Privacy Policy
Effective Date: May 2, 2026
Last Updated: May 2, 2026
This Privacy Policy ("Policy") describes how FasterQuotes ("FasterQuotes," "we," "us," or "our") collects, uses, shares, and protects information in connection with our website at fasterquotes.io and our AI-powered RFQ extraction service (collectively, the "Service"). The Service extracts structured data from logistics Request-for-Quote (RFQ) emails on behalf of the customer who connected the mailbox or configured the inbound forwarding address.
Questions about this Policy go to privacy@fasterquotes.io.
Plain-English Summary
The full Policy below is the controlling document. This summary is for quick orientation only.
- We extract structured data only from emails our customer's authorized mailbox receives, or that the customer (or their senders) forwards to a FasterQuotes ingest address.
- We do not use customer email content to train artificial-intelligence or machine-learning models, our own or anyone else's.
- We use Google Gemini's paid API for extraction. Under Google's paid-tier terms, Google does not use prompts or responses to train models, and does not human-review them in the ordinary course.
- Customer data is tenant-isolated using Postgres Row-Level Security and per-request
org_idJWT claims. - We delete customer data within 30 days of a verified customer deletion request.
- We name every Sub-Processor publicly and commit to 30 days' advance notice of changes.
- Related pages: Sub-Processors, Security, Data Processing Addendum.
1. Defined Terms
- Customer means the organization that has signed up for the Service and on whose behalf data is processed.
- End User means an individual user authorized by a Customer to access the Service (for example, a dispatcher or operations manager).
- Personal Data means information relating to an identified or identifiable natural person.
- Service means the FasterQuotes Site, dashboard, API, and AI extraction features described above.
- Sub-Processor means a third party engaged by FasterQuotes to process Customer data on our behalf.
- Connected Mailbox means a Gmail mailbox a Customer has connected to the Service through Google OAuth.
- Forwarding Address means an inbound address of the form
submit-{token}@ingest.fasterquotes.iothat a Customer or their senders forward email to.
2. Information We Collect
2.1 Information you provide
When you sign up, log in, or contact us, you may provide your name, business email address, company name, role or job title, billing details, and any content you include in support requests or other communications with us.
2.2 Email content ingested through Connected Mailboxes (Gmail OAuth)
When a Customer connects a Gmail mailbox using the Google API restricted scope gmail.readonly, we read messages from that mailbox to perform extraction. Specifically, for each message we read:
- Routing addresses: From, To, Cc, Bcc
- Subject line
- Message body (plain-text and HTML parts)
- Attachments, including PDFs that are OCR-processed for RFQ content
- Message-ID, Date, Thread-ID and other RFC-822 headers necessary for incremental sync and deduplication
We do not read mailbox folder structure, contact lists, calendar entries, Drive files, or any other Google Workspace service. The gmail.readonly scope is the minimum scope necessary to deliver the user-facing extraction feature.
2.3 Email content ingested through Forwarding Addresses (Mailgun)
When a Customer or a sender directed by the Customer forwards email to a FasterQuotes Forwarding Address, our inbound routing provider Sinch (Mailgun) delivers the email to our backend. We process the sender address, RFC-822 headers, body, and attachments. The Customer is responsible for ensuring they have authority to forward content to us; see our Terms of Service.
2.4 Extracted structured data
Our AI returns a structured representation of each RFQ. This includes, where present in the source email: origin and destination locations, equipment type, weight, dimensions, accessorials, rates, pickup and delivery dates, and contact information appearing in the email. This extracted data is stored in the Customer's tenant-isolated dataset and is the working data the Customer interacts with in the dashboard.
2.5 Usage and device data
Through standard server logs and analytics, we collect IP address, browser, operating system, pages visited, and session duration. We use Google Analytics and the analytics built into our hosting providers (Vercel, Railway).
2.6 Cookies and similar technologies
We use a small set of cookies for authentication, security, and analytics. See our Cookie Policy for the full breakdown.
3. How We Use Information
- To provide the extraction Service and the dashboard, inbox, and review features around it.
- To send operational and security emails (account changes, security alerts, breach notifications, and similar).
- To bill and to administer Customer accounts.
- To produce aggregated, de-identified product analytics that help us understand usage and improve the Service. This never involves Customer email content.
- To respond to support requests and to investigate suspected abuse or unauthorized access.
- To comply with legal obligations and to enforce our agreements.
3.1 AI processing
Email content received by FasterQuotes is sent to Google's Gemini API (paid tier) for extraction. Under Google's Gemini API paid-tier terms (https://ai.google.dev/gemini-api/terms), Google does not use prompts or responses to train its or third-party models, and does not human-review them in the ordinary course of providing the API. We do not maintain or fine-tune any of our own models on Customer data. See Section 5 below for the full AI processing disclosure.
4. How We Share Information
We share Personal Data only with vetted Sub-Processors needed to deliver the Service, with our Customers (within their own tenant), and where legally required. We do not sell or share Personal Data for cross-context behavioral advertising.
We list every Sub-Processor on our public Sub-Processors page, including the data processed and the location. We commit to providing at least 30 days' prior notice before adding or replacing a Sub-Processor; Customers can subscribe to advance notice by emailing privacy@fasterquotes.io.
5. Google API Services User Data Policy — Limited Use Disclosure
FasterQuotes accesses Gmail data only with the user's explicit OAuth consent and only via the gmail.readonly restricted scope. Our handling of Google user data is bound by the Google API Services User Data Policy, including the Limited Use requirements. The two paragraphs below state our commitments verbatim.
FasterQuotes' use of information received from Google Workspace APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data — including Gmail content, metadata, headers, attachments, or any data derived from them — to develop, improve, or train generalized or third-party machine-learning or artificial-intelligence models. Google user data is used solely to provide and improve the user-facing extraction features for the user who authorized access, or as expressly permitted by the Limited Use requirements.
FasterQuotes personnel do not read, review, or otherwise access Google user data except in the following narrow circumstances permitted by the Google API Services User Data Policy: (a) where the user has given specific, documented consent for a particular operation (for example, a support ticket asking us to investigate a specific email); (b) where access is necessary for security purposes, such as investigating suspected abuse or unauthorized access; (c) where the data has been aggregated and de-identified for internal operations; or (d) where access is required by applicable law or regulation. Each such access event is logged and retained for audit.
Email content sent to Google's Gemini API for extraction is processed under Google's Gemini API paid-tier terms (https://ai.google.dev/gemini-api/terms), under which Google does not use prompts or responses to train its or third-party models and does not human-review them in the ordinary course of providing the API.
6. AI Processing
We use Google's Gemini API (paid tier) to extract structured data from RFQ emails. We do not train, fine-tune, or otherwise build artificial-intelligence or machine-learning models on Customer email content. Anonymous, aggregated usage statistics (for example, count of extractions per day) may inform product improvement, but Customer email content itself is never used for training.
Human-in-the-loop. Each AI-extracted field is presented to a human reviewer in our ReviewWizard interface for verification and editing before any quote is generated, sent, or pushed downstream. No quote, rate decision, or business outcome is made solely by automated means.
7. Data Retention
| Category | Retention |
|---|---|
| Account data (name, email, billing) | Kept while the account is active. Deleted within 30 days of account closure. |
| Email content (raw RFC-822 body and attachments) | 90 days from extraction, then purged unless the Customer has configured a longer retention period. |
| Extracted structured data | Retained while the account is active (this is the Customer's working data). Deleted on account closure or per-record on Customer request within 30 days. |
| Audit logs | 12 months. |
| Backups | 30-day rolling. |
8. Security
We maintain technical and organizational measures including AES-256-GCM encryption at rest, TLS 1.2+ in transit, Postgres Row-Level Security for tenant isolation, encrypted OAuth refresh tokens, and 24/7 alerting. Full details on our Security page.
9. International Data Transfers
Customer data is stored and processed in the United States today. Where Personal Data subject to the GDPR is transferred to FasterQuotes outside the EEA, we rely on the EU Standard Contractual Clauses (Module 2: Controller-to-Processor) attached to our Data Processing Addendum. For UK Personal Data, the UK International Data Transfer Addendum applies. See our Data Processing Addendum.
10. Your Rights
10.1 Generally available rights
Subject to applicable law and identity verification, you may request access to, correction of, deletion of, or a portable copy of your Personal Data. You may object to certain processing, and you may withdraw consent for AI processing at any time by disconnecting the Connected Mailbox from within the application or by emailing us; withdrawal does not affect the lawfulness of processing prior to withdrawal.
10.2 California (CCPA / CPRA) Notice
California residents have the right to know what Personal Information we collect and disclose, the right to delete, the right to correct, the right to limit the use of sensitive personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share Personal Information for cross-context behavioral advertising. The categories of information we collect and disclose are described in Section 2 of this Policy; the categories of recipients are described in Section 4 and on our Sub-Processors page.
10.3 EU and UK (GDPR / UK GDPR)
If you are in the EU, EEA, or UK, you have the rights described above and the right to lodge a complaint with your local supervisory authority — for example, the UK Information Commissioner's Office (ICO) or the relevant EU data protection authority.
10.4 How to exercise rights
Email privacy@fasterquotes.io from the email address on the account or include sufficient information for us to verify your identity. We respond within 30 days of a verified request, except where applicable law allows a longer period.
11. Children
The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect Personal Data from minors.
12. Cookies and Similar Technologies
See our Cookie Policy for a categorized description of the cookies we use, durations, and your choices.
13. Changes to this Policy
We may update this Policy. The "Last Updated" date at the top reflects the most recent revision. For material changes that affect Customer rights, we will notify account owners by email at least 30 days before the change takes effect. We retain prior versions of this Policy and will provide a copy on request.
14. Contact
For privacy questions: privacy@fasterquotes.io. For general questions: siddharth@fasterquotes.io. FasterQuotes is operated from India.
Last updated: May 2, 2026