Estora Privacy Policy

Last updated: April 10, 2026

This Privacy Policy explains how ShiftFlow Inc., operating Estora (“Estora,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information when you visit our websites, create or use an Estora account, submit quote or estimate information, connect integrations, or otherwise use our products and services (the “Services”).

If you use Estora through a business account, that business is our customer and controls the workspace. If you are located in a region with additional privacy rights, those rights apply as described in this Policy and under applicable law.

1. Scope and roles

This Policy applies to:

  • Website visitors who browse our marketing site or contact us
  • Customers and administrators who create and manage Estora workspaces
  • Authorized users who access Estora under a customer account, such as owners, estimators, operators, admins, and sales staff

Our role depends on the context:

  • Estora as controller. We act as controller for our marketing site, account creation, billing, product analytics, security, and similar business operations.
  • Estora as processor or service provider. For customer workspace data, including job details, quote drafts, uploads, and client-facing materials entered into the product, we generally process data on behalf of the customer that controls the workspace.
  • Customer as controller. The customer decides what information to upload, which users can access the workspace, which integrations to enable, and how long records should be retained.

If you use Estora through your employer or another business, direct privacy requests about workspace data to that business first.

2. Information we collect

We collect personal information in the categories below, depending on how you use the Services and what features are enabled.

2.1 Information you provide directly

  • Contact information such as name, email address, phone number, company name, and trade or industry
  • Account details such as login credentials, role, team membership, and workspace preferences
  • Communications you send to us, including support requests, demo requests, feedback, and attachments
  • Billing or commercial information needed to manage subscriptions and invoices

2.2 Customer workspace and quote data

Customers and authorized users may upload or generate information such as:

  • Job descriptions, scope notes, measurements, exclusions, line items, pricing, and quote terms
  • Customer or prospect information entered into the workspace, such as names, business names, addresses, phone numbers, and email addresses
  • Attachments such as photos, documents, templates, prior quotes, intake notes, or other uploaded files
  • Quote workflow data such as revisions, approval status, signature state, comments, and activity history

2.3 AI inputs and outputs

If you use AI-assisted features, we may process:

  • Prompts, instructions, and uploaded context submitted to generate quote drafts
  • Structured outputs such as scope sections, line items, pricing suggestions, summaries, exclusions, and related drafting assistance
  • Feedback signals such as edits, acceptance, rejection, or reuse patterns that help improve product quality and workflow performance

2.4 Information collected automatically

We and our service providers may automatically collect:

  • Device, browser, and operating system information
  • IP address, approximate location derived from IP, language, and time zone
  • Log, diagnostic, crash, and performance data
  • Product usage data such as page views, clicks, feature interaction, session data, and referral sources

2.5 Information from third parties

We may receive information from:

  • Identity, authentication, or single sign-on providers
  • Payment processors and billing providers
  • Analytics, support, and communications providers
  • Integrations that customers choose to connect, such as CRM, email, storage, or workflow systems

We do not require government-issued identification, Social Security numbers, biometric templates, or similarly sensitive identifiers for core Estora functionality.

3. How we use personal information

We use personal information to:

  • Provide, operate, maintain, and support the Services
  • Authenticate users and manage accounts, permissions, subscriptions, and billing
  • Generate, structure, review, deliver, and track quote and estimate workflows
  • Improve product performance, reliability, and usability
  • Monitor, investigate, and prevent fraud, abuse, security incidents, and violations of our terms
  • Communicate with you about product usage, support, service notices, and updates
  • Comply with legal obligations and enforce our agreements
  • With consent or where permitted by law, send marketing or promotional communications

We may also use aggregated or de-identified information to operate, analyze, improve, and promote the Services, provided that the information does not identify you or your business.

4. How AI processing works

Estora includes AI-assisted features designed to help users draft and structure quotes more quickly. When these features are used:

  • prompts, uploads, and related context may be processed by Estora and by service providers acting on our behalf;
  • generated output may reflect the input data, instructions, and product configuration supplied by the customer or user;
  • output should always be reviewed by the customer before it is sent to a prospect or used as an operational record.

Customers are responsible for deciding what data to submit to AI-assisted features and for reviewing generated outputs for accuracy, completeness, pricing correctness, contract suitability, and legal or business compliance.

5. How we disclose personal information

We may disclose personal information to:

  • Service providers that host, support, secure, analyze, or help deliver the Services
  • AI and infrastructure providers that process requests on our behalf to provide product functionality
  • Integration partners connected by the customer or user
  • Workspace administrators and authorized users according to customer-controlled roles and permissions
  • Professional advisors, regulators, or authorities when necessary to comply with law or protect rights, safety, and security
  • Successors or transaction counterparties in connection with a merger, financing, acquisition, restructuring, or sale of assets

We do not sell personal information for money. If we ever use advertising or analytics practices that constitute “sharing” under applicable law, we will provide any rights and disclosures required by law.

6. Cookies and similar technologies

We use cookies and similar technologies to:

  • keep you signed in;
  • remember settings and preferences;
  • understand how the website and product are used;
  • improve performance and security.

You can control cookies through your browser settings. Depending on your region, you may also be presented with cookie choices or similar consent tools.

7. Data security

We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, logging, encryption in transit, and service monitoring. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

You are responsible for protecting your credentials and for using the Services in a secure manner.

8. Your choices and rights

Depending on your relationship to Estora and where you live, you may have rights to:

  • access personal information we control about you;
  • request correction or deletion of certain information;
  • object to or limit certain processing;
  • opt out of certain marketing communications;
  • request a copy of certain data in a portable format;
  • appeal a denied privacy request where applicable law provides that right.

If your request relates to customer workspace data, contact the customer that controls the workspace first. For data we control directly, contact us at legal@shiftflow.app.

You can also:

  • unsubscribe from marketing emails using the link in the message;
  • disable cookies using browser controls;
  • stop using the Services at any time.

9. Data retention

We retain personal information for as long as reasonably necessary to:

  • provide the Services;
  • maintain security and business records;
  • comply with legal obligations;
  • resolve disputes;
  • enforce our agreements.

Workspace data retention may depend on the customer’s subscription, configuration, and product settings. After account termination or deletion, we may retain limited records for backup, audit, security, fraud prevention, or legal compliance purposes for a limited period.

10. International data transfers

We are based in the United States and may process or store information in the United States or other countries where we or our service providers operate. When required by law, we use appropriate transfer mechanisms and contractual safeguards for international data transfers.

11. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information to us unlawfully, contact us and we will take appropriate steps.

12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice, such as by posting the updated Policy on our site, sending an email, or presenting an in-product notice where appropriate. The updated version becomes effective on the date stated above.

13. Contact us

If you have questions or requests about this Privacy Policy, contact:

Estora
ShiftFlow Inc.
Email: legal@shiftflow.app