Provider Privacy Policy

Last updated: March 2026

1. Introduction

QuoteMe ("we," "us," or "our") operates the website quoteme.website (the "Platform"). This Provider Privacy Policy explains how we collect, use, disclose, and safeguard your information as a service provider on our Platform.

This policy supplements our general Privacy Policy, which also applies to you. In the event of a conflict between this Provider Privacy Policy and the general Privacy Policy, this Provider Privacy Policy shall prevail with respect to provider-specific matters.

By creating a provider account, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Business information: business name, owner name, business address, phone number, and email address.
  • Service details: service categories, specializations, service radius, and service ZIP codes.
  • Credentials: license number and insurance certificate (uploaded document).
  • Profile content: business logo, bio (up to 500 characters), work references, and photos.
  • Account credentials: email and password. Your password is hashed and never stored in plain text.
  • Terms acceptance: timestamp of when you accepted our terms of service.

2.2 Information Generated Through Use

  • Quote submissions: pricing details, notes, warranty information, and exclusions.
  • Connection data: which customers selected your quotes and connection fees charged.
  • Credit transactions: purchase history, balance changes, and transaction descriptions.
  • Communication metadata: timestamps of interactions and notification preferences.
  • Reviews and ratings: customer feedback about your services.
  • Platform activity: login history, pages viewed, and features used.

2.3 Information Collected Automatically

  • Device information: browser type, operating system, and device identifiers.
  • Log data: IP address, access times, and referring URLs.
  • Cookies: essential session cookies for authentication. We do not use advertising or tracking cookies.
  • Error tracking: via Sentry. No personally identifiable information is collected; sendDefaultPii is disabled.

3. How We Use Your Information

We use your information to:

  • Create and manage your provider account.
  • Verify your identity and business credentials.
  • Match you with relevant customer service requests based on your service area and categories.
  • Process credit transactions and connection fees.
  • Display your business profile and quotes to potential customers.
  • Send you notifications about new requests, connections, and account updates.
  • Communicate important platform updates, terms changes, and service announcements.
  • Monitor and enforce compliance with our terms of service.
  • Improve our platform, features, and user experience.
  • Respond to your inquiries and provide customer support.
  • Generate anonymized, aggregated analytics to improve our service.
  • Comply with legal obligations and enforce our rights.

4. Information Sharing & Disclosure

4.1 With Customers

  • Your business name, bio, service categories, and work references are visible to customers browsing the platform.
  • Your quote details (pricing, notes, warranty, exclusions) are shared with the customer who submitted the service request.
  • Your business rating and review count may be displayed alongside your quotes.
  • Your contact information (phone, email) is NOT shared with customers until they create a Connection by selecting your quote.

4.2 With Third-Party Service Providers

  • Supabase: database hosting and authentication. See Supabase Privacy Policy.
  • Stripe, Inc.: payment processing for credit purchases. QuoteMe does NOT store your payment card details, bank account numbers, or other financial instrument data on our servers. All payment information is processed and stored by Stripe in accordance with PCI DSS standards. We only store your Stripe Customer ID for transaction reference. See Stripe Privacy Policy.
  • Sentry: error monitoring and performance tracking. No PII is collected.
  • Vercel: website hosting.

4.3 Legal Disclosure

  • We may disclose your information if required by law, court order, or governmental regulation.
  • We may disclose information to protect QuoteMe's rights, property, or safety.
  • We may share information in connection with a merger, acquisition, or sale of assets.

4.4 We Do NOT

  • Sell your personal information to third parties.
  • Share your information with advertisers.
  • Use your information for purposes unrelated to the QuoteMe platform.

5. Customer Data You Receive

When a customer creates a Connection with you:

  • You receive certain customer personal information (name and contact details based on their preference).
  • You are a data controller for the customer data you receive.
  • You must use this data ONLY for the specific service transaction.
  • You must NOT sell, share, or distribute this data to any third party.
  • You must delete this data within 90 days after the transaction is completed or cancelled, unless a warranty period applies.
  • You must implement reasonable security measures to protect this data.
  • You must notify QuoteMe within 48 hours of any data breach involving customer information.
  • Failure to comply with these requirements may result in immediate account termination and legal action.

6. Data Retention

  • Active account data: retained for as long as your account remains active.
  • Credit transaction records: retained for 7 years for financial and tax reporting compliance.
  • Quotes and connection history: retained for 3 years after the last activity for dispute resolution and audit purposes.
  • Account data after deletion: anonymized within 30 days of account deletion request. Some anonymized data may be retained for analytics.
  • Reviews: reviews you received are retained even after account deletion, associated with an anonymized provider reference.
  • Backup data: may persist in encrypted backups for up to 90 days after deletion.

7. Your Rights

7.1 All Providers

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate information.
  • Deletion: request deletion of your account and personal data.
  • Data portability: request your data in a machine-readable format.
  • Opt-out of communications: manage notification preferences in your profile settings, or unsubscribe from marketing emails.

7.2 California Residents (CCPA/CPRA)

  • Right to know what personal information is collected and how it is used.
  • Right to delete personal information (subject to legal exceptions).
  • Right to opt-out of the sale of personal information. We do not sell your information.
  • Right to non-discrimination for exercising privacy rights.

To exercise these rights, contact us at support@quoteme.website.

7.3 How to Exercise Your Rights

  • Email us at support@quoteme.website with your request.
  • We will respond within 30 days (or 45 days for complex requests, with notice).
  • We may need to verify your identity before processing your request.

8. Data Security

  • We implement industry-standard security measures including encryption in transit (TLS) and at rest.
  • Authentication is managed through Supabase Auth with secure session management.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Access to provider data is restricted through Row Level Security (RLS) policies.
  • We conduct regular security reviews and vulnerability assessments.
  • While we strive to protect your information, no method of electronic storage or transmission is 100% secure.

9. Cookies & Tracking

  • We use essential cookies only for authentication and session management.
  • We do NOT use advertising cookies, tracking pixels, or third-party analytics cookies.
  • Sentry may use functional cookies for error tracking and performance monitoring. No PII is collected.
  • You can manage cookie preferences through your browser settings, but disabling essential cookies may prevent you from using the platform.

10. Children's Privacy

  • Provider accounts are restricted to individuals aged 18 and older.
  • We do not knowingly collect information from individuals under 18 for provider accounts.
  • If we discover that a provider account belongs to someone under 18, we will terminate the account immediately.

11. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time.
  • Material changes will be communicated via email at least 30 days before they take effect.
  • We will update the "Last updated" date at the top of this page.
  • Your continued use of the platform after changes take effect constitutes acceptance.
  • If you do not agree with the updated policy, you must stop using the platform.

12. Contact Us

Effective Date: March 2026