Privacy Policy

1. Introduction

Quoteinvoice ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (from Google OAuth or email authentication)
• Authentication tokens and session data
• Account creation and last login timestamps

2.2 Business Profile Information

You may optionally provide:

• Business name
• Business address
• Business email and phone number
• Tax ID
• Business logo
• Preferred currency

2.3 Document Data

We store the documents you create, including:

• Invoice and quotation drafts
• Generated PDF documents
• Client information (name, email, address)
• Line items, pricing, and totals
• Document metadata (dates, numbers, status)

2.4 Payment Information

We collect payment-related information through Lemon Squeezy:

• Order IDs and transaction records
• Credit purchase history
• Credit balance and usage

Payment processing is handled by Lemon Squeezy. We do not store credit card numbers or payment method details. Please refer to Lemon Squeezy's privacy policy for information about their data practices.

2.5 Usage Data

We automatically collect certain information when you use the Service:

• IP address and browser type
• Device information
• Pages visited and features used
• Time and date of access

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your transactions and manage your account
• Generate and store your invoices and quotations
• Send you service-related communications
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues or security threats
• Comply with legal obligations

4. Data Storage and Retention

4.1 Data Storage

Your data is stored securely using Supabase, which provides:

• Encrypted data transmission (HTTPS)
• Database encryption at rest
• Row-level security policies
• Regular security audits and updates

4.2 Data Retention

We retain your data according to the following schedule:

• Account information: Retained while your account is active
• Invoice PDFs: Deleted from storage after 365 days (database records preserved)
• Converted quotation PDFs: Deleted from storage after 90 days
• Draft documents: Retained indefinitely (subject to draft limits)
• Transaction records: Retained for accounting and legal compliance purposes

You may request deletion of your account and data at any time by contacting support.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted service providers who assist in operating the Service:

• Supabase: Database and authentication services
• Lemon Squeezy: Payment processing
• Cloudflare: Hosting and content delivery

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Row-level security policies in the database
• Regular security assessments
• Access controls and authentication
• Secure session management

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data
• Restriction: Request restriction of processing

To exercise these rights, please contact us through the support channels provided in the Service. We will respond to your request within a reasonable timeframe.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your authentication session
• Remember your preferences
• Analyze Service usage

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of the Service.

9. Third-Party Services

The Service integrates with third-party services:

• Google OAuth: For authentication. See Google's Privacy Policy
• Lemon Squeezy: For payment processing. See Lemon Squeezy's Privacy Policy
• Supabase: For data storage. See Supabase's Privacy Policy

These services have their own privacy policies. We encourage you to review them.

10. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

13. GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

To exercise these rights, please contact us. We will respond within one month.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this page and, if appropriate, by sending you an email notification. Your continued use of the Service after such modifications constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the support channels provided in the Service.