Privacy Policy

Quotae ("we", "our") is responsible for processing your personal data. If you have questions about this policy, you can contact us at use@quotae.app.

We collect different types of data depending on how you use Quotae:

• Account data: name and email address. We use a one-time code (OTP) sent to your email to verify your identity — there is no password.
• Billing and subscription data: payment information processed through Polar. We do not store your card details.
• Business documents: quotes, invoices, client details, and line items you create in the app.
• Bank and payment account details: IBAN, BIC, bank name, Bizum phone number, or PayPal email that you add to your profile for inclusion on your invoices and quotes.
• Voice audio and transcripts: when you use voice quoting, audio is streamed in real time to Deepgram for transcription. The resulting transcript is sent to our server and forwarded to OpenAI for quote extraction. If Deepgram is unavailable, the app falls back to on-device speech recognition (no audio leaves your phone in that case).
• Contact imports: if you choose to import contacts from your phone's address book, we store the names and phone numbers you select.
• Location data: foreground-only location to auto-fill job site addresses on quotes, when you grant permission.
• Company logo: the logo image you upload for PDF branding.
• Push notification tokens: device tokens registered with Expo to deliver push notifications.
• Crash and performance data: error reports and performance traces collected by Sentry.
• Analytics events: anonymized usage events collected by Vexo to help us understand how features are used.
• Technical data: device type, OS version, and app version for diagnostics.

We use your data to:

• Provide the Quotae service — create, manage, and generate PDFs of your quotes and invoices.
• Process voice input into structured quote data.
• Manage your account, authentication, and subscription.
• Send transactional emails (OTP codes, subscription confirmations, quote expiry reminders).
• Deliver push notifications you have opted into.
• Monitor app stability and fix crashes (Sentry).
• Understand feature usage patterns to improve the product (Vexo analytics).
• Comply with legal obligations (tax and invoicing regulations).

The processing of your data is based on:

• Contract performance: to provide the service you signed up for — quotes, invoices, PDFs, and account management.
• Consent: for voice audio processing (you tap the microphone button to start), contact imports, location access, push notifications, and advertising measurement with Meta/Firebase (through iOS App Tracking Transparency and Android Advertising ID/ad personalization settings). You can withdraw consent or change these controls at any time from your device settings.
• Legitimate interest: for crash reporting, performance monitoring, and anonymized analytics that help us improve the product.
• Legal obligation: to comply with Spanish tax and invoicing regulations.

We do not sell your data. We share it only with the processors needed to run the service:

• Deepgram — real-time audio transcription via WebSocket streaming. Audio is processed and not stored beyond the transcription session.
• OpenAI — transcript text is sent to extract structured quote data. Transcripts are stored by OpenAI in accordance with their API data usage policy.
• Polar — payment processing for subscriptions. You are redirected to Polar's hosted checkout; we never see your card details.
• Cloudflare R2 — cloud storage for generated PDFs and uploaded logos. Data is encrypted at rest.
• Sentry — crash reports and performance traces. All text and images are masked; PII is scrubbed before transmission.
• Vexo — anonymized analytics events to understand feature usage.
• Expo — push notification delivery via Expo Push API.
• Resend — transactional email delivery (OTP codes, subscription notifications).
• Apple — processes iOS subscription payments through In-App Purchase. Apple receives purchase data including transaction identifiers, subscription status, and pricing. Apple does not receive your quotes, invoices, or client data.
• RevenueCat — acts as a subscription management intermediary. RevenueCat receives Apple receipt data, subscription lifecycle events (purchases, renewals, cancellations, expirations), and your Quotae account ID for reconciliation. As support metadata we also send your account email address and display name so the subscription can be located for customer support; no business content (quotes, invoices, clients) is shared with RevenueCat.
• Meta (Facebook) — when a new user signs up, Quotae briefly initializes the Meta App Events SDK to send two conversion events: signup (fb_mobile_complete_registration) and trial-start (StartTrial). On iOS, this only happens after App Tracking Transparency consent. On Android, it may use the Google Play services Advertising ID when available. The SDK is disabled again after the events are flushed. Automatic Meta SDK event logging is disabled at runtime. Data shared: device advertising identifier when available, the two event names, event timestamps, and basic device information used by the SDK. No quotes, invoices, contacts, audio, or business profile data is shared.
• Firebase Analytics / Google Ads — when a new user signs up, Quotae briefly enables Google Analytics for Firebase to send the conversion events sign_up and trial_started. On iOS, this only happens after App Tracking Transparency consent. On Android, Firebase may use the Google Play services Advertising ID when available. Firebase Analytics is then disabled again (approximately 1.5 seconds after the events are queued). During this brief enabled window, the Firebase SDK may also automatically emit standard lifecycle events for the current app session — typically session_start, first_open (only the very first time the app is launched), app_open, and user_engagement. Automatic screen-view reporting is disabled in the native configuration (google_analytics_automatic_screen_reporting_enabled: false). Google Ads uses the conversion events to attribute paid-campaign installs and trial starts. Data shared: device advertising identifier when available, Firebase app instance ID, the event names listed above, event timestamps, approximate geographic location derived by Google's servers from your IP address (city/region resolution only, never GPS coordinates), and basic device information (device model, OS version, locale). No quotes, invoices, contacts, voice audio, business profile, or screen-view data is shared.
• Android Advertising ID — the Android app declares com.google.android.gms.permission.AD_ID so Meta and Firebase/Google can measure signup and trial-start conversions from paid campaigns when the Advertising ID is available. We do not use the Advertising ID to unlock app features, authenticate users, or show ads inside Quotae. Android users can reset or delete the Advertising ID, or disable ad personalization, in Android Settings. The app remains usable if the Advertising ID is unavailable.
• Authorities — when required by law.

Some of our processors are based in the United States: Deepgram, OpenAI, Polar, Cloudflare, Sentry, Vexo, Expo, Apple, RevenueCat, Meta, and Google (Firebase / Google Ads). These transfers are protected by the EU-US Data Privacy Framework or EU Standard Contractual Clauses (SCCs), ensuring your data receives an adequate level of protection as required by the GDPR.

Retention periods depend on the type of data:

• Account and business data: kept as long as your account is active. If you delete your account, we remove your data within 30 days, except where legal retention applies.
• Billing records: retained for the legally required period (5 years under Spanish tax law).
• Voice transcripts: stored on our servers only for the duration of the extraction request. We do not maintain a library of your recordings or transcripts.
• Crash and analytics data: retained according to each processor's policy (typically 30–90 days for Sentry; anonymized for Vexo).
• PDFs and logos: kept in Cloudflare R2 as long as your account is active, deleted within 30 days of account deletion.

Under the GDPR, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Request deletion of your data.
• Restrict or object to processing.
• Data portability.
• Withdraw your consent at any time.

To exercise these rights, contact us at use@quotae.app. We will respond within 30 days.

The Quotae landing website (quotae.app) uses only essential cookies for theme preference and cookie-consent state, and Umami for privacy-respecting web analytics — Umami does not use cookies and does not collect personal data. The landing website itself does not use advertising cookies.

The Quotae mobile app does not use HTTP cookies. It uses Meta and Firebase mobile SDKs to measure the effectiveness of advertising for signup and trial-start conversions.

• On iOS, these SDKs are only initialized after the user grants App Tracking Transparency permission. If the user declines, the SDKs are not initialized and no advertising-measurement events are sent. The user can revoke this permission at any time in iOS Settings → Privacy & Security → Tracking.
• On Android, these SDKs may use the Google Play services Advertising ID when it is available. Android users can reset or delete the Advertising ID, or disable ad personalization, in Android Settings. The app remains usable if the Advertising ID is unavailable.

Advertising-measurement data shared with Meta and Google during the brief signup/trial conversion window includes: device advertising identifier when available, Firebase app-instance ID, the signup and trial-start event names, event timestamps, standard Firebase lifecycle events for the current session (session_start, first_open, app_open, user_engagement), approximate geographic location derived by Google's servers from your IP address (city/region only, never GPS coordinates), and basic device information (model, OS version, locale). It is shared solely to attribute signup/trial conversions for paid acquisition campaigns. We do not share quotes, invoices, contacts, voice audio, business profile data, or screen-view information. For full details, see our Cookie Policy.

Quotae is a professional tool designed for construction professionals. The service is not directed at children under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at use@quotae.app and we will delete it promptly.

We apply technical and organizational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) for all communications.
• Encryption at rest for files stored in Cloudflare R2.
• Token-based authentication with refresh token rotation.
• Restricted access controls and least-privilege policies for internal systems.

When you tap the microphone button to create a voice quote, here is what happens:

• Primary path (Deepgram): Audio is streamed in real time via a WebSocket connection to Deepgram's servers for transcription. The audio is processed on the fly and is not stored by Deepgram beyond the streaming session.
• Fallback path (on-device): If Deepgram is unavailable or you are offline, the app uses your device's built-in speech recognition. In this case, no audio data leaves your phone.
• Transcript processing: The text transcript is sent to our server, which forwards it to OpenAI to extract structured quote data (line items, quantities, descriptions). OpenAI stores the transcript data in accordance with their API data usage policy.
• No biometric data: Although the app supports FaceID and fingerprint unlock, this authentication happens entirely on your device. We never receive, transmit, or store biometric data.

To keep Quotae stable and improve performance, we collect diagnostic data in production:

• Sentry: captures crash reports and performance traces at a 3% session sample rate. All user-visible text and images in error reports are masked automatically. PII (emails, names) is scrubbed before data is transmitted.
• Vexo: collects anonymized analytics events (e.g., "quote created", "PDF generated") to help us understand which features are used and where users encounter friction. No personal data is included in these events.

Both services are enabled only in production builds. Development and preview builds have observability disabled.

If you subscribe to Quotae through the iOS App Store, the following data flows apply:

• Apple In-App Purchase: Apple processes the payment and manages the subscription on its platform. Apple receives and stores transaction identifiers, subscription status, pricing, expiry dates, and renewal state. Quotae does not receive or store your payment method details (credit card, Apple Pay token).
• RevenueCat: We use RevenueCat as a server-side subscription management intermediary. RevenueCat receives Apple receipt data and subscription lifecycle events (purchases, renewals, cancellations, grace periods, billing retries) along with your Quotae account ID so we can match the subscription to your account.
• What is shared: subscription status, transaction identifiers, product identifiers, expiry dates, renewal state, and — as support metadata — your account email address and display name.
• What is never shared: your quotes, invoices, client records, catalog items, or any other business content you create in Quotae. Neither Apple nor RevenueCat has access to this data.

We may update this policy periodically. We will notify you of significant changes through the application or by email.

Quotae uses Meta and Firebase mobile SDKs on iOS and Android to measure the effectiveness of paid advertising campaigns (Meta Ads and Google Ads). This measurement is limited to new-account signup and trial-start attribution.

• What events: a signup conversion (sign_up / fb_mobile_complete_registration) and a trial-start conversion (trial_started / StartTrial), sent once per new account.
• What data is shared: device advertising identifier when available, Firebase app instance ID, the event names and timestamps, standard Firebase lifecycle events for the current session, approximate geographic location derived server-side from your IP (city/region only — never GPS), and basic device information (model, OS version, locale).
• iOS control: the lawful basis is your explicit consent through Apple's App Tracking Transparency (ATT) prompt, shown the first time a new user account is verified. If you choose "Ask App Not to Track," no advertising-measurement events are sent and the SDKs are not initialized. You can later change this in iOS Settings → Privacy & Security → Tracking.
• Android control: Android does not show the Apple ATT prompt. Quotae declares the Google Play services Advertising ID permission (com.google.android.gms.permission.AD_ID) for conversion measurement. You can reset or delete the Advertising ID, or disable ad personalization, in Android Settings. Quotae remains usable if the Advertising ID is unavailable.