Last updated: June 17, 2026
This Privacy Policy (“Policy”) explains how the business running this Jorvio Quotes deployment (“we,” “us,” “Operator”) collects, uses, and shares personal information when you use the Service.
Visitors to our marketing site, account owners, team members you invite, people you give limited-access codes to (such as crew or co-operator codes), and your customers who use quote links, the customer portal, or payment pages we host for you.
Account and profile information. Name, email, company name, phone, login-related identifiers, language preference, business profile fields (including trade type and AI business context you provide), and billing-related details we need to run the product (for example, plan tier, usage counts, limits, extra seat quantities, and timestamps tied to any promotional access we have granted you).
Authentication data. Email addresses and authentication events tied to email/password, magic link, email one-time passcode, or Google sign-in through our authentication provider. We do not receive your Google password.
Subscription and plan changes. When you subscribe or change plans, Stripe processes payments and subscription records. We keep limited details from Stripe and our app (for example, subscription status, Stripe customer and subscription IDs, invoice references, scheduled plan changes, the result of any confirmation step, and timestamps when plans change) so we can bill you, show history in the app, and fix mistakes.
Stripe Connect (when you accept money from your customers through the product). If you connect your own Stripe Express account to take customer payments, Stripe collects the information it needs to verify you and your business directly from you during onboarding (such as your legal name, business details, beneficial-owner information, and bank account). We do not store your full identity-verification documents; we store your connected Stripe account ID and a small status signal Stripe sends us (for example, whether Stripe has marked your account as enabled to accept charges), and we use that to render the connect status in your settings.
Customer payments on quotes. When your customers pay on a quote, Stripe handles their card or wallet details. We may see and store payment status, the amount paid, deposit and balance state, the payment-intent and checkout-session IDs, the chosen payment method type (for example card, Apple Pay, Google Pay), whether a U.S. processing-fee pass-through was applied on deposit and/or balance checkout, the customer’s email when they submit it on the checkout page, and refund events, so we can show payment status in the app, drive post-payment automations you have turned on, and resolve disputes. We may also store Stripe webhook events needed for payment recovery and operational reliability.
Quote, job, and customer content. Proposal text, line items and prices, attachments, photos (which we may store in a Vercel-hosted blob bucket), signatures, scheduling fields, optional add-ons and change orders, messages you or your customers send through the Service, price-book entries, and audit-style events such as when a quote was viewed, signed, or accepted.
Public quote engagement telemetry. When someone opens a public quote link, we may record events such as views, link clicks, and change requests, along with the visitor’s IP address and browser user agent, to show you engagement in the product, run analytics features on eligible plans, and investigate abuse.
Customer portal data. If your customers use the customer portal, we process their email address, one-time login codes, optional portal password registration and email confirmation, portal session cookies, and the quotes/jobs tied to their email so they can sign in and see their history. Portal customers may delete their portal account separately from your contractor account.
AI feature inputs and outputs. When you use an AI-assisted feature (such as the quote assistant, AI quote review, AI quote generator, decision-section pre-fill, photo or audio transcription, in-app help chat, public-quote translation, company-site AI editing, or the AI quote coach), we send the relevant inputs to our AI providers and store the resulting outputs alongside your account. Inputs may include line items and prices, scope text, notes, photos and audio submitted for transcription, your business profile and AI business context, your locale, your chat messages with the AI, company-site content you ask us to edit, and aggregated analytics summaries used by the coach. Help chat may use web search grounding for generic product help without sending your account data to the search provider beyond what is needed for that request. We route some AI requests between Anthropic and Google based on feature, complexity, cost, and availability. We do not intentionally send full payment card numbers or government identifiers to AI providers, and we ask that you not paste them into AI inputs.
In-app quote analytics. On eligible plans, we compute analytics such as sent/viewed/accepted counts, follow-up performance, and summaries that may feed AI coach features. These analytics are derived from your workspace data and are not sold to third parties as standalone marketing analytics.
Email automations. If you turn them on, we send certain emails on your behalf — for example follow-ups to customers about open quotes, post-payment acceptance confirmations, review-request emails after payment that point to the Google Business review URL you supply, scheduled quote-delivery emails, and balance-due reminders you trigger. We store enough state to schedule, send, and avoid double-sending those emails (such as scheduled-for timestamps, sent timestamps, per-quote overrides, and bounce or failure signals from our email provider).
Custom branding and company site content. Logos, brand color, vanity subdomain or custom quote-link subdomain on eligible plans, past-work photos, page sections, and other site content you publish. This content is rendered on customer-facing pages.
Team members and seats. If you invite coworkers, we store their account identifiers, membership role, and invite metadata. Extra paid seats are reflected in Stripe subscription quantities.
Crew, co-operator, and access codes. We store hashed (not plain-text) crew calendar and co-operator access codes, plus a short history of recent hashes, so that rotating a code revokes prior access while letting us and you investigate misuse for a brief window. Crew sessions use a separate signed session cookie scoped to crew calendar access.
Optional QuickBooks Online integration. If you connect QuickBooks Online, we store encrypted OAuth tokens, your Intuit realm/company identifier, selected default item identifiers, and sync metadata (such as QuickBooks customer and sales-receipt IDs and sync timestamps/errors). When sync runs, we send quote and customer fields needed to create accounting records in your QuickBooks company through Intuit’s API. Intuit is an independent controller for information you provide directly to Intuit during OAuth and in your QuickBooks account.
Website analytics. We use Vercel Web Analytics on our pages to collect privacy-oriented, cookie-light traffic metrics such as page views, visitor counts, referrers, and general device/browser/location breakdowns. This helps us understand how the marketing site and product pages are used. Vercel Web Analytics does not use cross-site tracking cookies for advertising.
Technical and security data. IP address, device and browser type, cookies or similar technologies used for security, sessions, fraud prevention, and understanding how the product is used, and basic audit records of important workspace actions such as plan changes, legal acceptance, and key billing events. We may store browser error reports (message, stack trace, URL, pathname, and user agent) when the client error reporter sends them so we can fix bugs.
Agreement and consent records. When you accept our Terms of Service or this Policy (including on signup or when we publish important updates and you accept again), we store a timestamped record tied to your account. That record can include the document version labels shown to you, a consent batch identifier (“epoch”) when we use one, the server time of acceptance, and the IP address and browser user agent sent with the acceptance request. We use this to show what was agreed to, operate re-accept flows, secure accounts, and resolve disputes. Operator-only internal tools may list recent acceptance events to operate the platform; that access is not a customer-facing feature.
Support messages and deletion feedback. What you send us through support or in-product contact, and optional reasons you provide when deleting an account.
Phone numbers. You may store customer or business phone numbers for your records. We do not send SMS or text messages and do not use phone numbers for marketing texts.
Local browser storage. Where enabled, draft quote data may be cached in your browser’s local storage so you can recover work if you lose connectivity. That data stays on your device until cleared or synced.
Abuse prevention and enforcement records. We may retain signup fingerprints, trial-abuse signals, banned-email fingerprints, and related security metadata to prevent fraud and repeat abuse, including for a period after account deletion where the law allows.
We use information to provide and improve the Service; verify accounts and enforce plan limits; process upgrades, downgrades (both scheduled and immediate), cancellations of scheduled changes, refunds where appropriate, and the end of promotional periods; route payment collection through your connected Stripe account; surface your Stripe Connect status; generate AI-assisted suggestions and summaries you can review and edit before using; send service emails (quotes, billing receipts, security notices, authentication messages) and, where you have enabled them, automated follow-ups, post-payment acceptance emails, review-request emails, scheduled quote deliveries, and balance reminders to your customers; render your company site and customer-facing pages; maintain audit logs of important workspace and billing actions; maintain records of agreement to our Terms and this Policy; measure site traffic through Vercel Web Analytics; diagnose errors; sync to QuickBooks Online when you connect it; comply with law; respond to valid requests; and resolve billing disputes.
Where GDPR or similar laws apply, we rely on performance of a contract, legitimate interests (for example securing accounts, billing integrity, fraud prevention, providing AI-assisted features you request, running the Stripe Connect flow you initiated, measuring site usage, and service reliability), consent where required, and legal obligation where that applies. Agreement records described above support contract formation, accountability, and security.
We share information with service providers that help us run the Service:
We require subprocessors to protect data in line with this Policy and the law. We do not sell personal information.
When you use Stripe Connect through the product, Stripe is independently a data controller for the identity-verification information and bank details you give them during onboarding; their processing is governed by Stripe’s own terms and privacy policy. When you use Google sign-in, Google’s identity terms apply to that authentication step. When you connect QuickBooks Online, Intuit’s terms and privacy policy apply to information processed in your QuickBooks account.
We keep information while your account is active and as long as we need it to run the Service, meet legal duties, resolve disputes (including billing and chargebacks), and enforce our agreements. AI inputs and outputs are stored alongside the related quote, message, or analytics record and follow the same retention as that record. Audit logs, agreement records, payment webhook records, signup/abuse-prevention records, and deletion feedback may be kept for a period consistent with those purposes even if you later delete your account, where the law allows. Backups may persist for a limited time. You can ask to delete your account; we may still need to keep some records for tax, accounting, security, fraud prevention, or legal reasons.
We use reasonable administrative, technical, and organizational safeguards, including transport encryption, access controls, scoped database row-level security policies, encryption-at-rest for sensitive integration tokens, hashing of access codes, rate limiting, and abuse detection on outbound channels. No system is perfectly secure.
We may process data in the United States and other countries where we or our vendors work, including when AI providers process inputs and outputs and when Stripe, Vercel, or our email provider operate in different regions. Where required, we use appropriate safeguards for cross-border transfers.
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, or to object to or limit some processing — including processing by AI features. Contact us to exercise those rights. You may also complain to a data protection authority. Some U.S. states give residents additional privacy rights; contact us with your state if you believe those apply.
The Service is not aimed at children under 13 (or the minimum age in your area). We do not knowingly collect personal information from children.
We may update this Policy, change the “Last updated” date, and give extra notice or ask for consent where the law requires.
For privacy requests, use the support or contact method published on this site.