Privacy Policy

QuotesPilot is a quote follow-up automation tool for residential contractors, operated from Quebec, Canada. This policy explains how we collect, use, disclose, and protect the personal information ("PI") of our users (contractors) and the individuals whose information may be processed through our platform (clients).

In accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25), the person responsible for the protection of personal information at QuotesPilot is:

Raphaël Thérien-Touchette, Founder

Email: privacy@quotespilot.com

You may contact this person for any question or request regarding your personal information.

From contractors (users):

- Email address (for authentication and communication)

- Name, phone number, and business information (company name, address, logo)

- Products and service catalogs uploaded to the platform

- Quote content, including PDFs and documents you forward to us

- QuickBooks connection data (if you choose to connect QuickBooks: OAuth access tokens, company identifier)

From clients (quote recipients):

- Name and email address (provided by the contractor)

- Phone number (if provided by the contractor for SMS notifications)

- Responses to quotes (acceptance, replies)

Automatically:

- Authentication session data (stored in a secure HTTP-only cookie)

- We do not use analytics, tracking cookies, or third-party advertising scripts.

We use PI solely for the purposes of providing our service:

- Authentication: Verifying user identity via magic link emails

- Quote processing: Extracting, formatting, and sending quotes on behalf of contractors

- Follow-up automation: Sending scheduled follow-up emails to clients

- SMS notifications: Sending transactional SMS to clients when enabled by the contractor

- AI-assisted processing: Using artificial intelligence to extract data from documents, format quotes, and analyze client replies (see Section 5)

- Team management: Managing multi-user access within a company

QuotesPilot uses AI (powered by OpenAI) to:

- Extract quote information from forwarded emails and PDF documents

- Format and structure quote content for presentation

- Analyze client email replies to determine intent (acceptance, questions, etc.)

- Extract product data from uploaded price lists

- Generate quote titles and descriptions from line items

Important: AI processing is used as an assistance tool. All AI-extracted data is reviewed by the contractor before being sent to clients (in Manual Approval mode) or uses the original unmodified documents (in Auto-Send mode). No fully automated decisions with legal effects are made without human review.

When AI is used to process your information, this is disclosed in the emails sent to clients.

We share PI with the following service providers, strictly for the purposes described above:

As required by Law 25, we have conducted an assessment to ensure that PI transferred outside Quebec receives equivalent protection. These providers are bound by contractual obligations to protect your data.

Payment Processing (Stripe): Subscription payments are processed by Stripe, Inc. We never store your credit card number or full card details on our servers. When you subscribe, Stripe securely tokenizes your payment method and charges it on our behalf. Stripe is PCI-DSS Level 1 certified. We store your Stripe customer ID and subscription status to manage your account. You can view Stripe's privacy policy at stripe.com/privacy.

QuickBooks Integration: If you choose to connect your QuickBooks account, we access your QuickBooks data (customers, estimates, invoices, and items) solely to synchronize quote data between QuotesPilot and QuickBooks. OAuth access tokens are stored encrypted in our database and are never exposed to the browser. You can disconnect QuickBooks at any time from the Settings page, which immediately revokes the access token and removes all QuickBooks connection data from our servers. Connecting QuickBooks is entirely optional and not required to use QuotesPilot.

When QuickBooks is connected, we may:

- Create and update Estimates in your QuickBooks account when you send quotes

- Create Invoices in your QuickBooks account when a client accepts a quote

- Create or update Customers in your QuickBooks using client name and email

- Read your Items (products/services) list to import into your QuotesPilot catalog

We do not:

- Access your bank accounts, transactions, or financial reports

- Modify or delete any data in QuickBooks that was not created by QuotesPilot

- Share your QuickBooks data with any third parties

- Store your QuickBooks username or password (we use OAuth2 token-based authentication)

- Active accounts: Data is retained as long as the account is active.

- Quotes and follow-ups: Retained for 3 years after the quote is closed (won, lost, or cancelled), for business and tax record purposes.

- Session cookies: Expire after 7 days and are not renewed automatically.

- Magic link tokens: Expire after 15 minutes.

You may request earlier deletion of your data at any time (see Section 9).

We implement the following measures to protect PI:

- All data transmitted over HTTPS (TLS encryption in transit)

- Database encrypted at rest

- Authentication via secure, HTTP-only cookies (no client-side token storage)

- Magic link authentication (no passwords stored)

- API endpoints protected by role-based access control

- Company-level data isolation (users can only access their own company's data)

Under Quebec law (Law 25), you have the right to:

- Access your personal information held by QuotesPilot

- Rectify inaccurate personal information

- Withdraw consent to the use of your PI (which may limit your ability to use the service)

- Request deletion of your personal information

- Data portability: Receive your data in a structured, commonly used format

For contractors: You can update your information in the Settings page. For deletion or export requests, contact privacy@quotespilot.com.

For clients: If your information was processed through QuotesPilot (e.g., you received a quote or follow-up email), you may contact privacy@quotespilot.com to exercise your rights.

We will respond to all requests within 30 days, as required by law.

QuotesPilot uses a single cookie:

- auth-token: A strictly necessary HTTP-only session cookie used for authentication. It contains an encrypted session identifier and expires after 7 days.

We do not use advertising, analytics, or third-party tracking cookies. No cookie consent banner is required as this cookie is strictly necessary for the service to function.

In the event of a confidentiality incident (unauthorized access, use, disclosure, or loss of PI) that presents a risk of serious injury, we will:

- Notify the Commission d'accès à l'information du Québec (CAI)

- Notify affected individuals

- Take reasonable measures to reduce the risk of injury

We maintain an incident register as required by Law 25.

We may update this policy from time to time. Significant changes will be communicated to active users via email. The "Last updated" date at the top will always reflect the most recent version.

For any questions about this policy or to exercise your privacy rights:

Raphaël Thérien-Touchette

Email: privacy@quotespilot.com