Privacy Policy

Last Updated: July 2, 2026

Stimaro LLC (“Stimaro™,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information in connection with the Stimaro estimating software, our website at stimaro.com, and related services (collectively, the “Service”).

This Privacy Policy applies to individuals who use the Service, visit our website, communicate with us, or otherwise interact with Stimaro. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

For business customers that have entered into a Master Service Agreement, Order Form, Data Processing Agreement, or similar written agreement with Stimaro, the terms of that agreement may further govern Stimaro's processing of Customer Data and Personal Data submitted by or on behalf of that customer. Where Stimaro processes Personal Data on behalf of a business customer, Stimaro acts as a service provider or processor, and the business customer is responsible for providing any required notices and obtaining any required consents from its users, employees, contractors, clients, vendors, or other individuals whose Personal Data is submitted to the Service.

The Service may include optional integrations, API-based workflows, API key configuration, quote extraction, optical character recognition, artificial intelligence-assisted document processing, and related workflow automation features.

1. Information We Collect

We collect information in three ways: (a) information you provide directly to us; (b) information collected automatically when you use the Service; and (c) information we receive from third parties.

1.1 Information You Provide Directly

We collect information you voluntarily submit to us, including:

  • Account information: your full name and email address when you create an account.
  • Business information: your company name and business address.
  • Contact information: your phone number, used for customer support and, with your consent, SMS communications.
  • Billing and payment information: we do not store full payment card numbers, bank account credentials, or complete financial account information on our systems. Billing and payment information may be collected and processed by our third-party billing, accounting, and payment providers. These providers may provide us with limited billing information such as billing contact details, billing address, invoice status, payment status, transaction history, and limited payment method details.
  • Communications: the content of any messages, inquiries, or feedback you send us.
  • Customer Data: estimates, project files, and other content you create or upload while using the Service.
  • Vendor quote and bid document information: vendor quotes, bid documents, attachments, PDFs, line items, quantities, unit prices, totals, descriptions, scope notes, exclusions, alternates, signatures, contact names, and related project or vendor information that you upload, process, or submit through the Service.
  • API keys and integration settings: API keys, tokens, URLs, account identifiers, model selections, integration settings, and similar configuration information you or your authorized users provide to connect third-party services or enable certain workflows.
  • AI/OCR inputs and outputs: text, extracted data, prompts, structured line items, classifications, summaries, correction history, model inputs, model outputs, and related processing information generated or used by optional AI-assisted or OCR-assisted features.

1.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information, including:

  • IP address and approximate geographic location derived from IP address;
  • Browser type, version, and language;
  • Device information (operating system, device type, screen resolution);
  • Referring and exit pages, pages viewed, and features used;
  • Date, time, and duration of visits and activity within the Service;
  • Log data and error reports generated by the software;
  • Integration and API usage data, such as integration type, connection status, usage timestamps, request volume, error codes, performance information, and configuration metadata;
  • AI/OCR feature usage data, such as feature usage timestamps, extraction status, processing errors, selected model or provider, output correction history, and related technical metadata.

1.3 Information From Third Parties

We may receive information about you from third parties, including:

  • Our billing, accounting, and payment providers, for invoicing, transaction verification, payment administration, accounting, and fraud prevention;
  • Our customer relationship management and marketing platforms regarding your interactions with our emails, website, and marketing communications;
  • Scheduling platforms when you book a demo, onboarding call, support call, or other meeting with us;
  • Publicly available sources, industry directories, company websites, trade association listings, and business data providers used for business-to-business prospecting, lead qualification, and outreach;
  • Third-party integration providers, API providers, AI model providers, OCR tools, model-routing providers, and related services when you enable, configure, or connect those services through Stimaro;
  • Customer-enabled third-party services that you or your organization choose to connect using your own account, credentials, API key, token, URL, or settings.

For a current list of the specific providers we use, see Section 4.1 and our Sub-processor List at https://stimaro.com/legal/subprocessors.

1.4 Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to operate, improve, and analyze the Service. See Section 7 below for details about the types of cookies we use and your choices.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: to create and maintain your account, deliver software and license keys, process payments, provide customer support, operate the Service, configure workflows, enable integrations, process API-based workflows, and provide optional AI/OCR features such as quote extraction, document parsing, and related workflow automation.
  • Communications: to send transactional messages (account confirmations, billing notices, service announcements), respond to inquiries, and, where permitted, send marketing communications.
  • Scheduling and onboarding: to schedule demos, onboarding calls, support meetings, and customer check-ins.
  • AI/OCR and quote extraction features: to extract, parse, classify, summarize, or structure information from vendor quotes, bid documents, PDFs, attachments, and related estimating materials when you choose to use those features.
  • Improving the Service: to analyze usage patterns, diagnose technical issues, maintain security, develop new features, and improve product performance using account, technical, usage, aggregated, anonymized, or de-identified information. We do not use the content of Customer Data, such as estimates, project files, bid details, pricing inputs, or other customer project content, to train artificial intelligence models, develop benchmark datasets, or improve our products except with your express consent.
  • Security and fraud prevention: to detect, investigate, and prevent fraudulent activity, unauthorized access, and violations of our Terms of Service.
  • Legal compliance: to comply with applicable laws, regulations, legal processes, and governmental requests, and to enforce our legal rights.
  • Business operations: to conduct internal business analysis, reporting, and general business administration.

We do not use Customer Data, including estimates, project files, bid details, pricing inputs, vendor quotes, quote PDFs, or other customer project content, to train artificial intelligence models, develop benchmark datasets, or improve our products, except with your express consent. For clarity, using optional AI/OCR features to extract, parse, classify, summarize, or structure Customer Data for your benefit and in accordance with your configuration of the Service does not constitute using Customer Data to train artificial intelligence models, develop benchmark datasets, or improve our products.

3. AI/OCR Features and Customer-Enabled Third-Party Services

Stimaro may offer optional AI-assisted or OCR-assisted features, including quote extraction, document parsing, model-assisted extraction, and related workflow automation. These features may process Customer Data such as vendor quote documents, bid files, line items, quantities, pricing, descriptions, scope notes, exclusions, and related estimating materials.

Depending on your configuration, AI/OCR features may run locally, may use Stimaro-controlled service providers, or may use third-party services that you connect using your own account, credentials, API key, token, URL, or settings. These customer-enabled third-party services may include AI model providers, OCR tools, model-routing services, APIs, local services, or other integrations.

If you enable or connect a customer-enabled third-party service, information may be transmitted to and processed by that third-party service according to your configuration and that provider's own terms, privacy policy, data processing terms, security practices, retention practices, and model training practices. Stimaro is not responsible for the privacy, security, retention, model training, availability, pricing, or support practices of customer-enabled third-party services that you choose to connect.

You should not submit sensitive personal information, regulated data, confidential third-party data, or highly sensitive information to AI/OCR features or customer-enabled third-party services unless you are authorized to do so and have reviewed the applicable third-party terms and data handling practices.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers and sub-processors that help us operate, provide, secure, bill for, market, and improve the Service. These providers may process information only as needed to perform services for us and are subject to contractual obligations regarding confidentiality and data protection where appropriate.

The categories of service providers and sub-processors we use include:

  • Application hosting and infrastructure providers;
  • Business email, file storage, and collaboration providers;
  • Customer relationship management, marketing, and support providers;
  • Scheduling and meeting coordination providers;
  • Billing, accounting, invoicing, and payment administration providers;
  • Payment processors;
  • Website analytics providers;
  • DNS, content delivery network, and web application security providers;
  • SMS and messaging providers;
  • Sales prospecting and contact research providers;
  • Error monitoring and application performance providers;
  • Security scanning and vulnerability management providers;
  • Software license management providers;
  • Professional advisors, such as attorneys, accountants, and tax advisors;
  • AI model providers, model-routing providers, OCR providers, and document-processing providers, if enabled;
  • API, integration, and workflow automation providers;
  • Local or customer-configured tools and services, to the extent they are connected to or used with the Service.

A current list of the specific sub-processors we engage — including their purpose, location, the categories of data they access, and their relevant certifications — is maintained at https://stimaro.com/legal/subprocessors (the “Sub-processor List”). We update the Sub-processor List as we add, replace, or remove sub-processors. For business customers that have entered into a Data Processing Agreement with Stimaro, additional notification procedures may apply as set forth in that agreement.

Some third-party services may be enabled, configured, or connected by customers using their own accounts, credentials, API keys, tokens, URLs, or settings. These customer-enabled third-party services are not necessarily Stimaro sub-processors unless they are identified as such in our Sub-processor List, a Data Processing Agreement, or an applicable Order Form. Customers are responsible for reviewing and accepting the terms and privacy practices of customer-enabled third-party services.

4.2 Business Transfers

If Stimaro is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.

4.3 Legal and Safety

We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, legal process, or government request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of Stimaro, our users, or others; or (d) detect, prevent, or address fraud, security issues, or technical problems.

4.4 With Your Consent

We may share information with third parties for purposes not described above when you direct us to do so or otherwise provide consent.

4.5 Customer-Enabled Third-Party Services

You or your organization may choose to enable integrations, APIs, AI model providers, OCR tools, model-routing services, local services, or other third-party services through the Service. When you do so, we may share or transmit information as directed by your configuration, including Customer Data, documents, extracted text, prompts, outputs, technical metadata, API usage data, and integration settings.

Customer-enabled third-party services are governed by their own terms, privacy policies, data processing terms, retention practices, security practices, and model training practices. We encourage you to review those terms before enabling or using any third-party service with Stimaro.

5. Data Retention

We retain personal information for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

If you cancel your subscription or close your account, and to the extent Customer Data is hosted by or under the control of Stimaro, we will retain your account information and such Customer Data for ninety (90) days after cancellation to allow for reactivation or data export. After the ninety-day period, we will delete or anonymize such Customer Data, except as otherwise required by law or as necessary for legitimate business purposes such as billing records, tax compliance, fraud prevention, security, backup retention, and legal claim defense.

If you use a locally installed version of the Service and Customer Data is stored locally on your own device or systems, you are responsible for maintaining backups and exporting or preserving that data.

Data processed through customer-enabled third-party services may be retained by those third-party services according to their own terms, privacy policies, data processing terms, and retention practices. Stimaro does not control the retention or deletion practices of customer-enabled third-party services that you choose to connect using your own account, credentials, API key, token, URL, or settings.

We may retain AI/OCR processing records, extraction outputs, correction history, technical logs, and related metadata for as long as reasonably necessary to provide the Service, troubleshoot issues, maintain security, support customer workflows, comply with legal obligations, and enforce our agreements, unless otherwise specified in an applicable agreement.

We may retain aggregated or de-identified data, which cannot reasonably be used to identify you, indefinitely.

6. Your Rights and Choices

6.1 General Rights

Regardless of where you are located, you may:

  • Access, update, or correct your account information through your account settings;
  • Cancel your subscription at any time;
  • Opt out of marketing emails or business outreach by clicking the “unsubscribe” link where available, following the instructions in the message, or contacting us at [email protected]. You may also opt out of business outreach by replying “unsubscribe,” “not interested,” or a similar request to any outreach email from us;
  • Opt out of SMS communications by replying STOP to any message;
  • Contact us at [email protected] with any privacy request or question.

6.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: to request information about the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to delete: to request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct: to request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: Stimaro does not sell personal information or share it for cross-context behavioral advertising. If this changes, we will provide appropriate notice and an opt-out mechanism.
  • Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes that trigger this right.
  • Right to non-discrimination: we will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, contact [email protected]. We may need to verify your identity before responding. An authorized agent may submit a request on your behalf with proof of authorization.

6.3 Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other U.S. states with comprehensive privacy laws may have similar rights. To exercise any such rights, contact [email protected].

7. Cookies and Tracking Technologies

We use cookies and similar technologies (such as pixels, local storage, and web beacons) on our website to operate the Service, analyze usage, and improve your experience.

7.1 Types of Cookies We Use

  • Strictly necessary cookies: required for the website to function (e.g., session management, authentication). These cannot be disabled.
  • Functional cookies: remember your preferences and settings.
  • Analytics cookies: help us understand how visitors use our website.
  • Marketing and CRM cookies: allow us to track website interactions and deliver relevant communications.

Some analytics, marketing, and CRM technologies may involve third-party providers that receive device, browser, usage, and interaction information as described in our Sub-processor List.

For details on the specific analytics, marketing, and CRM platforms we use, see our Sub-processor List at https://stimaro.com/legal/subprocessors.

7.2 Your Cookie Choices

You can manage cookie preferences through your browser settings and, where we make one available, through our cookie consent banner. Blocking certain cookies may affect website functionality. For visitors in the EEA, UK, and Switzerland, we obtain consent for non-essential cookies before they are set.

We honor Global Privacy Control (GPC) signals as an opt-out request under applicable state privacy laws.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures may include encryption in transit, access controls, logging, security reviews, and secure hosting where applicable. As Stimaro grows, our security program may evolve based on the nature, scale, and sensitivity of the information we process.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk. You are responsible for maintaining the confidentiality of your account credentials and license keys and for notifying us promptly of any suspected unauthorized access.

9. Children's Privacy

The Service is intended for business users aged eighteen (18) or older. We do not knowingly collect personal information from anyone under the age of thirteen (13), and the Service is not directed to children. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided personal information to us, please contact [email protected].

10. Sensitive Personal Information

We do not knowingly collect sensitive personal information, such as Social Security numbers, government identifiers, precise geolocation, financial account credentials, racial or ethnic origin, religious beliefs, health data, biometric data, or genetic data. You should not submit sensitive personal information through the Service unless expressly authorized in a written agreement with Stimaro.

You should not submit sensitive personal information, regulated data, confidential third-party data, or highly sensitive information to AI/OCR features or customer-enabled third-party services unless you are authorized to do so and have reviewed the applicable third-party terms, privacy policies, data processing terms, retention practices, security practices, and model training practices.

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services. The Service may also allow you or your organization to connect third-party services, APIs, model providers, OCR tools, model-routing services, local services, or other integrations using your own account, credentials, API key, token, URL, or settings.

This Privacy Policy does not apply to third-party services that you choose to access, enable, or connect. We are not responsible for the privacy, security, retention, model training, availability, pricing, or support practices of those third parties. We encourage you to review the applicable third-party terms, privacy policies, data processing terms, and security practices before enabling or using any third-party service with Stimaro.

12. Do Not Track Signals

Our website does not currently respond to “Do Not Track” (DNT) browser signals because no consistent industry standard has been established. We do honor Global Privacy Control (GPC) signals as described in Section 7.2.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and by updating the “Last Updated” date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of a change constitutes acceptance of the updated Privacy Policy. Updates to the list of specific sub-processors we engage are managed separately and posted at https://stimaro.com/legal/subprocessors. Material changes to that list are not necessarily considered material changes to this Privacy Policy and may not trigger the email notification described above; however, business customers under a Data Processing Agreement will receive notifications of sub-processor changes as set forth in that agreement.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Stimaro LLC

ATTN: Legal

169 Madison Ave STE 98516

New York, NY 10016

Email: [email protected]