Privacy Policy
Last updated: April 28, 2026
1. Introduction
FloorQuote Pro ("we," "us," or "our") operates the website at floorquote.us and the FloorQuote Pro software-as-a-service application (the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect information when you use our Service.
By using FloorQuote Pro, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect the following types of information:
- Account information: name, email address, password (hashed), and company name.
- Business data you create: customer contact details, project measurements, quotes, invoices, pricing, and notes you enter into the Service.
- Payment information: processed securely by Stripe. We do not store credit card numbers on our servers.
- Usage data: pages viewed, features used, and timestamps. We use this only to improve the Service.
- Connected service data: if you connect a third-party account (such as Google Gmail), we receive limited information from that service as described below.
3. Google User Data
FloorQuote Pro offers an optional integration that lets users connect their Google (Gmail) account so that quote and invoice emails can be sent to their customers from their own Gmail address. This section discloses, in detail, exactly how FloorQuote Pro accesses, uses, stores, and shares Google user data, in compliance with the Google API Services User Data Policy (including the Limited Use requirements).
3.1 Data Accessed (Google scopes requested)
FloorQuote Pro requests access to the minimum scopes required to send email on the user's behalf. We do not request, access, read, modify, or delete any other Google data — no Gmail inbox messages, no Drive files, no Calendar events, no Contacts, no Photos, no profile picture, and no other Google services.
https://www.googleapis.com/auth/gmail.send
A restricted Gmail scope that grants permission to sendemails on the user's behalf via the Gmail API. It does notgrant permission to read, modify, or delete any messages in the user's mailbox. The only data FloorQuote Pro generates with this scope is the outbound message itself (recipient, subject, body, and attached PDF), which the user composes inside our app.https://www.googleapis.com/auth/userinfo.email
A non-sensitive scope that returns the user's primary Google account email address (e.g., name@gmail.com) and Google account ID. This lets us label the connected account in the app's Settings page ("Connected as name@gmail.com") so users can verify they connected the correct account.openid
Required by Google's OAuth 2.0 implementation to issue the access and refresh tokens used by the two scopes above. No additional data is read.
3.2 Data Usage (how we use the data and why)
We use Google user data solely to provide the email-sending feature that the user explicitly initiates from inside our application. There is no other use.
| Data type | How we use it | Purpose |
|---|---|---|
| Google account email address | Stored in our database (associated with the user's company) and displayed in the user's Settings → Email page. | To show the user which Google account is currently connected to FloorQuote Pro, so they can verify or disconnect it. |
| OAuth access token (gmail.send) | Stored encrypted (AES-256-GCM) in our database. Used at runtime to authorize a single API call to gmail.googleapis.com/gmail/v1/users/me/messages/send when the user clicks "Send Email" on a quote or invoice in the app. | To send the user-composed email (with attached PDF) from the user's connected Gmail address to a recipient that the user has specified inside our app. |
| OAuth refresh token | Stored encrypted (AES-256-GCM) in our database. Used only to exchange for a new access token when the previous one expires (typically every hour). | To keep the user signed in to the integration without requiring them to re-authenticate for every email they send. |
We do not use Google user data for any of the following: advertising, machine learning or AI model training, marketing, profiling, analytics, resale, or any purpose unrelated to sending the email the user explicitly requested.
3.3 Data Storage and Security
- Encryption at rest: Both the OAuth access token and refresh token are encrypted with AES-256-GCM before being written to our database. The encryption key is stored as an environment variable that is never written to source control or shared with any third party.
- Encryption in transit:All requests to Google APIs are made over HTTPS (TLS 1.2+). All requests between the user's browser and our servers are made over HTTPS.
- Access control:Tokens are stored in a Supabase (PostgreSQL) database protected by Row-Level Security policies. Only the user's own company can access its row.
- Hosting: Our infrastructure runs on Vercel and Supabase, both of which are SOC 2 Type II compliant.
3.4 Data Sharing
We do notshare Google user data with any third parties. The user's Google email address and OAuth tokens never leave our infrastructure except in the single, scoped API call to gmail.googleapis.com that is required to send the email the user explicitly requested. No analytics, advertising, or marketing services have access to Google user data.
3.5 Data Retention and Deletion
Google OAuth tokens are retained only for as long as the user keeps the Gmail integration connected. When the user clicks "Disconnect" on the Settings → Email page, both the access token and refresh token are immediately deleted from our database, and we send a revocation request to Google's OAuth server. Tokens are also deleted if the user's account is deleted. Users may additionally revoke FloorQuote Pro's access at any time directly from Google Account permissions.
3.6 Limited Use Disclosure
FloorQuote Pro's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide or improve user-facing features (in this case, sending email on the user's behalf) that are prominent in the requesting application's user interface.
- We do not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
- We do not allow humans to read Google user data, except (a) with the user's affirmative agreement for specific messages, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized.
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior notice to affected users.
- We do not use Google user data to develop, improve, or train generalized or non-personalized AI and/or machine learning models.
- We do not sell Google user data — ever.
4. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the Service.
- Process payments and manage subscriptions through Stripe.
- Send transactional emails (account confirmations, password resets, billing notices).
- Respond to support requests.
- Detect and prevent fraud, abuse, or security incidents.
- Improve the Service through aggregated, anonymized usage analysis.
We do notsell your personal data, your customers' data, or your quote data to third parties. We do not use your data to train artificial intelligence or machine learning models.
5. Data Storage and Security
Your data is stored on infrastructure provided by Supabase (PostgreSQL) and Vercel, both of which maintain industry-standard security practices including encryption in transit (TLS) and at rest. We use Row-Level Security policies to ensure each company can only access its own data.
While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for keeping your account password confidential.
6. Third-Party Services
We use the following third-party services to operate FloorQuote Pro:
- Supabase — database, authentication, file storage
- Vercel — application hosting
- Stripe — payment processing
- Resend — transactional email delivery (when Gmail is not connected)
- Google APIs — Gmail sending (when you connect your Google account)
Each of these services has its own privacy policy. We share only the minimum information necessary for them to perform their function.
7. Your Rights and Choices
You have the right to:
- Access and download your data at any time from the Service.
- Correct or update inaccurate information in your account settings.
- Delete your account and all associated data by contacting us at support@floorquote.us.
- Disconnect any third-party integration (Gmail, Stripe billing portal) at any time.
- Revoke FloorQuote Pro's access to your Google account directly from Google Account permissions.
8. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are legally required to retain certain records (e.g., billing records for tax purposes). Backups containing your data are rotated and overwritten within 90 days.
9. Children's Privacy
FloorQuote Pro is intended for use by businesses and is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will be communicated by email or in-app notification.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us at support@floorquote.us.