Privacy Policy

1. Scope

This policy applies to the public site (for example, home, docs, blog, pricing, privacy, and terms) and the protected app area (for example, workspace, sales, purchasing, reports, setup, tools, and account).

2. Data we collect

We collect data in four categories:

• Account and authentication data: when you sign in with Google, authentication is handled through Supabase Auth. We may process your user ID and email address, and we maintain a profile row with fields such as role, subscription status, Stripe customer ID placeholder, and billing period end.
• Workspace and business data: Quote2Invoice is local-first. Operational data (company profile, customers, vendors, items, quotes, invoices, ledger entries, payments, and related links) is primarily stored in your browser storage.
• Technical and session data: we use cookies and similar storage for language preference, authentication/session handling, and product functionality.
• Feedback and diagnostics data: when you submit feedback or when error/event reporting is enabled, we may process message content, optional contact email, route/context metadata, timestamp, URL, and user agent.

3. How we use data

We use data to provide sign-in and account access, operate app features, persist your workspace on your device, support import/export workflows, monitor reliability, and respond to feedback or support requests.

4. Storage model and third-party services

Quote2Invoice uses the following providers:

• Supabase: authentication/session and account profile storage.
• Google OAuth: identity provider for sign-in.
• Google Analytics and Vercel Analytics: aggregate traffic/usage analytics.
• Resend (feedback email delivery): feedback API messages are forwarded to a configured support inbox.

Workspace imports/exports are file-based (ZIP and spreadsheet formats). Imported files are processed in-app; exported files are generated for download to your device.

5. Cookies and similar technologies

We use a locale preference cookie and authentication/session cookies where required. Browser storage (IndexedDB, localStorage, and sessionStorage) is also used to persist workspace state and user experience state inside the app.

6. Data retention

Local workspace data remains in your browser until you remove it, clear browser storage, or overwrite it via import. Account/profile data stored through Supabase is retained while your account is active and for a limited period thereafter as needed for security, legal, and operational reasons.

7. Your rights and choices

You can request access, correction, or deletion of account-related personal data. You may also stop using analytics by adjusting browser settings and extensions. Local workspace data can be removed by clearing app/browser storage.

8. Security

We apply reasonable technical and organizational safeguards for the services we control. No system is fully risk-free, so you are responsible for securing your own devices, accounts, and exported files.

9. Future paid features

Paid subscriptions may be introduced in the future. Stripe customer metadata fields exist in account profiles for forward compatibility, but payment processing is not described here as an active feature unless and until it is launched.

10. Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected by updating the effective date on this page.

11. Contact

For privacy requests, contact admin@quote2invoice.com. Please include enough detail for us to verify your request and respond.