CounterCost
version 1.0

CounterCost Privacy Policy

Version: 1.0 Effective date: 2026-04-22 Status: Draft — counsel review pending

1. Scope

This policy describes how CounterCost ("we", "us") handles personal and business information collected when you use our service. It is the privacy companion to our Terms of Service. Section 2 of the Terms of Service ("Data Rights") is the controlling document for how aggregated quote data is used; that section is referenced rather than restated here.

2. Information we collect

Account information

  • Name, email, phone number you provide at signup
  • Organization name, location (city, state, ZIP, metro region)
  • Billing information (handled by our payment processor; we store

references, not card numbers)

Uploaded documents

  • Material price quotes, invoices, purchase orders, and related

documents you upload, including their parsed line items, supplier identifiers, prices, and commercial terms

Usage telemetry

  • Page views, feature usage, and error events (via Plausible and

Sentry) used to operate the product. Telemetry is aggregated; we do not sell individual usage data.

Communications

  • Support emails, chat messages with our agent, and any feedback you

submit

3. How we use information

To operate the service

Account information and uploaded documents are used to provide the core CounterCost service to you and your organization.

Aggregated market intelligence

Anonymized and aggregated data extracted from your uploaded documents may be used for market-intelligence purposes as described in Section 2 of the Terms of Service. That section is the load-bearing description of what is and is not shared in aggregated form. Read it before signing up.

In short:

  • Shared in aggregate: line-item product descriptions, prices,

supplier names, branch locations, quote dates, geographic regions, commercial terms.

  • Never shared: your organization's identity, your customers'

identities, job site addresses, your contact information, your supplier-specific contact details (your rep's direct line, your account number).

Communications

We may use your contact information to send service-related notices (account changes, security alerts, billing). We do not sell your contact information to third parties.

4. Address anonymization (enforced in code)

Job site addresses appearing on your uploaded quotes are stripped from every outbound communication CounterCost generates (RFQs, supplier- facing emails, third-party-visible artifacts). This is enforced by the MailProvider address-leakage guard in our codebase, not as a matter of policy. A unit test verifies this guard cannot be bypassed before any outbound mail-send feature ships.

5. How we store and protect information

  • All data is stored in PostgreSQL databases hosted by Supabase.
  • Row-Level Security (RLS) is enforced on contractor-facing schemas.
  • Only authorized CounterCost staff have access to backend systems,

and that access is audit-logged.

  • Internal access to your specific data is granted only when needed

to operate the service (e.g. an admin reviewing a parse error you reported) and is recorded in an internal audit trail.

6. Data retention

  • Account information: retained while your account is active;

deleted within 30 days of account closure.

  • Uploaded documents: retained per the retention policy associated

with your subscription tier (default: 90 days for raw documents).

  • Aggregated benchmarks: aggregated and anonymized data already

incorporated into benchmark calculations remains in the aggregated pool after account closure; it cannot be retroactively withdrawn without destabilizing benchmarks for every other contractor. See Section 2 of the Terms of Service.

7. Cookies and tracking

We use first-party cookies for authentication (Supabase session) and operational telemetry (Plausible). We do not use cross-site tracking cookies for advertising.

8. Your rights

You may at any time:

  • Request a copy of the personal information we hold about you
  • Correct inaccurate personal information
  • Close your account, triggering the deletion described in Section 6
  • Contact us at hello@countercost.com with privacy questions

9. Changes to this policy

We may revise this policy. The current version is always visible at /privacy. Material changes — particularly to Section 3 or to the data-rights description in the Terms of Service — require explicit re-acceptance inside the application.

10. Contact

Privacy questions: hello@countercost.com.