Privacy Policy
Version 1.0 · Last updated 7/11/2026
1. Who we are
Instant Quote Creator ("we", "us", "our") is the data controller for personal data processed in connection with our service. Contact: privacy@instantquotecreator.com. EU/UK enquiries: dpo@instantquotecreator.com.
2. GDPR compliance
For users in the EU/EEA and UK we rely on the following legal bases: (a) contract performance, (b) legitimate interests (service operation, fraud prevention, analytics), (c) consent (marketing, non-essential cookies), and (d) legal obligation. You may withdraw consent at any time without affecting prior processing.
3. CCPA / CPRA considerations
California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to opt out of sale/sharing (we do not "sell" personal information as defined by CCPA but use third-party analytics that may qualify as "sharing"), and to non-discrimination for exercising these rights.
4. Data we collect
- Account data: name, email, password (hashed), business details, role.
- Quote and client data: content you input into the platform.
- Billing data: handled by Stripe; we store transaction metadata, not card numbers.
- Communications: support messages, in-app chats.
- Usage data: device, browser, IP, pages viewed, clicks, referrer.
- Marketing data: email open/click events when applicable.
- AI inputs/outputs: prompts and generated content.
5. How we process data
- Provide and improve the service.
- Authenticate users and protect against fraud or abuse.
- Process payments via Stripe.
- Send transactional emails (receipts, password resets) and, with your consent, marketing emails.
- Generate AI assistance.
- Comply with legal obligations.
6. Data retention
We retain personal data only as long as necessary to provide the service and meet legal obligations. Account data is retained while your account is active and up to 24 months after closure; invoices for the legally required period (typically 7–10 years).
7. Your rights
- Access — get a copy of your data.
- Rectification — correct inaccurate data.
- Erasure — request deletion ('right to be forgotten').
- Restriction — limit how we process your data.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Portability — receive your data in a portable format.
- Lodge a complaint with your supervisory authority.
8. Data portability and deletion
Send requests to privacy@instantquotecreator.com. We respond within 30 days (extendable by 60 days for complex requests). Some data may be retained where required by law (e.g., tax records).
9. Security practices
We implement industry-standard technical and organizational measures: TLS in transit, encryption at rest for sensitive fields, RBAC, least-privilege access, audit logging, regular backups, and vendor due diligence. No system is 100% secure; we will notify affected users of any breach as required by law.
10. Third-party services (sub-processors)
- Supabase — hosting, database, auth.
- Stripe — payment processing.
- AI providers — content generation under data-processing agreements.
- Email service providers — transactional and marketing email.
- Analytics — usage analytics (where consent given).
11. International data transfers
Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms. A copy of relevant safeguards is available on request.
12. Children
The service is not intended for individuals under 16. We do not knowingly collect data from children. Contact privacy@instantquotecreator.com if you believe we have done so.
13. Changes to this policy
We may update this policy from time to time. Material changes will be notified via email or in-app notice at least 14 days before taking effect.
14. Contact
privacy@instantquotecreator.com — privacy questions. dpo@instantquotecreator.com — EU/UK data protection officer.