1. What We Collect
We collect information you provide when using PaintQuote AI:
- Account info: name, email, company name, phone, state, license number
- Audio recordings: voice notes you record at job sites. Processed by OpenAI Whisper for transcription, then deleted from processing servers
- Estimate data: client names, addresses, measurements, pricing
- Payment info: processed securely by Stripe. We never store card numbers
2. How We Use Your Data
- Generate painting estimates from your voice recordings
- Send estimates and invoices to your clients
- Process payments through Stripe
- Improve AI accuracy for your specific pricing patterns
- Send you notifications about estimate status changes
3. Service Providers
We use the following third-party services:
- Supabase: database and authentication
- OpenAI: audio transcription (Whisper API)
- Anthropic: data extraction (Claude API)
- Stripe: payment processing
- Twilio: SMS delivery
- Resend: email delivery
- Vercel: hosting
4. Voice Recordings & Biometric Data
When you use the voice recording feature:
- Consent: By pressing the record button, you explicitly consent to the capture and processing of your voice recording
- Purpose: Recordings are used solely to transcribe your spoken estimate notes into text via OpenAI Whisper
- Retention: Audio files are deleted from our servers after successful transcription. Only the text transcript is retained
- Biometric data: We do not extract, store, or analyze voiceprints, speech patterns, or other biometric identifiers from your recordings
- Third-party processing: Audio is processed by OpenAI's Whisper API. OpenAI does not retain audio data after processing per their data processing agreement
- Illinois residents (BIPA): Voice recordings are processed for transcription only. No biometric identifiers are collected, stored, or used for identification purposes under 740 ILCS 14
You may revoke consent by stopping the recording at any time. Previously processed transcripts can be deleted by deleting the associated estimate.
5. SMS Communications (TCPA)
PaintQuote AI sends SMS messages to your clients on your behalf when you choose "Send via SMS."
- Contractor responsibility: You are responsible for obtaining prior express written consent from your clients before sending SMS via our platform
- Opt-out: All SMS messages include "Reply STOP to opt out" per TCPA requirements
- Frequency: SMS is sent only when you explicitly trigger it — no automated marketing messages
- Costs: Standard message and data rates may apply to recipients
6. Data Security
All data is encrypted in transit (TLS 1.2+) and at rest. Row-level security (RLS) ensures you can only access your own data. Audio files are stored in private encrypted buckets accessible only to your account.
7. Data Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected users via email within 72 hours of discovering the breach
- We will notify the appropriate state attorneys general as required by applicable state laws
- The notification will include: nature of the breach, types of data affected, steps we're taking, and steps you can take to protect yourself
- We maintain security incident logs and conduct post-incident reviews
This policy complies with breach notification laws in all 50 US states, including California (Cal. Civ. Code §1798.82), New York (Gen. Bus. Law §899-aa), and Florida (Fla. Stat. §501.171).
5. Your Rights
You can:
- Access all your data at any time through the app
- Delete your estimates, clients, and invoices
- Delete your entire account and all data (in Settings → Danger Zone)
- Download all your data as JSON (in Settings → Privacy & Data)
6. We Do NOT
- Sell your data to third parties
- Use your pricing data to train AI models
- Share your client information with anyone
- Store audio recordings after transcription
7. Data Retention
We retain your data as follows:
- Signed estimates: 7 years (required by E-SIGN Act)
- Invoices & payments: 7 years (tax/accounting requirements)
- Audio recordings: Deleted after transcription is complete
- Transcripts: Retained as long as the associated estimate exists
- Account data: Retained until you delete your account
- Unsigned/expired estimates: Retained for 3 years, then may be deleted
8. Cookies & Tracking
- Session cookies (required): Keep you logged in. Deleted when you close your browser.
- Preference cookies (required): Store your cookie consent choice and UI preferences.
- Analytics cookies (optional): Help us understand usage patterns. Set only with your consent.
- Stripe cookies (third-party): Required for secure payment processing.
You can control cookies in your browser settings. Disabling required cookies may prevent login.
9. CCPA — California Residents
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Right to Know: Request what personal information we collect (use "Download All My Data" in Settings)
- Right to Delete: Request deletion of your personal information (use "Delete Account" in Settings)
- Right to Opt-Out: We do NOT sell your personal information to third parties
- Right to Non-Discrimination: We do not discriminate against users who exercise CCPA rights
To exercise any right, email privacy@paintquote.ai. We respond within 45 days.
10. Payment Security
Payment information is processed securely through Stripe, Inc., a PCI-DSS Level 1 compliant processor. We do NOT store credit card numbers, CVV codes, or ACH account data. All payment data is encrypted in transit using TLS 1.2+.