We may update this Privacy Policy from time to time. If we do, we will post the updated policy on this page and update the "Last Updated" date. Material changes will be communicated through the website or to your account email if you hold a paid plan.

We collect information you provide to us, information collected automatically when you visit the website, and limited information when you create a paid account.

• Contact information — name, email address, company, and message when you submit our contact form, request a demo, or email us directly.
• Account information — email address and billing details when you create a paid account. Payment card information is processed securely by Polar (our payment provider) via Stripe. We never store full card numbers.
• Usage information — pages visited, referring website, browser type, device type, and approximate location (derived from IP address) collected through Cloudflare Web Analytics.
• Communications — any information you send to us through email or other direct channels.
• Newsletter subscription — email address when you subscribe to product updates from the footer, contact form, or login page.

We use personal information for the following purposes:

• To respond to your enquiries, demo requests, and support questions.
• To create and manage your paid account, process payments, and deliver the Pro or Enterprise plan you have purchased.
• To send service-related communications such as payment receipts, account notifications, and licence updates.
• To send product updates and marketing emails if you have opted in. You can unsubscribe at any time using the link in each email.
• To improve the website and product based on usage patterns and feedback.
• To comply with legal obligations and enforce our agreements.
• We do not sell personal information. We do not use personal information for targeted advertising. Optional analytics (Google Analytics, Meta Pixel) are consent-only and default to denied.

We share personal information only with trusted service providers who need it to deliver the Services:

• Cloudflare — website hosting, CDN, and privacy-first analytics.
• Polar — payment processing for paid plans. Payments are handled securely by Polar via Stripe. Tax may be added at checkout based on your location.
• Resend — email delivery for account notifications, payment receipts, and newsletter distribution.
• Supabase — hosted authentication and workspace data for paid account holders. For free (Starter) users, no account is created and no data is sent to Supabase.
• We do not share personal information with advertisers, data brokers, or other third parties for marketing.

Users who choose to sign in with Google and grant Gmail API access can import RFQ emails directly into Kwantflow. This section explains how we handle Google user data.

• What we access — With your explicit permission, Kwantflow accesses only the Gmail messages you select for import. We do not read your entire inbox, and we do not access any other Google services.
• Why we need it — Selected email data is used solely to identify RFQ-related content and create project records within your local desktop workspace. This lets you move from an RFQ email to an estimate draft without manual re-entry.
• Where it stays — Google user data is processed on your local machine and stored in your local Kwantflow workspace. It is not uploaded to any server unless you hold a paid account, in which case limited workspace metadata (not message content) is stored for account and licence purposes.
• How we protect it — We do not sell Google user data. We do not share it with third parties. We do not use it for advertising, AI model training, creditworthiness checks, or any purpose other than providing the RFQ email import feature you requested.
• Revoking access — You can revoke Kwantflow's Gmail access at any time via your Google Account settings at https://myaccount.google.com/permissions.
• Limited Use — The use and transfer of information received from Google APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

Kwantflow is a local-first desktop application. All RFQ files, estimates, quotes, project data, setup libraries, and AI analysis remain in a local SQLite database and file vault on your machine. This data is not uploaded to any server unless you choose to create a paid account.

If you upgrade to a Pro or Enterprise plan, limited workspace metadata (workspace name, entitlement snapshot) is stored in our hosted auth service to anchor your account and licence verification. Your actual project files and estimates stay on your machine.

The AI engine runs entirely on your device using a local runtime. No project data, files, or prompts are sent to an external AI provider.

We take the security of your personal information seriously. We implement appropriate technical and organisational measures designed to protect your data, including encryption of data in transit (TLS) and access controls on hosted services.

Because the desktop application is local-first, your project data benefits from your own device-level security. Hosted account data is stored in a Supabase project with row-level security, encrypted connections, and restricted access.

We retain your account information for as long as you maintain an active paid account. Contact form submissions and related correspondence are retained for a reasonable period to handle follow-up enquiries. Newsletter subscriber email addresses are retained until you unsubscribe or request deletion.

You may request deletion of your personal information at any time by contacting us. Upon receiving a verified deletion request, we will delete the applicable personal information within a reasonable timeframe, unless retention is required or permitted by applicable law.

Starter users do not create an account, so we hold no personal information about free-tier users beyond any voluntary contact form submissions.

Depending on your location, you may have the following rights under applicable privacy law (including the Australian Privacy Act 1988):

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — request deletion of your personal information.
• Opt-out — unsubscribe from marketing emails using the link in any marketing email we send.
• Cookies — manage cookie preferences through your browser settings or our cookie banner.
• Do Not Track — our website currently does not respond to Do Not Track (DNT) browser signals.

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

• Email: hello@kwantflow.com
• Website: kwantflow.com/contact