Privacy Policy

Last updated: April 4, 2026

QuoteKarma ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process information about you in connection with our website and services (collectively, the "Services").

Information We Collect

Account Information

When you create an account, we collect your name and email address. You may authenticate through Google SSO (Single Sign-On) or by creating an account with an email and password. We do not store your password; instead, we securely manage authentication through Supabase, which uses industry-standard encryption protocols.

Quote and Project Data

When you submit contractor quotes for analysis, we collect the quote details, project information (solar, roofing, or HVAC specifications), cost data, and your ZIP code. This information is used to analyze your quotes and provide comparative pricing insights. We retain this data for as long as your account remains active, enabling you to access your analyses and history.

Usage Data

We collect information about how you interact with our Services, including pages visited, features used, search queries, timestamps of activities, and the duration of your sessions. This helps us understand user behavior and improve our platform.

Device Information

We collect technical information about your device and connection, including browser type, operating system, IP address (for security and fraud prevention purposes), and general geographic location based on IP. This information helps us secure your account and detect suspicious activity.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Improve Services: To deliver quote analysis, generate comparative reports, and generate insights tailored to your location and project type. We continuously improve our scoring models using anonymized data to ensure accuracy.
  • Communication: To send you email digests, price alerts, analysis updates, and service notifications. You can manage communication preferences in your account settings.
  • Community Benchmarks: To create fully anonymized community pricing intelligence that helps all users understand market trends. This data includes only ZIP code prefixes, vertical type, and cost ranges—never personally identifiable information.
  • Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activities, unauthorized access, and other misuse of our Services.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, including California's CCPA.

Community Data & Anonymization

QuoteKarma features a Community Pricing Intelligence tool that aggregates pricing data to help all users understand market conditions. We employ strict anonymization protocols to protect your privacy:

  • ZIP Code Prefix Only: We store only the first three digits of your ZIP code, not the full code, making re-identification extremely difficult.
  • Limited Attributes: Community data includes only the project vertical (Solar, Roofing, HVAC), cost data, and ZIP prefix. No user IDs, names, email addresses, or other personally identifiable information is stored.
  • K-Anonymity Thresholds: Community benchmarks are only displayed when sufficient data points exist in a category (minimum thresholds apply) to prevent inference of individual records. We do not display pricing insights when sample sizes are too small.
  • Indefinite Retention: Anonymized community data is retained indefinitely to build more accurate long-term market insights, but individual user information cannot be recovered from this dataset.

Data Sharing

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. However, we share information in the following circumstances:

Service Providers

We share necessary information with trusted service providers who help us operate our Services. This includes Stripe (for payment processing), Supabase (for authentication and database storage), and email service providers for sending notifications and digests. These providers are contractually bound to use your information only as necessary to provide services on our behalf.

Anonymized and Aggregated Data

We may share aggregated and fully anonymized data with partners, researchers, and the public to support industry benchmarking and community insights. This data cannot be used to identify you.

Legal Requirements

We may disclose your information if required by law, court order, government request, or if we believe in good faith that disclosure is necessary to comply with applicable laws, enforce our Terms of Service, or protect the rights, privacy, safety, or property of QuoteKarma, our users, or the public.

Data Security

We implement comprehensive technical, administrative, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) version 1.2 or higher, ensuring 256-bit encryption strength.
  • Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using industry-standard encryption protocols.
  • Share Token Security: When you share analyses with others via unique tokens, we use HMAC-based signing and token expiry to ensure shared links are secure and cannot be forged.
  • Row-Level Security: Our database implements row-level security policies, ensuring users can only access their own data.
  • Regular Audits: We conduct regular security audits and vulnerability assessments to identify and remediate potential risks.

Cookies & Tracking

We use cookies and similar technologies to enhance your experience and maintain your security.

Authentication Cookies

Supabase manages authentication cookies that maintain your logged-in session. These are essential for secure access to your account and cannot be disabled without preventing login functionality.

No Third-Party Trackers

We do not use third-party advertising trackers, analytics cookies that track you across the web, or other invasive tracking mechanisms. We do not share data with advertisers or data brokers.

Local Storage

We use browser local storage to save your app preferences, incomplete analyses, and other non-sensitive state information. This data remains on your device and is not transmitted to our servers unless you explicitly submit it.

Your Rights (California CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

Right to Know

You have the right to request what personal information we have collected, the source of that information, the purpose for collection, and the categories of recipients with whom we share it.

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as when information is necessary to complete a transaction or comply with law). Upon account deletion, we will remove your account information and associated quotes within 30 days.

Right to Opt-Out of Sale

You have the right to opt-out of the "sale" of personal information under CCPA. We do not sell personal information, but this right is provided for transparency.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not be denied service, charged different prices, or receive different quality of service based on your privacy choices, provided the difference is reasonably related to the value your data provides.

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@quotekarma.ai with "CCPA Request" in the subject line. Include your full name, email address associated with your account, and a detailed description of your request. We will verify your identity and respond within 45 days (or as required by law). You may also manage some privacy settings directly in your account under Settings.

Data Retention

We retain your information for as long as it serves the purposes outlined in this Privacy Policy, or as required by law.

  • Account Information: We retain account data while your account is active. If you request account deletion, we remove your account and associated personally identifiable information within 30 days.
  • Quote Analyses: Your quote analyses and project histories are retained to enable you to access, review, and compare your analyses. You may delete individual analyses at any time from your account.
  • Anonymized Community Data: Anonymized and aggregated data used for community benchmarks is retained indefinitely to build accurate market insights. This data cannot be connected back to you.
  • Backup and Compliance: We may retain certain information longer if required for backup, archival, legal compliance, fraud prevention, or other legitimate purposes. When data is no longer needed, we securely delete or destroy it.

Children's Privacy

QuoteKarma is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly. If you believe we have collected information from a child under 13, please contact us immediately at support@quotekarma.ai.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on our website. Your continued use of QuoteKarma following the posting of changes constitutes your acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions about this Privacy Policy, our privacy practices, or would like to exercise your rights under CCPA or other applicable laws, please contact us:

Email: support@quotekarma.ai

Company: QuoteKarma

Location: California, USA

We aim to respond to all inquiries within 10 business days. For data subject requests, we will respond in accordance with applicable legal requirements.