified professional before making binding decisions.