Privacy Policy

When you create a Hank account, we collect your business profile information — business name, owner name, phone number, and email address. When you create quotes, we store the quote data (customer details, line items, pricing) in our database. We also collect your logo if you choose to upload one. We do not collect personal data from your customers beyond what you enter when creating a quote (name, email, phone, address). When a customer views or approves a quote, we record the timestamp of that action.

Your data is used solely to provide the Hank quoting service: • Generating quote and invoice PDFs • Delivering quotes via email (through Resend) and SMS (through Twilio) • Displaying your dashboard and quote history • Sending you notifications when customers view or approve quotes We never sell your data to third parties. We do not use your data for advertising. We do not share your data with anyone except the service providers required to deliver quotes (Resend for email, Twilio for SMS).

All data is stored in Supabase (hosted on AWS infrastructure). We implement the following security measures: • Row-level security (RLS) ensures each user can only access their own data • Passwords are hashed using bcrypt and never stored in plain text • All connections use TLS/SSL encryption • API keys are separated into publishable (client-safe) and secret (server-only) • Edge Functions use service-role keys only on the server side • File uploads (logos) are restricted by MIME type and size limits (2MB)

When you send a quote, we share the quote PDF and a viewing link with your customer through our delivery partners: • Resend (email delivery) — processes the email and does not retain your data beyond delivery • Twilio (SMS delivery) — processes the text message according to their privacy policy The customer-facing quote approval page is a public URL secured by an unguessable UUID and HMAC verification code. No login is required for customers to view or approve quotes.

The Hank website uses essential cookies only — no tracking cookies and no advertising cookies. We use Umami for website analytics. Umami is a privacy-focused, open-source analytics tool that does not use cookies, does not collect personal data, and does not track users across websites. It records anonymous, aggregated page view data (page visited, referrer, browser type, country) to help us understand how the site is used. No IP addresses are stored. Umami is fully GDPR, CCPA, and PECR compliant. We do not use Google Analytics, Facebook Pixel, or any other tracking scripts.

You can: • Export your data at any time by contacting support@hankquotes.com • Delete your account and all associated data by contacting support@hankquotes.com • Update your business profile information at any time through the app settings Upon account deletion, all your data (quotes, customers, service items, profile) is permanently removed within 30 days. Backup copies may persist in encrypted backups for up to 90 days before automatic deletion.

We may update this privacy policy from time to time. When we make significant changes, we will notify you via email or in-app notification. The "last updated" date at the top of this page will always reflect the most recent revision.

For privacy questions, data export requests, or account deletion, email us at support@hankquotes.com.