KwotlyKwotly

Privacy Policy

Last updated: April 28, 2026

1. Who We Are

Kwotly is operated by World Social Trend LLC ("we", "us"), a company registered in Texas, United States. Kwotly is an AI-powered quoting platform for contractors and tradespeople. This Privacy Policy explains what personal data we collect, how we use it, and your rights under applicable US and Canadian data protection laws, including the California Consumer Privacy Act (CCPA) and Canadian provincial privacy laws (e.g. PIPEDA, Quebec Law 25).

2. Data We Collect

Account information

  • Email address (for authentication)
  • Password (hashed with bcrypt, we cannot see it)
  • Passkey credentials (WebAuthn public keys, device identifiers)

Business profile

  • Business name, address, phone, website
  • Trade type, tax rate, labor rate
  • Logo and branding

Client data (uploaded by you)

  • Client names, emails, phone numbers, addresses
  • Room photos uploaded for quote analysis
  • Signatures on accepted quotes (IP address recorded for legal traceability)

Usage data

  • Monthly quote/photo generation counts (for plan limits)
  • Affiliate clicks (store, product, timestamp, user agent, IP)
  • Email open/click events (via Resend)

Payment data

  • We use Stripe to process payments. We do NOT store credit card numbers.
  • Stripe customer ID and subscription status are stored to manage your account.

Optional: AI provider keys

If you connect your own AI provider (OpenAI, Anthropic, Google), we store your API key encrypted in our database. It is only decrypted server-side when generating a quote on your behalf.

3. How We Use Your Data

  • Provide the Service (account, quotes, invoices, payments)
  • Send you service emails (notifications, receipts, quote status updates)
  • Enforce plan limits and detect abuse
  • Improve the Service (anonymized analytics)
  • Comply with legal obligations (tax, fraud prevention)

4. Why We Process Your Data

We process your data for the following purposes:

  • To perform our contract with you: provide the Service you signed up for
  • Legitimate business interests: improve the Service, prevent fraud and abuse
  • With your consent: optional analytics and marketing (you can opt out)
  • Legal obligation: comply with US tax, accounting, and consumer protection laws

5. Third-Party Services

We share limited data with the following processors:

  • Stripe — payment processing (stripe.com/privacy)
  • Resend — email delivery (resend.com/privacy)
  • Railway — infrastructure hosting (railway.app/legal/privacy)
  • Anthropic / OpenAI / Google — AI providers (only when you use the "Kwotly AI" option, and only the prompt content is sent)
  • Home Depot / Lowe's / Amazon — affiliate link redirects (no personal data shared beyond standard browser info)

We do NOT sell your data to third parties. We do NOT use your data to train AI models.

6. Photo Data

Room photos you upload are stored on our servers (Railway volume) and sent to your selected AI provider for analysis. Photos are retained as long as the associated quote exists. You can delete them at any time by deleting the quote.

AI providers (Anthropic, OpenAI, Google) have their own data retention policies. Per their commercial API terms, photos are not used to train their models.

7. Data Retention

  • Active accounts: data retained as long as your account is active
  • Cancelled accounts: data deleted within 30 days of cancellation
  • Invoices & payment records: retained for 10 years (legal obligation)
  • Email events & affiliate clicks: retained 2 years

8. Your Rights

Under CCPA (California), Canadian provincial privacy laws, and similar regulations, you have the right to:

  • Access: request a copy of your data (export via Settings > Data)
  • Correct: fix inaccurate data (editable in your profile)
  • Delete: request deletion of your account and data
  • Portability: receive your data in a machine-readable format (CSV)
  • Opt out: refuse certain processing (e.g. marketing emails)
  • Non-discrimination: we will not penalize you for exercising any of these rights
  • Lodge a complaint: with your state attorney general or provincial privacy commissioner

To exercise these rights, email [email protected]. We respond within 30 days.

9. Security

We protect your data with industry-standard measures:

  • HTTPS/TLS encryption for all connections
  • Password hashing with bcrypt (12 rounds)
  • JWT session tokens with 30-day expiration
  • Optional passkeys (WebAuthn) for passwordless auth
  • Database backups encrypted at rest
  • Regular security updates

No system is 100% secure. If a breach affecting your personal information occurs, we will notify you and applicable regulators without unreasonable delay, as required by US state breach-notification laws and Canadian provincial laws.

10. Cookies

We use the following cookies:

  • session (strictly necessary): to keep you logged in
  • locale (preference): remembers your language choice (EN/ES)

We do NOT use tracking cookies, advertising cookies, or social media pixels.

11. Where Your Data Lives

Your data is stored in the United States on Railway infrastructure. Some third-party processors we use (Stripe, Resend, Anthropic, OpenAI, Google) may also process data in other regions under their own privacy frameworks.

Kwotly is offered only to users in the United States and Canada. If you access the Service from outside these regions, you do so on your own initiative and are responsible for compliance with local laws.

12. Children's Privacy

Kwotly is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification. The "Last updated" date at the top indicates the current version.

14. Contact

Privacy questions: [email protected]

Mailing address: World Social Trend LLC, 5900 Balcones Dr Suite 100, Austin, TX 78731, USA.

Terms of ServiceBack to login