CupQuoteBack to Home

Privacy Policy

Last updated: April 7, 2026

1. Who We Are

CupQuote ("we", "our", "us") is a B2B sales and marketing platform operated by CupQuote Inc. We provide branded configurator and quote tools for compliance testing distributors. We are not a medical device and do not make diagnostic claims.

Contact: [email protected]

2. What Data We Collect

Account Data: When you sign up, we collect your name, email address, company name, and password (stored as a secure hash, never in plaintext).

Business Data: Panel configurations, pricing settings, branding preferences, saved test kit configurations, and embed settings you create within your dashboard.

Quote Request Data: When end-users submit quote requests through your branded configurator, we collect the information they provide: name, company, email, phone number, selected panels, quantity, and any custom form fields you have configured.

Payment Data: Billing information is processed and stored by Stripe. We store transaction records (amounts, dates, plan type) but never store credit card numbers.

Technical Data: IP addresses, browser type, and session tokens for authentication and security purposes.

3. Why We Collect It (Lawful Basis)

Contract Performance: To provide the configurator, generate quotes, deliver PDFs, and manage your account.

Legitimate Interest: To improve our service, detect fraud, and ensure platform security.

Consent: For optional communications such as product updates (you can opt out at any time).

Legal Obligation: To comply with tax, billing, and regulatory requirements.

4. How We Use Your Data

We use your data to: operate your account and dashboard; generate and deliver quote PDFs; send email notifications for quote requests; process payments; provide customer support; and improve our platform.

We do not sell, rent, or trade your personal data. We do not use your data for advertising. We do not build profiles of end-users who submit quote requests.

5. Third Parties

We share data only with service providers necessary to operate CupQuote:

  • Stripe — Payment processing
  • Digital Ocean — Cloud hosting and data storage
  • SMTP Provider — Transactional email delivery (quote notifications)

Each provider is bound by their own privacy policies and data processing agreements. We do not share data with any other third parties.

6. Data Storage & Security

Your data is stored on servers located in North America (Digital Ocean data centres). We protect your data with:

  • HTTPS encryption for all data in transit
  • Hashed passwords (never stored in plaintext)
  • Signed URLs for PDF access with automatic expiration
  • Two-factor authentication (TOTP) available for all accounts
  • Path traversal protection on file storage
  • Role-based access control (Owner, Admin, User)

7. Data Retention

We retain your data for the following periods:

  • Active accounts: Data is retained for the lifetime of your account.
  • Closed/lost leads: Automatically deleted after 2 years.
  • Quote PDFs: Automatically deleted after 1 year.
  • Audit logs: Retained for 3 years for security and compliance.
  • Deleted accounts: All data is permanently deleted upon account deletion.

8. Your Rights

Depending on your jurisdiction (GDPR, PIPEDA, CCPA/CPRA), you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Export: Download your data in a portable format (available in Dashboard Settings).
  • Correction: Update or correct your personal information at any time.
  • Deletion: Request permanent deletion of your account and all associated data.
  • Restrict Processing: Request that we limit how we use your data.
  • Object: Object to processing based on legitimate interest.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Cookies

CupQuote uses only essential cookies required for the service to function:

  • Session cookie: Authenticates your login session.
  • TOTP verification cookie: Confirms two-factor authentication (valid for 8 hours).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. International Transfers

If you are located in the EU or Canada, your data may be transferred to and processed in the United States or Canada where our servers are located. We ensure adequate protection through our hosting provider's compliance with applicable data protection frameworks.

11. Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users within 72 hours (GDPR requirement)
  • Notify the relevant supervisory authority as required by law
  • Provide details of the breach, data affected, and steps taken

12. Children

CupQuote is a B2B platform. We do not knowingly collect data from anyone under 18. If we learn we have collected data from a minor, we will delete it immediately.

13. Changes to This Policy

We may update this policy from time to time. We will notify account holders of material changes via email. The "Last updated" date at the top reflects the most recent revision.

14. Contact Us

For privacy-related inquiries, data requests, or complaints:

Email: [email protected]

You also have the right to lodge a complaint with your local data protection authority.

HomeTerms of Service© 2026 CupQuote