Privacy Policy

Nole LLC, a Connecticut limited liability company doing business as "Tazzify" ("Tazzify", "we", or "us"), is the data controller for the personal information described below. You can reach our privacy team at privacy@tazzify.com.

From the contractor (account holder)

• Identifiers: name, email address, phone number, account ID
• Business information: business name, industry, mailing address, logo, line-item categories
• Account credentials: hashed password, multi-factor authentication factors (if enabled)
• Commercial information: subscription tier, billing history, Stripe customer ID
• Internet activity: device type, browser, IP address (truncated for analytics), pages viewed, AI usage counts
• Geolocation: approximate region (state-level) inferred from IP for compliance routing
• Inferences: opt-in / consent state for AI processing, marketing, cookies
• Feedback you submit through the in-app feedback form — the category you picked, optional rating, your free-text message, an optional screenshot you choose to attach, and the page you submitted from, app version, plan, and language. Never includes client or quote contents.

From the contractor's clients

• Identifiers: name, email address, phone number
• Service address: street, city, state, ZIP
• Quote contents the contractor entered about the job

We do not knowingly collect information from anyone under 18. Our age gate at signup blocks under-18 accounts. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Sensitive personal information

We do not collect sensitive PI as defined under CPRA (precise geolocation, race, religion, union membership, biometric identifiers, health data, sexual orientation, contents of mail/email/messages). Account credentials are stored hashed by our auth provider and used only for sign-in.

• Provide the service: create and store quotes, share them with clients, process payments
• Account security: authenticate sign-ins, detect abuse, rate-limit suspicious activity
• AI quote generation (Premium, opt-in only): send your description or photo to Anthropic's Claude API to draft line items
• Customer support: respond to your messages and bug reports
• Legal compliance: tax records, breach notification, fraud prevention
• Product improvement: aggregate, de-identified usage analytics

We share personal information only with the service providers required to deliver Tazzify, all of whom are bound by data processing agreements that prohibit using your data for their own purposes. The current list lives at /subprocessors and includes: Supabase (database & auth), Stripe (payments), Anthropic (AI), Resend (transactional email), Vercel (hosting), Home Depot and Lowe's (product search), and Intuit/QuickBooks (optional accounting export).

We may also disclose personal information when required by law (subpoena, court order) or to protect the rights, safety, or property of our users or the public. We will challenge over-broad requests and notify affected users when permitted.

• Active account data: as long as your account is open
• After account deletion: 30-day grace period during which deletion can be reversed, then hard-deleted from primary systems
• Quote records and tax-relevant subscription data: 7 years (US federal and state tax retention rules)
• Audit log entries: 24 months
• Backups: encrypted and rotated; deletions propagate within 90 days

All Tazzify users — regardless of state — have the rights below. Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, Kentucky, and Nebraska are explicitly granted these rights by state law; we extend them to everyone.

• Right to know what we collect, where it came from, and who we share it with
• Right to access a copy of your data (Settings → Privacy → Download my data)
• Right to correct inaccurate information (Settings → Profile)
• Right to delete your account and personal information (Settings → Privacy → Delete account)
• Right to opt out of AI processing of your inputs (Settings → Privacy)
• Right to opt out of analytics cookies (cookie banner)
• Right to non-discrimination — using these rights will never affect your access to features or pricing
• Right to designate an authorized agent to act on your behalf (contact privacy@tazzify.com)

We respond to verifiable requests within 45 days (extendable once by 45 days when needed). To verify your identity we may match the request to the email on file and ask you to sign in.

California "Shine the Light" (Civil Code §1798.83)

We do not disclose personal information to third parties for their own direct-marketing purposes, so there is nothing to disclose under §1798.83. If that ever changes, we will update this policy.

Do Not Sell or Share My Personal Information

We do not sell or share personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals and treat them as a valid opt-out request automatically.

• TLS 1.2+ for all network traffic
• AES-256-GCM encryption at rest for OAuth tokens and other secrets
• Row-Level Security on every Postgres table containing user data
• Multi-factor authentication available for all accounts
• Append-only audit log of sensitive events
• Sanitized operational error logs (no email, name, phone, IP, or message content) retained for 45 days to diagnose application failures
• Annual third-party penetration test
• Documented incident-response runbook with state-by-state breach notification timelines

If a security incident affects you, we will notify you in accordance with the breach-notification deadline in your state — typically 30 to 60 days, sometimes faster.

We use a small number of strictly-necessary cookies for authentication and CSRF protection. Optional analytics cookies (Vercel Analytics) are off by default and require your opt-in via the cookie banner. We do not use advertising cookies. We honor the GPC browser signal as a universal opt-out.

AI features are off by default. When you opt in, the description or photo you submit is sent to Anthropic's Claude API to draft a quote. Anthropic does not train on your inputs. Inputs and outputs are not retained by Tazzify beyond the immediate request, except for an aggregated request count used for rate limiting. Full details at /ai-disclosure.

Tazzify is for adult contractors. We do not knowingly collect data from anyone under 18 and verify age at signup. If you believe a minor has created an account, contact privacy@tazzify.com and we will delete it.

Tazzify is intended for use within the United States only. We do not knowingly offer the service to residents of the EU, UK, or Canada and we route around those regions at the edge. If you reach the service from outside the US, please do not use it.

When we make material changes we will notify account holders by email at least 14 days before the changes take effect, unless a faster change is required by law. The current version and effective date are at the top of this page; archived versions are available on request.

Privacy questions, rights requests, and security disclosures: Nole LLC d/b/a Tazzify, attn: Privacy, privacy@tazzify.com. A physical mailing address is available on request.