Privacy Policy

Last updated: March 29, 2026

QuoteMe (“we”, “our”, “us”) is a Shopify application that enables B2B quote request management for Shopify merchants. This privacy policy explains how we collect, use, and protect information when you use our application.

1. Information We Collect

QuoteMe collects the following information as part of the quote request workflow:

• Customer information: Name, email address, and company name — provided voluntarily by customers when submitting a quote request.
• Cart data: Product variant IDs, quantities, titles, and prices of items included in the quote request.
• Order data: When a quote results in an order, we store the Shopify order ID, order name, and order value to link the order back to the quote.
• Usage events: We log events such as quote creation, link opens, cart restoration, and order placement for analytics purposes. No personally identifiable information is stored in event logs beyond optional customer IDs.

2. How We Use Information

We use collected information exclusively to:

• Process and manage quote requests on behalf of the merchant.
• Generate draft orders and invoices through Shopify's Admin API.
• Provide analytics and reporting to the merchant (quote statistics, win rates, order tracking).
• Fire Shopify Flow triggers for merchant-configured automations (e.g., email notifications).
• Send quote expiration reminders via scheduled background jobs.

3. Data Storage & Security

All data is stored in a secure PostgreSQL database hosted on Supabase with encrypted connections. We do not store Shopify access tokens beyond what the Shopify session framework requires. Database credentials are managed through environment variables and are never exposed in client-side code.

4. Data Sharing

We do not sell, rent, or share customer data with any third parties. Data is only accessible to:

• The Shopify merchant who installed the app.
• Shopify's platform (through standard API interactions and webhooks).

5. Data Retention & Deletion

Customer data is retained for as long as the merchant's app installation is active. When a merchant uninstalls QuoteMe, authentication sessions are immediately removed. All remaining associated data — including quote requests, customer information, share links, events, order records, and shop settings — is permanently deleted within 48 hours when Shopify issues the mandatory shop/redact compliance webhook.

6. GDPR Compliance

QuoteMe fully supports Shopify's mandatory GDPR webhooks:

• Customer data request: We acknowledge data access requests and can provide all data associated with a customer email.
• Customer redaction: Upon receiving a redaction request, we anonymize all customer personally identifiable information across quote requests, share links, events, and orders.
• Shop redaction: Upon app uninstall, all merchant and customer data is permanently deleted.

7. Cookies & Tracking

QuoteMe does not set any cookies on the storefront. We do not use any third-party analytics, advertising, or tracking services. The only client-side storage used is temporary cart attribute data (_sc_token) to link restored carts to their originating quote.

8. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated “Last updated” date.

9. Contact

If you have any questions about this privacy policy or your data, please contact us at: djordje.stojanovic.nis@gmail.com