QuickOrder
← Back to Home

QuickOrder Privacy Policy

QuickOrder LLC
https://getquickorder.com
Effective Date: May 1, 2026
Last Updated: May 1, 2026

QuickOrder LLC (“QuickOrder,” “Company,” “we,” “us,” or “our”) provides a business-to-business barcode scanning and ordering platform at https://getquickorder.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights and choices available to you.

We have written this Privacy Policy in plain language because the people who use QuickOrder are sales representatives, store managers, and small-business owners — not lawyers. Where defined terms are used, we explain them in Section 2.

By creating a QuickOrder account or using the Service, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is incorporated into our Terms of Service. If there is a conflict between this Privacy Policy and our Terms of Service regarding personal information, this Privacy Policy controls.

About our scope. The Service is offered to businesses located in the United States. We do not market the Service to consumers and we do not knowingly accept account registrations from individuals located in the European Union, the United Kingdom, or other regions outside the United States. If you access the Service from outside the United States, you do so on your own initiative and you are responsible for compliance with local law.

1. Summary — The Short Version

Because privacy policies tend to be long, here is the short version. The detailed terms are below and they govern if there is any inconsistency with this summary.

  • We collect business contact information (name, work email, phone, company name, address) and the data you load into your account (products, vendors, orders).
  • We use that information to operate the Service for you — running your account, sending the orders you create, processing your subscription, and providing support.
  • We do not sell your personal information. We do not rent it. We do not use your Company Data to train artificial intelligence models or to build any product offered to anyone other than you.
  • We share information only with the vendors that help us run the Service (Supabase, Stripe, Resend, Vercel, Cloudflare), with the order recipients you direct us to email, and where required by law. Section 5 lists every sub-processor we use and what they do.
  • You can access, export, correct, and delete your information. Section 8 explains how.
  • If we have a security incident affecting your information, we will tell you as soon as reasonably possible and explain what happened and what we are doing about it.

2. Definitions

The following capitalized terms are used throughout this Privacy Policy:

  • “Account” means the QuickOrder account associated with a single Company. Each Account has one or more Authorized Users who log in with their own credentials.
  • “Authorized User” means any individual you invite or permit to access the Service under your Account, including users in the roles of Admin, Manager, or User.
  • “Company” means the business entity that holds the Account.
  • “Company Data” means the data you and your Authorized Users load into or generate within the Service, including product catalogs, vendor lists, customer information you choose to record, order contents, branding assets, and configuration settings.
  • “Personal Information” means information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual. Aggregated or de-identified information that cannot reasonably be linked back to an individual is not Personal Information.
  • “Sub-processor” means a third-party service provider that processes Personal Information on our behalf to help us operate the Service.

3. Information We Collect

3.1 Information You Provide Directly

When you sign up for and use the Service, you provide us with the following:

  • Account Registration. Your name, work email address, phone number, Company name, business address (city, state, ZIP code), and password (hashed by our authentication provider; we never see, store, or have access to your plain-text password).
  • Company Profile. Company name, business contact information, mailing address, uploaded company logo, and branding preferences (colors, theme).
  • Authorized User Information. When you invite team members, we collect their names, email addresses, and the role you assign them.
  • Product Catalog. SKUs, descriptions, UPC and barcode numbers, vendor associations, pricing if you choose to record it, and any custom data fields you configure.
  • Vendor Information. Vendor names, email addresses, and contact details that you add to your Account.
  • Order Data. Order line items and quantities, recipient information, customer store names and contact details (where you choose to record them), order subject lines, and order messages.
  • Payment Information. Payment card and bank account details are collected and stored directly by our payment processor, Stripe. We do not see or store your full card number, CVV, or bank account number on our servers. From Stripe we receive only limited information for billing and recordkeeping — typically the last four digits of your card, the card brand, the cardholder name, and the billing address.
  • Communications. When you email us or fill out a contact form, we receive your name, email address, and the content of your message.

3.2 Information Collected Automatically

When you access the Service, certain information is collected automatically through standard web technologies:

  • Usage Data. Pages and features accessed, actions taken within the Service, scan and order activity, and timestamps of those actions.
  • Device and Browser Information. Device type (mobile, tablet, desktop), operating system, browser type and version, and screen resolution.
  • Log Data. IP address, access timestamps, referring URLs, and error logs. We use this information primarily for security, debugging, and abuse prevention.
  • Analytics. We use Vercel Analytics to measure aggregated, page-level traffic and performance. Vercel Analytics does not use third-party cookies and does not collect Personal Information of individual visitors.

3.3 Information from Third Parties

  • From Stripe. Subscription status, payment success or failure events, invoice records, and the limited billing information described in Section 3.1.
  • From Supabase. Authentication tokens and session data necessary to keep you signed in.

3.4 Camera Access for Barcode Scanning

The Service uses your device camera to scan product UPC and other barcodes. Camera access is requested through your browser’s standard permission prompt and you can revoke it at any time in your browser or device settings.

How camera scanning works. The camera feed is processed entirely on your device using a WebAssembly-based barcode reader (ZBar). We do not capture, store, transmit, or retain camera images or video. Only the decoded barcode value — a numeric string such as “012345678905” — is sent to our servers, and only for the purpose of matching it against the products in your own catalog.

No facial recognition. No biometrics. No background recording. The camera is used only while a scan is actively in progress.

3.5 Information We Do Not Collect

We want to be specific about this. We do not collect:

  • Government identifiers such as Social Security numbers, driver’s license numbers, or passport numbers.
  • Health or medical information.
  • Biometric identifiers (fingerprints, voiceprints, faceprints, retina scans, or similar).
  • Precise geolocation. We may infer general location from IP address for security and analytics purposes, but we do not collect GPS or other precise location data.
  • Information about children under 18. See Section 11.
  • Camera images, video, or audio recordings. See Section 3.4.

4. How We Use Information

We use the information described above for the following purposes, and for no others:

  • To provide and operate the Service. Creating and managing your Account, authenticating Authorized Users, storing your Company Data, transmitting orders to the recipients you designate, generating invoices and receipts, and providing the core functionality of the platform.
  • To process payments. Facilitating subscription billing through Stripe, managing free trials, applying tax to invoices where required, and handling payment-related correspondence.
  • To communicate with you. Sending transactional messages (order confirmations, team invitations, password resets, Catalog Update Report emails, billing notices), responding to your questions, and providing customer support. We do not send marketing email unless you opt in.
  • To maintain and improve the Service. Diagnosing and fixing bugs, monitoring performance and uptime, analyzing aggregated usage to inform feature decisions, and developing new functionality.
  • To protect the Service and its users. Detecting and preventing fraud, abuse, unauthorized access, or other security incidents; enforcing our Terms of Service and other agreements.
  • To comply with law. Meeting our obligations under applicable law, responding to lawful requests from public authorities, and preserving legal rights.

No AI training on your data. We do not use Company Data, order content, product catalogs, or any other customer information to train, fine-tune, or evaluate machine-learning or artificial-intelligence models, and we do not permit our Sub-processors to do so. If we ever change this position, we will update this Privacy Policy and notify Account Admins before the change takes effect.

5. Sub-processors and How We Share Information

We do not sell your Personal Information. We do not rent it. We do not exchange it for advertising consideration. We share information only as described in this Section 5.

5.1 Sub-processors

We use the following third-party Sub-processors to operate the Service. Each is bound by a written agreement that limits how they may use information we share with them.

Service ProviderService ProvidedInformation Processed
SupabaseDatabase hosting, authentication, file storageAccount credentials, Company Data, product catalogs, vendor lists, order records, uploaded company logos
StripePayment processing, subscription billing, sales tax calculationBilling contact information, payment method details (handled directly by Stripe under PCI-DSS), subscription status, invoice history
ResendTransactional email deliveryRecipient email addresses, email subject lines, email body content (order details, team invitations, password reset links, Catalog Update Report emails)
VercelApplication hosting, page-level analyticsApplication requests and responses, IP addresses (in server logs), aggregated page-view analytics
CloudflareDNS, email routing for inbound mailInbound email metadata for routing to support and contact addresses; DNS lookups

Where to read each Sub-processor’s own privacy practices: Supabase, Stripe, Resend, Vercel, Cloudflare.

Changes to our Sub-processor list. If we add or replace a Sub-processor, we will update this Privacy Policy. Account Admins may subscribe to be notified of material Sub-processor changes by emailing privacy@getquickorder.com.

5.2 Order Recipients

When you submit an order through the Service, the order content (including any product information, quantities, customer details, and messages you have included) is transmitted by email to the recipient addresses you have configured in your Account. This is the core function of the Service and it occurs only at your direction. We do not retain copies of those emails for any purpose other than maintaining your order history within your Account.

5.3 Within Your Account

Authorized Users on the same Account may have access to shared Company Data (such as the product catalog, vendor list, configuration settings, and — where the Service makes them visible — orders placed by other Authorized Users) according to the role-based access controls described in our Terms of Service. Account administrators can see information about Authorized Users on their team. We do not control how administrators use that information within their own organization; that is governed by the agreement between you and your Authorized Users.

5.4 Legal and Safety

We may disclose information when we have a good-faith belief that doing so is necessary to:

  • comply with applicable law, regulation, legal process, subpoena, or governmental request;
  • protect and defend the rights, property, or safety of QuickOrder, our users, or others;
  • investigate, prevent, or take action regarding suspected fraud, security incidents, or violations of our Terms of Service; or
  • establish or defend legal claims.

Where legally permitted, we will provide reasonable advance notice to affected Account Admins before disclosing their information in response to a legal request.

5.5 Business Transfers

If QuickOrder is involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of all or part of its business or assets, your information may be transferred to the successor or acquiring entity as part of that transaction. We will notify Account Admins by email or by a prominent notice in the Service before any such transfer becomes effective, and any successor will be bound by terms at least as protective as those described in this Privacy Policy.

6. How We Protect Information

6.1 Technical Safeguards

We implement reasonable and appropriate technical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in transit. All connections to the Service are protected by industry-standard TLS encryption.
  • Encryption at rest. Account data stored on Supabase is encrypted at rest using the underlying cloud provider’s standard encryption.
  • Tenant isolation. Each Account’s Company Data is isolated using database row-level security (“RLS”) policies enforced by the database itself, so that one Company’s users cannot read another Company’s data through ordinary application requests.
  • Authentication. Passwords are hashed using industry-standard bcrypt by our authentication provider, Supabase, and are never stored in plaintext. QuickOrder personnel do not have access to user passwords at any time. The Service enforces minimum password complexity requirements (at least eight characters, including at least one uppercase letter, one lowercase letter, one number, and one symbol). Password reset links are time-limited and single-use.
  • Role-based access controls. Within each Account, the Service enforces Admin, Manager, and User roles that limit what each Authorized User can read and modify.
  • PCI-DSS payment processing. Payment card data is handled directly by Stripe under its PCI-DSS Level 1 service-provider certification. Card data does not transit our servers.
  • Hardened deployment. The Service runs on Vercel’s production infrastructure with HTTPS-only delivery, secure headers, and standard application-level protections against common web vulnerabilities.

6.2 Operational Safeguards

  • Limited internal access. Only personnel with a legitimate operational need have administrative access to production systems. Administrative access is protected by strong authentication.
  • Vendor due diligence. We select Sub-processors with documented security programs and contractually obligate them to maintain reasonable security measures.
  • Logging. We maintain server logs sufficient to investigate security incidents and to enforce our Terms of Service.

6.3 Honest Limitations

No method of transmission over the internet, and no method of electronic storage, is one hundred percent secure. While we use commercially reasonable means to protect your information, we cannot and do not guarantee absolute security. You are responsible for maintaining the confidentiality of your Account credentials and for promptly notifying us at security@getquickorder.com if you believe your credentials or your Account have been compromised.

6.4 Security Incident Notification

If we become aware of a security incident that has resulted in the unauthorized acquisition, access, disclosure, or loss of your Personal Information, we will notify the affected Account Admin without undue delay, and in any event within seventy-two (72) hours of confirming the incident, except where law enforcement requests a delay. The notice will include, to the extent then known: a description of the incident, the categories of information affected, the steps we are taking to investigate and contain the incident, and the steps you should take in response. We will continue to provide updates as material new information becomes available.

7. How Long We Keep Information

We retain Personal Information only for as long as we need it to provide the Service, satisfy our legal and contractual obligations, resolve disputes, and enforce our agreements. The general retention periods we use are below. Specific data types may be retained longer where required by law or where retention is reasonably necessary to protect QuickOrder, you, or third parties.

  • While your Account is active: we retain your Account information and Company Data for the full duration of your subscription so the Service can function.
  • After Account termination — Company Data export window: we retain your Company Data for thirty (30) days after termination so you can request an export. After that thirty-day period we may delete your Company Data from our active systems.
  • Backups: residual copies of deleted data may persist in encrypted backups for up to ninety (90) days after deletion from active systems, after which they are overwritten in the ordinary course of backup rotation.
  • Billing and tax records: invoice records, payment records, and tax-related information are retained for at least seven (7) years to comply with tax and accounting requirements.
  • Server logs: application and security logs maintained directly by QuickOrder are retained for up to thirty (30) days. Logs maintained by our infrastructure providers — including Vercel (hosting), Supabase (database and authentication), Stripe (payment processing), and Resend (email delivery) — are retained according to those providers’ own retention policies, typically not exceeding ninety (90) days. We may retain logs longer where necessary to investigate a security incident or to comply with law.
  • Support correspondence: email and support-ticket records are retained for up to two (2) years after closure of the matter.
  • Aggregated and de-identified data: we may retain aggregated or de-identified data indefinitely, because it cannot reasonably be linked back to an individual.

8. Your Rights and Choices

Regardless of where you live, we extend the following rights to all Authorized Users as a matter of policy. State law may give you additional rights — see Section 9.

8.1 Access and Export

You can view your Company Data inside the Service at any time. The Service provides built-in CSV and Excel export of your products, vendors, and orders. You can also email privacy@getquickorder.com to request a copy of the Personal Information we hold about you.

8.2 Correction

You can update most of your Account information yourself from the Settings page in the Service. For information that is not user-editable from inside the Service, email privacy@getquickorder.com and we will correct inaccuracies.

8.3 Deletion

You can delete your Account, and request deletion of the Personal Information associated with it, by emailing privacy@getquickorder.com. Please understand:

  • Deletion is irreversible after the thirty-day export window described in Section 7.
  • We may retain certain information beyond the deletion request where retention is required by law (for example, tax records) or is reasonably necessary to resolve disputes, prevent fraud, or enforce our agreements.
  • Information that has been aggregated or de-identified, and that cannot reasonably be re-associated with you, may be retained.

8.4 Objection and Restriction

You can ask us to stop processing your Personal Information for a specific purpose, or to restrict processing while you contest its accuracy or legitimacy. We will honor reasonable requests of this kind unless we have a legitimate, overriding reason to continue (for example, to comply with law or to defend a legal claim).

8.5 Marketing Communications

We do not currently send marketing email. The transactional messages described in Section 4 (order confirmations, password resets, billing notices, security alerts, team invitations, and similar operational messages) are required for the Service to function and you cannot opt out of them while you maintain an Account. If we ever introduce marketing or promotional messages, they will include an unsubscribe link and will be sent only with your prior opt-in where required by law.

8.6 How to Make a Request

To exercise any right under this Section 8, email privacy@getquickorder.com from the email address associated with your Account, or from an email address you can reasonably demonstrate is yours. We may need to take reasonable steps to verify your identity before responding — for example, by asking you to confirm details that match your Account record. We will not share Personal Information in response to a request we cannot authenticate.

We will respond to verifiable requests within forty-five (45) days. If we need more time (up to an additional forty-five (45) days), we will tell you the reason and the extended timeline within the original forty-five-day period. We do not charge a fee for the first request from a given individual in any twelve-month period. We may charge a reasonable fee, or decline, for repetitive, manifestly unfounded, or excessive requests, and will explain our reasoning if we do.

8.7 Camera Permissions

You can revoke camera access at any time through your browser or device settings. The barcode-scanning feature requires camera access; the rest of the Service will continue to function without it.

8.8 Authorized Agents

Where state law permits you to designate an authorized agent to make a request on your behalf, we will honor those requests upon receiving reasonable proof of the agent’s authority and verification of your identity.

8.9 No Retaliation

We will not deny you the Service, charge you a different price, or provide you with a different level of quality because you exercised a privacy right described in this Section 8.

9. State-Specific Rights

State privacy laws apply to QuickOrder only to the extent their thresholds and scopes are met. The Service is offered in a business-to-business context, and most current state privacy laws either do not apply at our scale or carry exemptions for personal information processed in a business or commercial context. We summarize the position below.

9.1 California (CCPA / CPRA)

The California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to for-profit businesses that meet specified revenue, volume, or revenue-share thresholds. QuickOrder does not currently meet those thresholds. Even so, the rights set out in Section 8 of this Privacy Policy — including the rights to access, correct, delete, port, and limit the processing of your Personal Information — are available to all Authorized Users, including California residents, as a matter of policy.

  • Categories of Personal Information collected: identifiers (name, email, phone, IP address, account identifiers); commercial information (subscription and order records you create within the Service); internet or network activity (usage data, log data); and professional or employment-related information (Company name, job title where you provide it). The sources, purposes, and recipients of each category are described in Sections 3, 4, and 5.
  • Sensitive Personal Information. We do not collect “sensitive personal information” as that term is defined under California law.
  • Sale or sharing for cross-context behavioral advertising. We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising.
  • How to exercise your rights. Email privacy@getquickorder.com. See Section 8.6 for the verification and response-time procedures.

9.2 Other U.S. State Privacy Laws

Comprehensive consumer privacy laws are in effect in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, and other states. Most of these laws (including Utah’s) explicitly do not apply to information processed in a commercial or business-to-business context, and many have applicability thresholds (revenue or volume) that QuickOrder does not currently meet.

Regardless of the technical applicability of any specific state law, the rights set out in Section 8 are available to all Authorized Users as a matter of policy. If you live in a state whose law gives you additional rights beyond those described in Section 8, please contact privacy@getquickorder.com and we will work with you in good faith to honor them.

9.3 Right to Appeal

If we deny your privacy request and you believe we did so in error, you may appeal by replying to our denial or emailing privacy@getquickorder.com with the word “Appeal” in the subject line. We will review the appeal and respond within sixty (60) days. If we deny the appeal, we will tell you why, and we will tell you how to contact your state attorney general or comparable authority to file a complaint.

10. International Users

QuickOrder is operated from the United States and is intended for use by businesses based in the United States. We do not target or market the Service to individuals outside the United States, and we do not currently offer GDPR, UK GDPR, or other non-U.S. data-protection rights frameworks.

If you access the Service from outside the United States, you do so on your own initiative. By accessing the Service from such a location, you understand that your information will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction. If you are a resident of the European Economic Area, the United Kingdom, or another jurisdiction with comprehensive data-protection legislation, please do not use the Service.

11. Children

The Service is intended for use by businesses and is not directed to individuals under the age of 18. We do not knowingly collect Personal Information from anyone under 18, and we have no reason to expect that anyone under 18 would have a legitimate business reason to use the Service. If you believe a person under 18 has provided us with Personal Information, please contact privacy@getquickorder.com and we will take prompt steps to delete that information from our systems.

12. Cookies and Browser Storage

The Service uses cookies and other browser-storage technologies only for purposes that are strictly necessary to operate the Service. We do not use advertising cookies, tracking pixels, or third-party behavioral-advertising technologies.

  • Authentication cookies. Required to keep you signed in and to authenticate API requests. Without them the Service cannot function.
  • Service worker (Progressive Web App). The Service registers a service worker that caches application assets locally on your device, enabling cold-start offline access and faster page loads. The service worker stores application code on your device but does not transmit Personal Information.
  • Local storage. The Service uses browser local storage to cache application state for performance — for example, draft orders that have not yet been submitted. Local storage is held on your device and is cleared when you sign out or clear your browser data.
  • Vercel Analytics. Vercel Analytics measures aggregated, page-level traffic without setting third-party cookies and without collecting Personal Information about individual visitors. We do not run Google Analytics or any other behavioral-tracking analytics on the Service.

Because we do not use any cookies or trackers that are not strictly necessary for the Service to function, we do not currently display a cookie consent banner. If we ever introduce non-essential cookies or trackers, we will provide a consent mechanism before activating them, in compliance with applicable law.

13. Do Not Track Signals

Some browsers transmit a “Do Not Track” signal indicating that the user does not want to be tracked. There is no industry-standard interpretation of these signals, and the Service does not currently take any action in response to them. Because we do not engage in cross-site tracking or behavioral advertising in the first place, the absence of Do Not Track support does not change what we do or do not collect about you.

14. Links to Other Sites

The Service may contain links to websites or services that are not operated by QuickOrder. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any website or service you visit through a link from the Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes — such as changes to the categories of information we collect, the purposes for which we use it, the Sub-processors we engage, or your rights and choices — we will notify Account Admins by email and post a prominent notice in the Service before the change takes effect. The “Last Updated” date at the top of this Privacy Policy reflects the most recent revision. Continued use of the Service after the effective date of an update constitutes acceptance of the updated Privacy Policy. If you do not agree to an update, you may terminate your Account in accordance with our Terms of Service.

16. How to Contact Us

If you have any questions about this Privacy Policy or our data-handling practices, or if you would like to exercise any of the rights described in Section 8, please contact us:

QuickOrder LLC
Privacy and data-rights requests: privacy@getquickorder.com
General support: support@getquickorder.com
Security incidents: security@getquickorder.com
General inquiries: hello@getquickorder.com
Website: https://getquickorder.com

— END OF PRIVACY POLICY —