KVOTA← Back to Kvota

Privacy Policy

Last updated: March 18, 2026

Kvota (“we,” “our,” or “us”) operates the Kvota mobile application and website (kvota.app). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Information You Provide

  • Account information: Name, email address, phone number, and business details (business name, address, logo, trade/industry) when you create an account.
  • Authentication data: If you sign in with Apple, we receive your Apple user ID and, optionally, your name and email address.
  • Client information: Names, email addresses, phone numbers, and addresses of your clients that you add to the app.
  • Financial data: Quotes, invoices, change orders, payment amounts, rates, tax configurations, and payment method details you configure (e.g., Venmo handle, bank name).
  • Voice recordings: When you use voice input, your audio is temporarily processed to transcribe your description into structured data. We do not store raw audio recordings after transcription.
  • Documents and signatures: Documents you create and electronic signatures collected from your clients via share links.
  • Uploaded files: Receipt photos, business logos, and other files you upload.
  • Terms and conditions: Custom terms you configure for your documents.

Information Collected Automatically

  • Device information: Device type, operating system, and app version for compatibility and debugging.
  • Usage data: Basic app performance and crash data to improve reliability.
  • Push notification tokens: If you enable notifications, we store your device token to deliver alerts.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Kvota service
  • Generate quotes, invoices, and change orders from your descriptions
  • Process voice input into structured document data
  • Deliver documents to your clients via share links and email
  • Send payment reminders on your behalf
  • Calculate financial summaries, effective rates, and project analytics
  • Send push notifications for scope alerts, payment reminders, and document updates
  • Improve and optimize the app experience
  • Respond to customer support requests
  • Comply with legal obligations

Third-Party Services

We use the following third-party services to operate Kvota:

  • AI Processing: We use Google Gemini, OpenAI (GPT and Whisper), and Anthropic Claude to process your text and voice descriptions into structured document data. Your input is sent to these services for processing but is not used to train their models.
  • Database and Storage: Supabase (PostgreSQL database and file storage) hosts your data in secure cloud infrastructure.
  • Hosting: Vercel hosts our API and web pages.
  • Email: Resend delivers transactional emails (document delivery, reminders).
  • Payments: Stripe processes subscription payments. We do not store your credit card information — Stripe handles this directly.
  • Authentication: Apple provides Sign in with Apple authentication services.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Client signatures and signed documents may be retained longer to maintain the legal validity of executed agreements.

Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure token-based authentication (JWT)
  • Database-level access controls
  • Secure file storage with access controls

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data, subject to legal retention requirements.
  • Portability: Request your data in a portable format.
  • Opt-out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, contact us at privacy@kvota.app.

For Users in the European Economic Area (EEA)

We process your data based on the following legal bases:

  • Contract performance: To provide you with the Kvota service.
  • Legitimate interest: To improve our service and ensure security.
  • Consent: For optional features like push notifications.

You have the right to lodge a complaint with your local data protection authority.

For Users in California (CCPA)

California residents have the right to:

  • Know what personal information is collected and how it is used.
  • Request deletion of personal information.
  • Opt out of the sale of personal information. We do not sell your personal information.

Children's Privacy

Kvota is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app or sending you an email. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, contact us at: