Privacy Policy

Last Updated: October 26, 2025

Introduction

Welcome to Estimator Pro. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and Chrome extension (collectively, the "Services"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Services.

Information We Collect

Personal Information

We collect information that you voluntarily provide to us when you:

  • Create an account (email address, name)
  • Sign in using Google OAuth (email address, profile information)
  • Create and manage services, estimates, and supply items
  • Subscribe to our paid plans (payment information processed by Stripe)

Automatically Collected Information

When you use our Services, we automatically collect certain information about your device and usage:

  • Browser type and version
  • Operating system
  • IP address
  • Usage data and analytics (through PostHog)
  • Session information and authentication tokens

Chrome Extension Data

Our Chrome extension requires specific permissions to function properly:

  • Storage: To save your authentication token and extension preferences locally
  • Active Tab: To interact with Copilot CRM pages when you use estimate features
  • Scripting: To insert estimate data into Copilot CRM forms
  • Identity: For Google OAuth authentication

The extension only accesses and modifies data on Copilot CRM domains (*.copilotcrm.com) and does not collect or transmit information from other websites you visit.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Create and manage your account
  • Process your transactions and manage subscriptions
  • Authenticate your identity and maintain security
  • Generate and manage estimates for Copilot CRM
  • Send administrative information, updates, and security alerts
  • Analyze usage patterns to improve user experience
  • Respond to customer support requests
  • Comply with legal obligations

Data Storage and Security

Your data is stored securely using Supabase, a PostgreSQL-based database platform with enterprise-grade security. We implement the following security measures:

  • Row Level Security (RLS) policies to ensure data isolation between users
  • Encrypted connections (HTTPS/TLS) for all data transmission
  • JWT-based authentication with secure token storage
  • Regular security updates and monitoring
  • Password hashing using industry-standard algorithms

Despite our security measures, no electronic transmission or storage method is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Third-Party Services

We use the following third-party services:

Supabase

Database and authentication infrastructure.Supabase Privacy Policy

Stripe

Payment processing for subscriptions. We do not store your payment card details.Stripe Privacy Policy

PostHog

Analytics and product insights to improve our Services.PostHog Privacy Policy

Google OAuth

Optional authentication method using your Google account.Google Privacy Policy

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With third-party vendors who provide services on our behalf (Supabase, Stripe, PostHog)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection of Rights: To protect our rights, property, or safety, or that of our users

Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request transfer of your data in a machine-readable format
  • Opt-Out: Opt out of analytics tracking
  • Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us using the information provided below. You may also delete your account directly through the dashboard settings.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide our Services. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We ensure that such transfers comply with applicable data protection laws and that your information remains protected.

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Services and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We process your data based on:

  • Contract Performance: Processing necessary to provide our Services
  • Legitimate Interests: Analytics and service improvements
  • Legal Obligations: Compliance with applicable laws
  • Consent: Where you have provided explicit consent

CCPA Compliance (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights