Privacy Policy

1. Introduction

VisualBoston Inc. ("Company," "we," "our," or "us") operates TallyQuote, a voice-to-estimate application for contractors and tradespeople. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website at tallyquote.com, use our web application, mobile application, or any related services (collectively, the "Service").

This Privacy Policy applies to all users of the Service, including contractors, business owners, their employees, and the clients who receive estimates through the Service. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use the Service, and information from third-party sources.

2.1 Information You Provide Directly

• Account Registration Information: When you create an account, we collect your full name, email address, phone number (optional), and password or authentication credentials through our identity provider.
• Business Profile Information: Business name, business address, business phone number, business email, logo, license numbers, insurance information, service areas, and service offerings.
• Voice Recordings and Transcripts: Audio recordings you create through the voice recording feature, and the resulting text transcriptions generated from those recordings.
• Estimate and Proposal Data: Project names, project descriptions, scope of work, line items, quantities, unit costs, pricing, materials lists, labor estimates, timeline information, terms and conditions, and any notes or attachments you add.
• Client Information: Names, email addresses, phone numbers, mailing addresses, and job site addresses of your clients that you enter into the Service.
• Payment and Billing Information: When you subscribe to a paid plan, our payment processor Stripe collects your payment card information, billing address, and related financial information. We receive only limited information from Stripe, such as the last four digits of your card, card type, and billing address.
• Communications: When you contact us for support or otherwise communicate with us, we collect the content of those communications, including email addresses, phone numbers, and any attachments or files you send.
• Survey and Feedback Information: Information you provide in response to surveys, questionnaires, or feedback requests.
• Price Book Data: Your saved pricing templates, standard rates, materials costs, and service pricing information.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

• Device Information: Device type, operating system and version, browser type and version, unique device identifiers, device settings, and mobile network information.
• Log Information: Access times, pages viewed, features used, links clicked, IP address, referring URL, and the page you visited before navigating to our Service.
• Usage Information: Information about how you use the Service, including which features you use, how often you use them, your interactions with the interface, recording durations, and estimate creation patterns.
• Location Information: Approximate geographic location based on your IP address. If you enable location services, we may collect precise geolocation data from your device to provide location-based features such as auto-filling job site addresses.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. See Section 7 (Cookies and Tracking Technologies) for more details.

2.3 Information from Third-Party Sources

• Authentication Providers: If you sign up or log in using a third-party service (such as Google), we receive your name, email address, and profile picture from that service.
• Payment Processors: We receive transaction confirmations, subscription status, and limited payment information from Stripe.
• Analytics Providers: We may receive aggregated analytics data from third-party analytics services.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing and Improving the Service

• Create and manage your account
• Process and transcribe your voice recordings
• Generate estimates and proposals from your input
• Enable you to share estimates with your clients
• Process your subscription and payments
• Provide customer support and respond to your requests
• Improve, personalize, and expand the Service
• Develop new products, services, features, and functionality
• Understand and analyze how you use the Service

3.2 Communications

• Send you transactional emails (account verification, password resets, payment receipts)
• Send you Service-related announcements (maintenance, security alerts, feature updates)
• Send you marketing and promotional communications (with your consent, where required)
• Respond to your comments, questions, and support requests

3.3 Safety and Security

• Detect, prevent, and address fraud, abuse, and security issues
• Monitor and analyze trends, usage, and activities
• Enforce our Terms of Service and other policies
• Protect the rights, property, and safety of TallyQuote, our users, and others

3.4 Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from public authorities
• Protect against legal liability

4. AI Processing and Voice Data

TallyQuote uses artificial intelligence and machine learning technologies to provide core functionality. This section explains how we process your data using AI.

4.1 Voice Recording Processing

• Voice recordings are processed using Deepgram's speech-to-text technology to create text transcriptions
• Audio files are transmitted securely to Deepgram's servers for processing
• Deepgram processes recordings in accordance with their privacy policy and our data processing agreement

4.2 AI-Powered Estimate Generation

• Transcripts are processed using Anthropic's Claude AI to extract structured estimate data
• The AI analyzes your transcript to identify line items, quantities, materials, and pricing
• AI processing occurs on Anthropic's servers in accordance with their privacy policy and our data processing agreement

4.3 Important AI Disclosures

• No Training on Your Data: Neither we nor our AI providers use your voice recordings, transcripts, or estimate data to train AI models
• Human Review: AI-generated estimates may be reviewed by our team for quality assurance purposes, but this data is not used for training
• Accuracy: AI-generated content is provided for convenience and should be reviewed for accuracy before use
• Data Retention by AI Providers: Our AI providers may temporarily cache data during processing but do not retain it long-term for their purposes

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Vercel: Web hosting and infrastructure
• Neon: Database hosting and storage
• Clerk: Authentication and user management
• Stripe: Payment processing and subscription management
• Deepgram: Speech-to-text transcription
• Anthropic: AI processing for estimate generation
• Vercel Blob: File and media storage
• Resend: Transactional email delivery

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

5.2 Your Clients

When you share an estimate or proposal with a client, we share the estimate content (including project details, line items, pricing, and terms) along with your business information (business name, contact information, logo) with that client. You control when and with whom estimates are shared.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request). We may also disclose information to: (i) enforce our Terms of Service; (ii) protect our rights, privacy, safety, or property; (iii) protect the rights, privacy, safety, or property of our users or others; or (iv) respond to an emergency involving danger of death or serious physical injury.

5.4 Business Transfers

If VisualBoston Inc. is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5.6 Aggregated or De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

6. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security)
• Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using AES-256 encryption
• Secure Authentication: We use Clerk for secure authentication, supporting multi-factor authentication (MFA) and OAuth protocols
• Access Controls: We implement role-based access controls to limit employee access to personal information on a need-to-know basis
• Infrastructure Security: Our infrastructure is hosted on Vercel and Neon, which maintain SOC 2 Type II compliance and implement industry-standard security controls
• Regular Security Assessments: We conduct regular security reviews and vulnerability assessments
• Incident Response: We maintain an incident response plan to address potential security breaches
• Secure Development Practices: We follow secure coding practices and conduct code reviews

Despite these measures, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with the Service.

7.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly. These cookies enable core functionality such as authentication, session management, and security features. You cannot opt out of essential cookies.
• Functional Cookies: Remember your preferences and settings to provide enhanced functionality and personalization.
• Analytics Cookies: Help us understand how visitors interact with the Service by collecting and reporting information anonymously.

7.2 Third-Party Cookies

Some cookies may be placed by third-party service providers, such as Clerk (authentication), Stripe (payment processing), and analytics providers. These third parties may use cookies to collect information about your online activities over time and across different websites.

7.3 Managing Cookies

Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, some features of the Service may not function properly. You can also delete cookies that have already been set.

7.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Because there is no uniform standard for DNT signals, the Service does not currently respond to DNT browser signals or headers.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

8.1 Retention Periods

• Account Information: Retained while your account is active and for 30 days after account deletion to allow for account recovery
• Estimates and Proposals: Retained while your account is active. Deleted within 30 days of account deletion unless required for legal purposes
• Voice Recordings: Retained while your account is active. Automatically deleted within 30 days of account deletion
• Payment Records: Retained for 7 years as required by tax and accounting regulations
• Support Communications: Retained for 3 years to provide ongoing support and for quality assurance
• Log Data: Retained for 90 days for security and debugging purposes

8.2 Account Deletion

You may request deletion of your account at any time by contacting us at privacy@tallyquote.com. Upon receiving your request, we will delete your account and associated personal information within 30 days, except for information we are required to retain for legal, tax, or compliance purposes.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. This section describes your rights under various privacy laws.

9.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to certain exceptions
• Portability: Request a copy of your data in a structured, commonly used, machine-readable format
• Opt-Out of Marketing: Unsubscribe from marketing communications at any time using the unsubscribe link in our emails
• Account Settings: Update your account information and preferences through your account settings

9.2 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@tallyquote.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

10.1 Your California Rights

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, our business purpose for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10.2 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address, device identifiers)
• Commercial information (transaction history, subscription information)
• Internet or network activity (browsing history, interactions with the Service)
• Geolocation data (approximate location from IP address)
• Audio information (voice recordings)
• Professional or employment-related information (business name, business address)
• Inferences drawn from the above (usage patterns, preferences)

10.3 Submitting Requests

To submit a request, contact us at privacy@tallyquote.com or call us at the number listed in the Contact section. You may also designate an authorized agent to make a request on your behalf. We will verify your identity before processing your request.

11. Virginia, Colorado, Connecticut, and Utah Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have rights under your state's consumer privacy law, including:

• Right to Access: Confirm whether we are processing your personal data and access such data
• Right to Correction: Correct inaccuracies in your personal data
• Right to Deletion: Delete your personal data
• Right to Data Portability: Obtain a copy of your personal data in a portable format
• Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling

To exercise these rights, contact us at privacy@tallyquote.com. If we decline your request, you may appeal by contacting us with "Appeal" in the subject line.

12. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of their personal information. We do not currently sell personal information as defined under Nevada law. However, if you are a Nevada resident and would like to submit an opt-out request, please contact us at privacy@tallyquote.com.

13. European Economic Area, United Kingdom, and Swiss Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and similar laws.

13.1 Legal Bases for Processing

We process your personal data based on the following legal bases:

• Contract: Processing necessary to perform our contract with you (providing the Service)
• Legitimate Interests: Processing necessary for our legitimate interests (improving the Service, fraud prevention, marketing)
• Consent: Processing based on your consent (marketing communications, optional features)
• Legal Obligation: Processing necessary to comply with legal obligations

13.2 Your GDPR Rights

• Right of Access: Request access to your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request that we limit our processing of your data
• Right to Data Portability: Request a copy of your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority

13.3 International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers are located. When we transfer data outside the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

14. Children's Privacy

The Service is intended for use by businesses and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@tallyquote.com. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information from our servers.

15. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this Privacy Policy
• Notify you by email (if you have an account) or by posting a prominent notice on the Service
• Obtain your consent if required by applicable law

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy.

17. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

We will endeavor to respond to your inquiry within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority in your jurisdiction.