Privacy Policy

This Privacy Policy explains how Quotelix processes personal data and business data in connection with Quotelix websites, support channels, and commerce apps, including Quotelix RFQ for Shopify.

Quotelix helps merchants collect quote requests, manage buyer details, send quote-related emails, generate quote documents, and prepare order-ready workflows. The exact data processed depends on how a merchant configures and uses the app.

When a merchant uses Quotelix to receive quote requests from buyers, the merchant is generally responsible for its own customer relationship and privacy notices. Quotelix processes buyer data to provide the app functionality requested by the merchant.

Merchant and store information: shop domain, store name, business contact details, locale, currency, app installation records, app configuration, subscription or plan status, and other information needed to authenticate, operate, and support the app.

Quote request information: buyer name, email address, phone number if provided, company name, tax or VAT information if provided by the buyer, message content, requested products, variants, quantities, product identifiers, quote status, merchant notes, and quote history.

Product and order workflow information: product titles, variant details, images or product references, quote line items, draft-order or order-related references created through the app, and information needed to keep quote workflows aligned with the merchant's store.

Email and document information: recipient and sender details, email subject and body content, delivery status, PDF quote details, timestamps, and related operational records used to send and troubleshoot quote communications.

Technical and security information: IP address, user agent, device and browser details, request logs, error logs, authentication events, webhook delivery records, and other diagnostics used to secure, maintain, and improve the service.

Support information: messages, screenshots, store details, contact information, and any other information a merchant provides when requesting support.

To install, authenticate, configure, and operate Quotelix for a merchant's store.

To collect quote requests from storefront forms and display them to the merchant in the app admin interface.

To store quote line items, buyer details, statuses, merchant notes, and quote history so merchants can manage requests.

To generate PDF quote documents and send transactional emails related to quote requests, quote responses, and app operations.

To create or support order-ready workflows, such as draft order preparation, when the merchant chooses to use those features.

To manage app plans, trials, subscriptions, limits, billing status, and plan changes through the relevant platform billing system.

To provide support, troubleshoot errors, monitor performance, prevent abuse, verify webhook authenticity, and maintain service security.

To comply with legal, platform, tax, accounting, security, and App Store review requirements.

Quotelix is designed to process only the information reasonably needed to provide quote request functionality and related merchant operations.

We do not intentionally collect sensitive personal data through quote forms. Merchants should not request or store sensitive data in quote messages unless they have a lawful and necessary reason to do so.

We do not sell personal data. We do not use buyer personal data for third-party advertising or unrelated marketing.

We use personal data only for the purposes described in this policy, for purposes disclosed to the merchant, or as otherwise required by law.

Merchants are responsible for telling their buyers how quote request data will be collected and used, and for obtaining any consent required by applicable law.

Merchants are responsible for configuring quote forms, requested fields, buyer-facing text, email content, product rules, and store workflows in a lawful and accurate manner.

If a buyer contacts a merchant about access, correction, deletion, objection, or other privacy rights, the merchant is responsible for responding to the buyer. Quotelix will provide reasonable assistance where the request relates to data processed by Quotelix.

For Shopify stores, Quotelix may process protected customer data such as buyer name, email, and phone number when that information is needed to provide quote request functionality.

Quotelix is intended to request only the protected customer data fields required for its quote workflow functionality. If a platform redacts data or limits access, some features may be unavailable or require merchant action.

Quotelix supports Shopify privacy compliance workflows, including the customers/data_request, customers/redact, and shop/redact webhook topics where required for public Shopify apps.

When Quotelix receives a valid platform privacy webhook or verified deletion request, we process it according to the applicable platform requirement and our retention rules.

Quotelix uses trusted service providers to operate the service. These providers may process data only as needed to provide their services to Quotelix.

Current core providers include Vercel for hosting and serverless infrastructure, Supabase for database and storage infrastructure, Resend for transactional email delivery, and Shopify platform APIs for Shopify app functionality, authentication, billing, and store workflows.

We may add, replace, or remove service providers as the product evolves, provided they are used for the purposes described in this policy and are subject to appropriate confidentiality, security, or data processing obligations.

Quotelix and its service providers may process information in countries other than the country where a merchant or buyer is located.

Where required, Quotelix relies on appropriate legal mechanisms and service-provider safeguards for international transfers, such as contractual obligations, data processing terms, and platform requirements.

We retain merchant account, app configuration, quote, email, document, and operational records for as long as needed to provide the service, support merchants, maintain security, comply with legal obligations, and preserve accurate business records.

Quote records may remain available while the app is installed so merchants can review quote history and customer communication. Merchants may request deletion of app data, subject to legal, security, platform, and backup-retention limitations.

After app uninstall, shop redaction, account closure, or a verified deletion request, we delete or anonymize applicable data within a reasonable period unless retention is required for legal, billing, security, dispute, or compliance reasons.

Backups and logs may persist for a limited period before automatic deletion or rotation, but are not used for active product functionality unless restoration is necessary for security, disaster recovery, or legal compliance.

We use practical administrative, technical, and organizational safeguards designed to protect information processed by Quotelix.

These safeguards include HTTPS/TLS in transit, managed encryption at rest where supported by our infrastructure providers, access controls, environment separation, limited operational access, webhook verification, and monitoring for errors and abuse.

No internet service is completely secure. Merchants are responsible for protecting their own store accounts, staff permissions, devices, and credentials.

Quotelix may use essential cookies, session storage, local storage, or similar technologies for authentication, embedded app operation, security, preferences, and basic functionality.

We do not use buyer quote data for third-party advertising cookies. If analytics or measurement tools are added in the future, this policy will be updated where required.

Depending on where a merchant or buyer is located, privacy laws may provide rights to access, correct, delete, export, restrict, or object to certain processing of personal data.

Merchants can contact Quotelix to request access, correction, deletion, export, or restriction of data associated with their store.

Buyers who submitted quote requests should contact the merchant first because the merchant controls the buyer relationship and store-facing privacy notices. If Quotelix receives a buyer request directly, we may ask for information needed to identify the merchant or route the request appropriately.

Quotelix is built for merchants and business commerce workflows. It is not directed to children and should not be used to knowingly collect personal data from children.

We may update this Privacy Policy as Quotelix changes, as platform requirements evolve, or as legal requirements change.

When we make material changes, we will update the date on this page and may provide additional notice through the app, website, or merchant support channels.