Privacy Policy

Last updated: May 18, 2026 · Effective: May 18, 2026 (new accounts) / June 17, 2026 (existing accounts)

LotQuote ("we," "our," or "us") operates the LotQuote.io website and the LotQuote application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Notice to existing users. This Privacy Policy reflects updates to the prior version dated May 10, 2026. The most notable change is the addition of Section 12 (Calls and Text Messages — TCPA Disclosure), which describes how we and our service providers may contact you by phone and text message, the consent you provide when you submit a phone number, and how to opt out. For accounts created on or after May 18, 2026, this updated Policy applies immediately. For users with accounts created before May 18, 2026, the prior Policy remains in effect until June 17, 2026, unless you affirmatively accept the updated Policy earlier.

1. Information We Collect

Account Information: When you create an account we collect your name, email address, company name, phone number, and billing information.

Usage Data: We automatically collect information about how you interact with the Service, including IP address, browser type, device identifiers, pages visited, features used, and timestamps.

Location & Map Data: When you search for addresses or use the satellite map feature, we process geographic coordinates and address data through the Google Maps API. We do not store satellite imagery — it is served directly by Google.

Customer & Client Data: Information you enter about your clients — names, addresses, email addresses, contact details, and job history — is stored to power the CRM, proposal, invoicing, work order, and client portal features. Client email addresses you provide are used to grant those clients access to the LotQuote Client Portal.

Estimate & Proposal Data: All estimates, line items, pricing, proposal PDFs, approval status, and quote type selections you create are stored and associated with your account.

Invoice & Payment Data: When you generate invoices, we store invoice line items, totals, payment terms, and invoice status. Payment processing is handled entirely by Stripe. We do not store full card numbers or sensitive payment credentials on our servers.

Work Order Data: Work order PDFs you generate — including satellite map snapshots, polygon overlays, pin markers, and material calculations — are stored and associated with the relevant estimate and customer record.

Blueprint & Measurement Data: PDF blueprints you upload, calibration data, polygon measurements, line measurements, signage placements, and count dot annotations are stored and linked to your estimates.

Team & Enterprise Data: For Enterprise plan accounts, we collect company profile information, team member email addresses, role assignments, shared price list data, and job costing records to support multi-user workspaces.

Client Portal Data: Clients who access the LotQuote Client Portal (clients.lotquote.io) authenticate via magic link. We store their email address and associate it with the estimates and invoices shared by their contractor. Service requests submitted through the portal are stored and linked to the client's email.

AI Detection Data: When you use the AI stall and marking detection feature (currently in Beta, available on Ultimate and Enterprise plans), a satellite map image of the selected area is sent to our backend AI model for processing. These images are used solely to generate detection results for the active session and are not stored beyond the duration of the session.

Integration Tokens: If you connect QuickBooks or Jobber, we store per-user OAuth access tokens securely in our database to maintain your integration. These tokens are scoped to the permissions you grant during the OAuth flow and are never shared with other users.

Terms Acceptance Records. When you create an account or affirmatively accept an updated version of our Terms or Privacy Policy, we record which version you accepted, the timestamp of acceptance, your IP address at the time, and the user-agent string of your browser, for compliance and audit purposes.

2. How We Use Your Information

We use collected information to: provide and maintain the Service; generate estimates, proposals, work orders, and invoices; process payments and manage subscriptions; enable client portals and service request workflows; support team collaboration for Enterprise accounts; run AI detection on selected map areas; sync data with connected third-party platforms (QuickBooks, Jobber); communicate with you about updates, security alerts, and support; deliver marketing and informational calls, text messages, and emails (subject to your consent and applicable law — see Section 12); analyze usage to improve the Service; and comply with legal obligations.

3. AI Model Training & Your Data

We do not use your customer data, estimate data, invoice data, customer contact information, blueprint files, or work order content to train, fine-tune, or improve any AI or machine learning model.

The AI stall and marking detection model used by the Service is trained on a separate, internally curated dataset of satellite and aerial imagery that does not include identifying customer, project, or business information. Satellite map images submitted to the AI detection feature during your active session are used solely to generate detection results for that session and are discarded afterwards. We do not use them to retrain or update the production model.

If we ever change this practice — for example, by introducing an opt-in program where you can voluntarily contribute imagery to improve detection accuracy — we will obtain your explicit, affirmative consent first and update this Privacy Policy with at least 30 days' advance notice.

4. Multi-Tenant Data Isolation

LotQuote is a multi-tenant application. Each user's data — including estimates, customers, invoices, work orders, price lists, OAuth tokens, blueprint files, and job data — is strictly isolated through row-level security (RLS) policies enforced at the database layer. Enterprise team members can only access data within their assigned company workspace. No user can access another user's data.

5. Client Portal

The LotQuote Client Portal (clients.lotquote.io) allows contractors to share estimates, proposals, and invoices with their property manager clients. Clients authenticate via a magic link sent to their email address. Client-facing data is limited to what the contractor has explicitly associated with that client's email address. Clients may also submit service requests through the portal, which are stored and visible to their contractor.

6. Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policies:

Google Maps Platform: For satellite imagery, geocoding, and map display. Subject to the Google Privacy Policy.
Stripe: For subscription billing and invoice payment processing. Your payment information is handled directly by Stripe and is not stored on our servers. Subject to the Stripe Privacy Policy.
QuickBooks (Intuit): If connected, we access and sync estimate, customer, and invoice data between LotQuote and QuickBooks using OAuth 2.0. Per-user tokens are stored securely and isolated per account.
Jobber: If connected, we access and sync job and client data between LotQuote and Jobber using OAuth 2.0. Per-user tokens are stored securely and isolated per account.
Supabase: Our database and authentication infrastructure. Data is stored on Supabase's secure, encrypted infrastructure with row-level security enforced.
Railway & Vercel: Our backend and frontend hosting providers. Server logs may include IP addresses and request metadata for operational and security purposes.
Resend: Our transactional and marketing email delivery provider. Email delivery metadata (recipient address, send timestamps, delivery and engagement events) is processed by Resend on our behalf.
Telephony & messaging providers: If you have provided a phone number, we may use third-party telephony and SMS providers (such as Twilio, OpenPhone, or similar) to place marketing or informational calls and to send text messages. Each such provider acts as our service provider and processes call and message metadata on our behalf.

7. Data Storage & Security

Your data is stored on secure, encrypted servers. We implement industry-standard security measures including: TLS encryption in transit; encryption at rest; row-level security (RLS) enforced at the database layer; JWT-based authentication with server-side validation; per-user OAuth token isolation; Content Security Policy (CSP), HSTS, and X-Frame-Options headers; and server-side plan enforcement to prevent unauthorized feature access.

No method of internet transmission or electronic storage is 100% secure. While we use commercially reasonable practices to protect your data, we cannot guarantee absolute security.

8. Data Retention & Backups

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data from our active production database within 30 days, except where we are required by law to retain it.

Backups. Routine encrypted database backups are retained for up to 90 days for disaster-recovery purposes. After your data is removed from the active database, residual copies in those backups are purged on the standard backup-rotation cycle (no later than 90 days).

Anonymized data. Aggregated, anonymized usage data that cannot reasonably be linked back to you may be retained indefinitely for analytics and product improvement. As stated in Section 3, we do not use your personal or customer data to train AI models.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal data; object to or restrict certain processing; request data portability; and withdraw consent at any time. To exercise any of these rights, contact us at privacy@lotquote.io. We will respond within the timeframe required by applicable law (typically 30–45 days). We will not discriminate against you for exercising any of these rights.

10. California Privacy Rights (CCPA / CPRA)

This section applies to California residents and is provided in compliance with the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA").

Categories of personal information we collect. In the past 12 months, we have collected the following categories of personal information, as described in Section 1 above: identifiers (name, email, IP address, device ID, phone number); commercial information (subscription tier, billing records); internet/network activity (usage logs, feature interactions); geolocation data (addresses you search, lots you measure); professional information (company name, role); communications metadata (call logs, SMS delivery events for messages we initiate); and inferences drawn from the above (e.g., subscription tier eligibility).

Sources. We collect this information directly from you, automatically through your use of the Service, and from connected third-party integrations you authorize (such as QuickBooks and Jobber).

Business purposes. We use this information for the purposes described in Section 2 above.

No sale or sharing of personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months.

Sensitive personal information. We do not use or disclose sensitive personal information for purposes beyond those permitted under the CCPA without notice.

Your CCPA rights. Subject to certain exceptions, California residents have the right to:

Know what personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we share it
Request a copy of the specific pieces of personal information we hold about you (right to access / portability)
Request that we delete personal information we have collected about you
Request that we correct inaccurate personal information about you
Limit the use and disclosure of any sensitive personal information we collect
Be free from retaliation for exercising any of these rights

How to exercise your rights. Submit a verifiable request by emailing privacy@lotquote.io. We may need to verify your identity by confirming details associated with your account before fulfilling the request. You may designate an authorized agent to make a request on your behalf, subject to verification.

11. European Economic Area, United Kingdom & Swiss Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional terms apply.

Data controller. LotQuote (Suwanee, GA, United States) is the data controller for personal data collected through the Service.

Legal bases for processing. We process your personal data on the following legal bases under the GDPR / UK GDPR:

Contract: to provide the Service you have subscribed to and fulfill our contractual obligations under our Terms.
Legitimate interests: to operate, secure, and improve the Service, prevent fraud, and communicate with you about your account, balanced against your privacy rights.
Consent: for any optional processing where we explicitly request it (such as non-essential cookies, marketing calls or text messages to phone numbers you provide, or future AI training opt-ins, if introduced).
Legal obligation: to comply with applicable law.

Your GDPR rights. You have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your local supervisory authority.

International transfers. Because we are based in the United States, your personal data is transferred to and processed in the U.S. We rely on appropriate safeguards (such as Standard Contractual Clauses) where required for transfers from the EEA, UK, or Switzerland.

To exercise any of these rights, contact us at privacy@lotquote.io.

12. Calls and Text Messages — TCPA Disclosure

If you provide a phone number during signup, in your account settings, or in any form on our website, you consent to receive marketing and informational calls and text messages from LotQuote and its affiliates, partners, and service providers at that number, including through the use of an automatic telephone dialing system, artificial or prerecorded voice, or other automated technology. Consent is not a condition of purchase. Message and data rates may apply, and message frequency may vary.

How to opt out. You may opt out of marketing text messages at any time by replying STOP to any marketing text message we send you. You may opt out of marketing calls by following the opt-out instructions provided during any call, or by emailing privacy@lotquote.io. Opting out of marketing communications will not affect transactional or account-related messages such as password resets, billing notices, subscription receipts, or service alerts, which you will continue to receive while your account is active.

Information we collect about calls and messages. When we (or our service providers acting on our behalf) place a call or send a text message to a number you provided, we may collect and retain associated metadata, including the phone number, the date and time of the call or message, the duration of any call, message delivery and engagement events (delivered, read, replied, opted out), and the content of text messages we sent or that you sent in reply. This information is used to operate, troubleshoot, and improve our outreach, to honor opt-out requests, and to comply with applicable law (including the TCPA and the Telemarketing Sales Rule).

Call recording. We do not record calls by default. If we begin recording calls in the future, we will provide notice at the start of any recorded call and obtain any consent required by applicable law, including any two-party consent jurisdictions.

Internal Do Not Call list. We maintain an internal Do Not Call list of phone numbers that have opted out of marketing communications. Once you opt out, we will honor that request indefinitely unless you later provide affirmative consent to be contacted again.

13. Cookies

We use essential cookies for authentication and session management. We may also use analytics cookies with your consent. You can manage cookie preferences through your browser settings.

14. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes — including changes to how we collect, use, or share your data, or to your privacy rights — by posting the updated policy on this page and updating the "Last updated" date above, and where required by law, by sending email notice or providing in-app notice at least 30 days before the changes take effect.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your privacy rights, please contact us at:
privacy@lotquote.io
LotQuote — Suwanee, GA, United States