Skip to content
Quote Desk

Legal

Privacy Policy — Quote Desk

Last updated: 2026-05-19

Who we are

Quote Desk ("we", "our", "us") is a Shopify app published by Legitimate LLC. We provide quote / RFQ workflow, negotiated per-quote pricing, PO PDF parsing, and AI counter-offer drafting for Shopify merchants. This Privacy Policy describes what data we collect, how we use it, and the rights you have over it.

Data we collect from merchants who install our app

  • Shop identity: your myshopify.com domain, store name, and primary contact email.
  • Shopify session tokens: encrypted access tokens used to call the Shopify Admin API on your behalf.
  • B2B catalog data: company names, locations, contacts, catalog price data, and catalog references.
  • Order history: when you enable the AI counter-offer engine, we read your historical orders (line items, quantities, prices, dates) for the company being quoted. We do not store the full order; we store a compressed corpus (per-variant aggregates).
  • Quotes you create: line items, custom prices, expiry, notes, buyer email and name.
  • PO PDFs you upload: stored temporarily for parsing. Deleted within 30 days of parse completion unless you re-process them.

Data we collect from your B2B buyers

  • Buyer email and name as you enter them on a quote.
  • Open / accept / decline timestamps on quotes the buyer interacts with.
  • Buyer-side notes if entered on the buyer portal.

We do not collect IP addresses, browser fingerprints, or any other passive tracking data.

How we use this data

  • Operate the quote workflow you installed us for.
  • Generate AI counter-offer suggestions when you trigger them. The compressed corpus is sent to our LLM provider (OpenRouter) and not retained by them beyond the inference call.
  • Parse uploaded PO PDFs via our LLM provider (OpenRouter).
  • Bill you via Shopify Billing — we never see your payment card information; Shopify handles that entirely.
  • Email transactional notifications about quotes (sent / accepted / declined) via our email provider (Resend) when you've enabled that integration.

Subprocessors

We share data with the following processors strictly to operate the service:

  • Shopify — platform host, billing, OAuth.
  • Railway — application hosting and managed Postgres database.
  • Trigger.dev — durable background job execution (PO parse, counter-offer drafting).
  • OpenRouter — LLM gateway for PO parsing and counter-offer generation.
  • Resend (optional) — transactional email when enabled.
  • Sentry (optional) — error monitoring when enabled. Sentry receives stack traces but not user data.

Data retention

We retain your data for the lifetime of your install plus a 30-day reinstall window. After 30 days of being uninstalled, or upon receipt of a shop redact webhook from Shopify, we hard-delete every record we hold for your shop, including quotes, PO imports, pricing rules, and counter-offer suggestions.

On receipt of a customer redact webhook from Shopify, we anonymize the buyer email and name on every quote referencing that customer within 30 days.

GDPR / CCPA rights

EU and California residents have the right to access, correct, port, or delete personal data we hold about you. Email support@quote-desk.app with the request and proof of identity; we will fulfill within 30 days. You may also exercise these rights through your Shopify merchant via Shopify's data request and redact flows, which we honor automatically.

Security

All data is transmitted over TLS. Database storage is encrypted at rest by our hosting provider. Shopify session tokens are stored in our database in encrypted form. We do not store payment card numbers — billing is handled entirely by Shopify Billing. HMAC verification is enforced on every webhook we receive from Shopify; tampered payloads are rejected.

Children's privacy

Quote Desk is a B2B sales tool and is not directed at children under 13.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to the support address on record for your install, and the "Last updated" date above will change.

Contact

Questions: support@quote-desk.app
Legitimate LLC. Mailing address available on request.