← Back

Privacy Policy

Effective Date: 05-30-2026

1. Eligibility

QuoteChecker.ai is offered exclusively to individuals who: (i) are at least 18 years old, (ii) are physically located in the United States, and (iii) use a valid U.S.-issued payment method with a U.S. billing address. If you do not meet all three conditions, do not use the Service.

New subscriptions include a 14-day refund window. If you are not satisfied during your first 14 days, email contact@quotechecker.ai and we will refund your first payment in full.

2. Information We Collect

Category Specific Data Purpose
Information you provide • Uploaded quotes (text or files)
• Region selection
• Contractor or company name (optional)
• Tone or delivery preferences
• Account credentials (email, account identifier)
Operate the audit and messaging features and personalize your experience
Information collected automatically (minimized) • IP address and basic device information (browser, operating system)
• Anonymous, cookie-free analytics
Security, abuse prevention, and service diagnostics
Information generated by the service • Audit results and transparency scores
• Per-line metro-benchmark comparisons
Display results and let you save or compare audits
Contact form submissions • Name (optional), email, topic, and message
• Your account identity and email if you are signed in when submitting
• Coarse request metadata (IP, browser, timestamp) appended to the notification
Deliver your message to our support inbox, route replies back to you, and investigate abuse of the form
Consent-based marketing (after a free audit) • Email address, vertical (contractor / auto / solar), and your express consent to receive marketing communications
• Consent, unsubscribe, and deletion-request timestamps
Send the one-off audit copy you requested; send consent-based marketing communications you opted into; honor one-click unsubscribe and deletion
Creator / affiliate program • Applicant name, email, channel URL, requested slug, and consent to the Creator Program Terms
• Application-review outcome and reason
• Payout account identifiers when approved
• Per-commission records (invoice, subscription, plan, amounts, status)
Evaluate applications, provision the creator landing page, attribute referrals, and calculate and pay monthly commissions
Wall of Shame submissions • Quoted price, benchmark price, metro, audit type, category, and an optional one-line comment
• A one-way hash of your IP (never the raw IP) used to deduplicate votes and reports
• Anonymous up/down votes and anonymous reports
Display the community overcharge signal with moderated comments; prevent ballot-stuffing and abuse
Internal operator access (authorized personnel only) • Limited records of access to administrative tools used to operate the Service, retained for security and audit purposes Investigate abuse of administrative tools. This information is not visible to customers or the public.
Read-only audit share links (Pro) • A randomly generated link associated with a specific saved audit
• Your account identity as the owner, an optional note, an expiration time, a revoked flag, view count, and last-viewed timestamp
• Recipients are not asked for any data — they simply load the link you sent them
Let you send a read-only copy of a saved audit to another person without requiring them to have an account; let you revoke, expire, and review the link's history
Peer-to-peer referrals (Pro) • A personal referral link tied to your account
• A short-lived attribution cookie placed in your friend's browser when they click the link, so the discount can be applied at checkout
• A record of each successful referral (parties, subscription identifiers, reward status), retained until both sides have been rewarded or the attribution window has closed; limited fraud signals retained for up to 90 days to review challenged rewards
Apply your friend's first-month discount, credit your reward after the 14-day refund window closes, prevent self-referrals and abuse, and audit challenged rewards
Security and abuse-prevention state • Rate-limit counters, session and request-validation cookies, and other transient signals used to deter abuse Stop brute-force attempts, prevent duplicate submissions, and deter automated scanners
We do not use marketing pixels, behavioral advertising, or cross-site tracking.

3. How We Use Your Information

We never sell or rent your personal data.

4. Data Storage & Retention

Data TypeStorageRetention Period
Audit results & account detailsEncrypted storage in U.S. regionsUntil you delete them or close your account
Account-deletion record (billing/legal defense packet: email, account & Stripe identifiers, plan, terms-acceptance time, usage counts, and any dispute metadata)Encrypted storage; the linked Stripe customer reference is also retainedRetained up to 540 days after you delete your account to handle chargebacks, fraud, and billing/legal claims, then purged automatically
Clarification messagesGenerated on demand; not stored after deliveryN/A
Uploaded filesProcessed in memory for text extraction; not retained as filesMinutes
Inputs and outputs sent to AI providersU.S.-based AI providersUp to 30 days where the provider retains content solely to detect and prevent abuse
Contact-form submissionsDelivered to our support inbox; the message body is not retained in our own databaseGoverned by our email provider's retention; you may request deletion of any message we retain
Consent-based marketing listEncrypted storageUntil you click the unsubscribe or deletion link in any message we send, or the consent-based marketing series concludes
Creator applicant and commission recordsEncrypted storageRetained while you are an active creator plus 7 years after program exit for tax, clawback, and 1099 purposes (IRS standard). Payment records are also retained by our payment processor.
Wall of Shame published entriesEncrypted storageRetained while the entry is public. Suppressed entries remain stored but hidden for audit; you may request removal through the report link on the entry.
Anonymous vote and report records (Wall of Shame)Encrypted storage; only one-way hashes of identifiers are keptRetained for abuse-pattern analysis; no raw IPs stored
Internal access logEncrypted storage, restricted to authorized personnelUp to 365 days, then eligible for deletion. Shared with law enforcement only in response to a lawful request, or preserved longer as evidence in a security investigation.
Read-only audit share linksEncrypted storage; the link itself is the access credentialUntil you revoke the link or its chosen expiration elapses (default 30 days, maximum 365 days). Revoked or expired records are retained for at least 90 days for audit and abuse investigation, then eligible for deletion. Deleting the underlying audit revokes every link pointing at it.
Rate-limit and security telemetryEncrypted storageRolling windows (minutes to hours); automatically purged
Cookie-banner dismissalYour browser's local storage — never sent to our serversUntil you clear your browser storage

Back-ups are encrypted at rest and destroyed on a rolling schedule.

We do not retain uploaded PDFs or images. Files are processed in memory to extract text, then erased. No copies are written to durable storage and uploaded files are never used to train any model.

Where AI providers retain inputs or outputs to detect and prevent abuse, that data is excluded from model training and is purged automatically after the retention window. If a provider's retention policy changes materially, we will update this Policy and notify you where feasible.

5. Service Providers

We engage vetted, U.S.-focused providers in the following categories to operate the Service:

Each provider accesses personal information solely to perform the service it provides to us and is bound by written terms requiring it to meet or exceed our security and confidentiality standards. We will provide a current list of subprocessors upon request and will give advance notice of material changes where feasible.

Enterprise customers may request a data processing addendum (DPA) subject to legal review.

6. Use of AI

QuoteChecker.ai submits your text to trusted AI engines to generate analyses and summaries. AI providers may retain inputs and outputs for up to 30 days solely to detect and prevent abuse, as required by their safeguards.

Any retained model outputs are excluded from training and are automatically purged after the retention window. We do not allow AI partners to use your content to improve their models.

Outputs are informative; confirm them before relying on them.

7. Your Rights & Controls

At any time, you may:

  1. Access the data stored in your account
  2. Export audits in a portable format
  3. Delete your entire account (which erases associated data)

Self-service controls are under Settings. For additional requests, contact support. We aim to acknowledge privacy requests within two U.S. business days and complete them promptly, subject to verifying your identity and legal requirements.

8. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) gives you specific rights regarding personal information we collect. This section describes those rights and how to exercise them; the categories and purposes referenced below correspond to §§2 and 3 above.

Categories of personal information we have collected in the preceding 12 months

Sources and purposes

We collect personal information directly from you (account sign-up, quote submissions, contact-form messages, creator-program applications, Wall of Shame entries) and automatically through your interactions with the Service (IP address, browser metadata, rate-limit counters). We use each category solely for the business purposes described in §3: delivering audits, securing the platform, processing payments, supporting you, and investigating abuse of administrative tools. We do not use personal information for marketing or targeted advertising.

“Sale” and “Sharing” disclosure

We do not sell or share personal information as those terms are defined by the CCPA / CPRA. Specifically:

Because we do not sell or share, we do not need to honor Global Privacy Control signals as an opt-out — there is nothing to opt out of — but we respect them as a signal of privacy preference and will not change that posture without updating this section.

Your CCPA rights

As a California resident, you may request that we:

  1. Disclose the specific pieces and categories of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we shared it (the “right to know”).
  2. Correct inaccurate personal information we maintain about you.
  3. Delete personal information we hold about you, subject to the exceptions in Cal. Civ. Code § 1798.105(d) (e.g., completing a transaction, detecting security incidents, complying with a legal obligation such as 7-year 1099 retention for Creator Program payouts).
  4. Port your data in a portable, readily usable format. Our audit-history export (Settings → Export) covers the largest data set; additional categories are available by request.
  5. Limit use of sensitive personal information — not applicable to us, because we do not collect any. See the categories list above.
  6. Opt out of sale or sharing — not applicable to us, as stated above. This section serves as our “Do Not Sell or Share My Personal Information” notice in lieu of a dedicated link.
  7. Be free from retaliation for exercising any of these rights. We will not deny service, charge different prices, or provide a different level of quality because you exercised a CCPA right.

How to exercise your rights

Email contact@quotechecker.ai with the subject line “CCPA request” and describe which right you are exercising. To prevent impersonation, we will verify your identity before fulfilling any non-trivial request — typically by confirming control of the email address on your QuoteChecker account. We will respond within 45 days (extendable once by 45 additional days with notice, per Cal. Civ. Code § 1798.130(a)(2)).

Authorized agents acting on your behalf must provide (a) your written permission, signed by you, and (b) proof of the agent’s identity. We may still require you to verify your identity directly with us before we act.

“Shine the Light” (Cal. Civ. Code § 1798.83)

California residents who have an account with us may request once per calendar year information about any personal information we shared with third parties for those third parties’ own direct-marketing purposes. We did not share personal information for third-party direct-marketing purposes in the preceding calendar year, and we have no intention of doing so. Send any “Shine the Light” request to the address above.

Notice of financial incentive

We do not offer financial incentives or price differences in exchange for personal information.

9. Security Measures

We apply commercially reasonable administrative, technical, and organizational safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. These safeguards include:

No system can guarantee absolute security. We continue to strengthen our safeguards as the Service evolves.

Security researchers may report potential issues to contact@quotechecker.ai; we commit to timely review and coordinated updates. We are not currently SOC 2 or ISO 27001 certified. We follow aligned controls and will share details with enterprise customers upon request, subject to legal review.

10. Changes to This Policy

Material changes will be posted with an updated effective date. Where required or feasible, we will also notify you through the service or via email. Continued use after the effective date constitutes acceptance of the revised Policy.

11. What Changed

We will note material updates to this Policy in this section after they are made. Any new obligations that require legal review are routed through counsel before they become customer-facing defaults. Enterprise commitments may be offered upon request rather than guaranteed by default.

12. Contact

For questions or data requests, email: contact@quotechecker.ai


QuoteChecker.ai provides informational insights only and does not constitute legal or contracting advice. Consult a qualified professional before making binding decisions.