Privacy Policy

1. Introduction

This Privacy Policy (the “Policy”) explains how QUOTESFLOW AI ROOFING LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information when you visit our website, create an account, subscribe to a plan, or use the QuotesFlow software-as-a-service application (collectively, the “Platform”). This Policy is incorporated into and forms a part of our Terms of Service.

Capitalized terms not defined here have the meanings given to them in the Terms of Service.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide Directly

• Account information: your full name, business or trade name, professional email address, telephone number, and password (stored in cryptographically hashed form).
• Company & license information: your business legal name, address, contractor license number, license state, liability insurance details, workers’ compensation policy details, and any other contractor-credential information you input to populate quote defaults.
• Payment information: billing address, last four digits of payment cards, payment-method tokens, and billing history. Full payment card data is collected and stored exclusively by our PCI-compliant payment processor (Stripe); Company never receives or stores full card numbers.
• User Content: quote drafts, finalized quotes, materials lists, costs, customer (homeowner) names and email addresses you choose to enter, and any notes or messages you generate.
• Lead-search inputs: ZIP codes, property addresses, filter parameters (year built, value, roof age, property type), and other criteria you submit to the lead-finder.
• Communications: the contents of email, chat, support tickets, or feedback you send us.

2.2 Information Collected Automatically

• Device & usage data: browser type, operating system, device identifiers, IP address, referring/exit pages, session timestamps, and screens visited.
• Diagnostic data: error logs, crash reports, and performance telemetry to help us secure and improve the Platform.
• Cookies & similar technologies: session cookies for authentication and minimal first-party analytics. We do not use cross-site advertising cookies. You may disable cookies in your browser, though doing so may impair core functionality such as login.

2.3 Information from Third Parties

• Property data providers (such as RentCast and similar public-records APIs) provide property records including address, owner name (where available from public records), year built, property type, square footage, ownership type, last-sale price, and last-sale date for properties returned in your searches.
• Historical storm / weather data providers. We retrieve 24-month historical severe-weather event reports (hail, wind, tornado, hurricane, lightning, ice/sleet/snow, and flood) from the U.S. National Oceanic and Atmospheric Administration’s Local Storm Reports via the Iowa State Mesonet (“IEM”) archive. This is historical archive data, not a live storm alerting service.
• Payment processor (Stripe) provides verification, fraud-prevention, and transaction-status data tied to your subscription.

3. Purposes & Legal Bases for Processing

We process personal information for the following purposes:

• To provide the Platform: create and manage your account, authenticate your sessions, surface lead data, generate AI roof estimates, produce PDFs, deliver shareable quote links, and process electronic signatures.
• To process payments and subscriptions: initiate Stripe checkout sessions, charge subscription renewals, grant monthly and top-up credits, and maintain billing history.
• To support and communicate with you: respond to support inquiries, send transactional emails (receipts, password resets, quote-signed notifications), and notify you of material changes to the Platform or these policies.
• To secure and improve the Platform: detect, investigate, and prevent fraudulent, unauthorized, or unlawful activity; debug errors; and improve features, performance, and AI quality (using aggregated and de-identified data where feasible).
• To comply with legal obligations: respond to lawful requests, enforce our Terms, and comply with tax, accounting, and recordkeeping requirements.

We process personal information based on (a) the contract between you and us (to provide the Platform you have subscribed to), (b) our legitimate business interests (to secure, operate, and improve the Platform), (c) your consent where required, and (d) our legal obligations.

4. Sharing with AI APIs, Infrastructure Providers & Third Parties

We do not sell your personal information to third-party data brokers. We share personal information only as follows:

• Infrastructure / Hosting Providers: our cloud hosting and database providers store the data needed to run the Platform under written contracts that obligate them to maintain commercially reasonable security and confidentiality.
• Payment Processor: Stripe, Inc. processes your payment-method data and subscription transactions on our behalf under its own privacy policy and PCI-DSS controls.
• AI Model Providers: when you invoke an AI feature (e.g. AI roof estimation, customer-support chat), the relevant property data and contractor-context information you have provided are securely transmitted to a third-party large-language-model API (which may include providers such as OpenAI, Anthropic, or Google) solely to generate the requested AI Output. These providers are contractually bound not to train their public models on your prompts where commercially available.
• Property & Historical Storm Data Providers: we send the search parameters you submit (e.g., ZIP codes, addresses) to property-data and historical-storm APIs (including but not limited to RentCast for property records and the Iowa State Mesonet archive of NOAA Local Storm Reports for 24-month severe-weather history) to retrieve the data displayed in the Platform.
• Mapping & Satellite Imagery Provider: when you view a property on a map, type an address into the autocomplete dropdown, or generate an AI Vision roof estimate, the property's latitude/longitude (and, for autocomplete, the partial address you typed for geocoding) are transmitted to our mapping provider (Mapbox) to render tiles, suggest matching addresses, and retrieve the satellite image used by AI Vision. Mapbox receives no other personal data and is contractually bound by its own privacy policy and security controls.
• Email Delivery Provider: we use a transactional email-delivery provider to send a narrow set of emails on our own behalf only: password-reset links, billing receipts, account notices, and electronic-signature legal records (sent to you and, where applicable, to the homeowner who has just signed a quote). We do not send marketing, sales, cold-outreach, or solicitation emails on behalf of any contractor using the Platform. Quote PDFs are downloaded by the contractor and delivered to homeowners through channels of the contractor's choosing, from the contractor's own systems.
• Professional Advisors: our attorneys, accountants, and auditors as needed to provide professional services.
• Legal & Safety: law enforcement, regulators, or other parties when required by valid legal process or where we believe in good faith that disclosure is necessary to protect rights, property, or safety.
• Corporate Transactions: a successor entity in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to confidentiality protections.

4a. Aggregated & Anonymized Market Benchmarks

To help every subscriber understand regional pricing, we may compute and display anonymized, aggregated statistics derived from quotes and AI roof estimates that you and other contractors generate inside the Platform. These statistics are strictly de-identified and limited in the following ways:

• Geographic granularity: location data is truncated to the first three (3) digits of a ZIP code, which covers approximately 10,000 to 50,000 households — coarse enough that no individual property, owner, or contractor can be re-identified.
• No personally identifiable information: we never include addresses, customer names, email addresses, phone numbers, or any user-specific identifiers in the aggregate layer.
• k-Anonymity threshold: a benchmark bucket is only made visible to subscribers once it contains at least five (5) finalized quotes contributed by two (2) or more different contractor accounts. Below that threshold, the bucket is suppressed.
• Two rollup views. We materialize two independent benchmark views, both subject to the k-anonymity threshold above: (i) a sqft-keyed view bucketed by (period, ZIP-3, roof-square-footage band) for $/sqft analysis when a roof measurement is available, and (ii) a price-keyed view bucketed by (period, ZIP-3, price band) that captures every finalized quote regardless of whether a roof measurement was performed. Both views display only de-identified percentile statistics.
• Tenant isolation: raw quotes, lead lookups, and AI estimates that you generate remain private to your account. They are never disclosed individually to other contractors.
• Internal accounts excluded. Quotes generated by founder, beta, or other internal accounts are excluded from every cross-tenant aggregation so the published statistics reflect only real third-party contractor activity.
• Opt-out: deleting your account removes your contributions from the underlying event log. Aggregated buckets are re-derived from remaining contributors on the next rebuild cycle.

We use these aggregate benchmarks to (i) provide market-intelligence features inside the Platform, (ii) improve the quality of our AI models and product, and (iii) report platform-wide trends to investors, auditors, or potential acquirers under appropriate confidentiality protections. We may publish high-level industry statistics derived from this data (for example, “median roof-replacement price in Texas in Q3 2026”), provided that no individual contractor or property is identifiable.

5. Texas Consumer Privacy Rights (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act (“TDPSA”) grants you the following rights regarding your personal data:

• Right to Know & Access: confirm whether we are processing your personal data and obtain a copy of the personal data we hold about you.
• Right to Correct: request correction of inaccuracies in your personal data, taking into account the nature of the data and the purposes of processing.
• Right to Delete: request deletion of personal data we have collected from you (subject to exemptions such as legal-recordkeeping obligations and security/fraud-prevention purposes).
• Right to Data Portability: obtain a copy of the personal data you have provided to us in a portable, readily-usable format, to the extent technically feasible.
• Right to Opt-Out of Targeted Advertising, Sale, or Certain Profiling: we do not engage in the “sale” of personal data, do not run targeted advertising, and do not engage in profiling that results in legal or similarly significant decisions about you.
• Right to Appeal: if we deny any of your requests, you may appeal our decision by responding to our denial within a reasonable period; if we deny the appeal, you may contact the Texas Attorney General to submit a complaint.

To exercise any of these rights, please send a verifiable request to legal@quotesflowairoofing.com. We will respond within forty-five (45) days, subject to one extension where reasonably necessary. We may require additional information to verify your identity before fulfilling your request.

6. “Do Not Sell My Data”

QUOTESFLOW AI ROOFING LLC does not sell consumer or user personal data to third-party data brokers. We do not share personal information with third parties for monetary or other valuable consideration in exchange for the third party’s commercial use. We do not engage in cross-context behavioral advertising and we do not maintain advertising-cookie networks. If our practices ever change, we will update this Policy and provide a clear opt-out mechanism in advance.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including for legal-compliance, tax-recordkeeping, security, fraud-prevention, audit, and dispute-resolution purposes. When data is no longer needed for an active business purpose, we securely delete, aggregate, or de-identify it.

8. Security

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful loss, alteration, unauthorized disclosure, or access. These include encryption in transit, access controls, password hashing using industry-standard algorithms, segregated production data stores, and routine review of access logs.

However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security and you assume the risk of any disclosure resulting from a breach despite our reasonable safeguards.

9. Children’s Privacy

The Platform is intended for use by licensed roofing professionals and is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact us and we will delete it promptly.

10. Third-Party Sites

The Platform may contain links to third-party websites (e.g., Stripe’s checkout, our payment processor’s billing portal). We are not responsible for the privacy practices of those third parties, and you should review their privacy policies separately.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the effective date at the top and, for material changes, we will provide additional notice (such as an in-app notice or email). Your continued use of the Platform following any update constitutes acceptance of the revised Policy.

12. Contact Us

General product or account questions: support@quotesflowairoofing.com
Privacy requests, data-rights requests, and appeals:
QUOTESFLOW AI ROOFING LLC
Attn: Privacy
Dallas County, Texas
Email: legal@quotesflowairoofing.com