1. Scope
This Policy applies to personal information processed by Estimatic AI as a controller for our website visitors, account holders, prospects, and end-users of public Estimatic AI pages. When we process personal information on behalf of a customer (for example, Customer Data submitted through their workspace), we act as a processor and our customer controls how that data is used.
2. Information We Collect
Information you provide directly
- Account information: name, email, phone, password, company, role, trade.
- Billing information: payment method (handled by our payment processors), billing address, tax ID.
- Profile and onboarding details: company name, service area, primary trade.
- Customer Data: estimates, line items, scopes, pricing, photos, and project records you submit.
- Communications: messages, support tickets, survey responses, and content you share with us.
Information collected automatically
- Device and log data: IP address, device identifiers, browser type, OS, language, referrer, pages viewed, timestamps.
- Usage data: features used, clicks, AI prompts, AI outputs, errors, performance metrics.
- Cookies and similar technologies: see our Cookie Policy.
- Approximate location derived from IP address.
Information from third parties
- Identity providers (e.g., Google) when you sign in with a third-party login.
- Integrations you authorize (CRMs, accounting systems, suppliers, telephony providers).
- Payment processors and fraud-prevention providers.
- Marketing, enrichment, and analytics partners.
3. How We Use Personal Information
We use personal information to:
- provide, operate, secure, support, and improve the Services;
- create and manage your Account, authenticate users, and prevent fraud;
- process transactions, payments, refunds, taxes, and chargebacks;
- provide AI features, including generating, ranking, and improving AI outputs;
- send transactional messages, security alerts, service updates, and one-time codes;
- send marketing communications where permitted, including product updates and offers;
- monitor performance, debug, and conduct analytics;
- comply with law, legal process, and contractual obligations;
- enforce our Terms and protect rights, property, and safety.
4. Legal Bases (EEA / UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract, our legitimate interests (operating, improving, and securing the Services), compliance with legal obligations, and your consent (for example, for certain marketing and cookies). You may withdraw consent at any time without affecting prior processing.
5. How We Share Personal Information
- Service providers and subprocessors who help us operate the Services (cloud hosting, analytics, AI providers, email delivery, SMS providers, payment processors, fraud prevention, error tracking).
- Integrations you authorize, such as CRMs, accounting systems, telephony providers, and supplier APIs.
- Within your organization: account owners and administrators may access your usage and Customer Data for that workspace.
- Compliance and safety: to comply with law, respond to legal process, enforce our Terms, prevent fraud, or protect rights, property, and safety.
- Business transfers: in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to confidentiality.
- Aggregated or de-identified data that does not identify you.
We do not sell personal information for money.
6. AI Processing
AI features process inputs (including prompts and selected Customer Data), context, and metadata to generate outputs and improve quality. We use enterprise AI providers under contractual terms intended to limit use of inputs and outputs to providing the Services. AI outputs may be inaccurate or unsuitable; you remain responsible for reviewing and validating them.
7. Google User Data (Google API Services)
When you sign in with Google or connect a Google account (for example, Google Sign-In or any future Google Workspace integration), Estimatic AI’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This section describes, specifically, how we access, use, store, share, retain, and delete Google user data.
7.1 Google data we access
When you choose “Continue with Google” we request only the following OAuth scopes:
- openid — to authenticate you and create a stable account identifier.
- https://www.googleapis.com/auth/userinfo.email — your primary Google email address, used as your Estimatic AI account login.
- https://www.googleapis.com/auth/userinfo.profile — your basic profile (name, profile picture URL, locale) used to populate your Estimatic AI profile.
We do not request access to Gmail, Google Drive, Google Calendar, Google Contacts, Google Photos, or any other Google user data. If we ever add an integration that requires additional scopes, we will request your explicit consent at the time of connection and update this Policy before the feature is enabled.
7.2 How we use Google user data
The information we receive from Google is used solely to:
- create, authenticate, and secure your Estimatic AI account;
- display your name, email, and avatar in the Estimatic AI app;
- send transactional and security communications related to your account; and
- provide the user-facing features you request (for example, signing back in, recovering access, or being invited to a workspace).
We do not use Google user data to serve advertisements, build advertising profiles, train generalized AI/ML models, or for any purpose unrelated to providing and improving the user-facing features of Estimatic AI. We do not allow humans to read Google user data except (a) with your explicit consent, (b) for security investigations (e.g., abuse, fraud, or to comply with law), or (c) where the data has been aggregated and anonymized and is used for internal operations.
7.3 How we share Google user data
We do not sell Google user data and we do not share Google user data with third parties for their own marketing or advertising. Google user data is only shared with the limited set of subprocessors strictly required to operate Estimatic AI:
- Cloud hosting and database providers (e.g., Cloudflare, Supabase) that store account records on our behalf under written data processing terms.
- Email delivery providers used to send authentication, security, and transactional messages to the email address Google provided.
- Members of your workspace, where your name, email, and avatar are visible to other authorized members of an Estimatic AI organization that you join or are invited to.
- Law enforcement or regulators when we are legally required to disclose information, or to protect rights, property, and safety.
7.4 Storage and protection of Google user data
Google profile fields (Google account ID, email, name, avatar URL, locale) are stored in our managed Postgres database hosted in the United States. Access is restricted by role-based access control, network policies, and audit logging. OAuth tokens issued by Google are encrypted at rest, scoped to the minimum permissions described above, and are never exposed to client-side code. All traffic between your browser, Google, and Estimatic AI is protected with TLS.
7.5 Retention and deletion of Google user data
We retain Google user data for as long as your Estimatic AI account is active. You can:
- Disconnect Google at any time from Account Settings → Sign-in methods, which removes the link between your Estimatic AI account and your Google account and deletes the stored Google OAuth tokens.
- Delete your account from Account Settings → Delete account, or by emailing privacy@estimatic.ai. Within 30 days of a deletion request we permanently delete your Google user data and associated personal information from our production systems; residual copies may persist in encrypted backups for up to 90 additional days before being overwritten on our standard backup rotation.
- Revoke Estimatic AI’s access to your Google account at any time at myaccount.google.com/permissions.
For any question about Google user data — including access, correction, export, or deletion — contact privacy@estimatic.ai and we will respond within 30 days.
8. Cookies and Tracking
We use cookies and similar technologies for authentication, preferences, security, analytics, and (where permitted) advertising. See the Cookie Policy for details and how to manage your choices.
9. Data Retention
We retain personal information for as long as your Account is active and for a reasonable period afterward, subject to our retention schedules, legal obligations, backup cycles, fraud prevention needs, and dispute resolution needs. Aggregated or de-identified data may be retained longer. You may request deletion of your personal information at any time by emailing privacy@estimatic.ai; production data is removed within 30 days and backup copies are overwritten within 90 days on our standard rotation.
10. Security
We use commercially reasonable administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, logging, secret management, and least-privilege practices. No system is perfectly secure. You are responsible for safeguarding your credentials and enabling multi-factor authentication where available.
11. International Transfers
We may transfer personal information to the United States and to other countries where we and our service providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses.
12. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict the processing of your personal information; to object to certain processing; to opt out of targeted advertising or sales/sharing as defined under applicable law; and to lodge a complaint with a supervisory authority.
To exercise these rights, contact privacy@estimatic.ai. If your request relates to Customer Data submitted to a customer’s Account, we will refer you to that customer (the controller) and assist as required by law.
13. U.S. State Privacy Disclosures
Residents of California, Colorado, Connecticut, Virginia, Utah, and other U.S. states with comprehensive privacy laws may have specific rights, including the right to know, correct, delete, opt out of certain processing, and limit the use of sensitive personal information. We honor verifiable consumer requests as required by applicable law and do not discriminate against you for exercising your rights.
14. Children
The Services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe we have collected information from a child, contact privacy@estimatic.ai and we will take appropriate steps.
15. Marketing Choices
You can opt out of marketing emails by using the unsubscribe link in our emails or by contacting us. You can opt out of marketing SMS by replying STOP to any marketing SMS. We will continue to send transactional messages (e.g., security codes, billing notices) as needed to provide the Services.
16. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email, in-app notice, or other reasonable method. The “Last updated” date above indicates when this Policy was last revised.
17. Contact
Questions about this Policy: privacy@estimatic.ai.
Estimatic, Inc., 1317 Edgewater Drive, Suite 719, Orlando, FL 32804.
