Privacy Policy

EstiLedger is a crowdsourced price-transparency platform. We help people search real-world invoices, estimates, and repair orders by location and service category. This policy explains what information we collect, how we use it, and the privacy safeguards built into the product—especially when you contribute document photos.

Account information. If you create an account, we store your email address, an optional display name, and a securely hashed password (or, if you use Google sign-in, your Google account identifier). We use this to authenticate you and operate your profile.

Contributions. When you post an invoice or estimate, we collect the images you upload, a short description, optional hashtags, and location at city and state level only—we do not ask for street addresses. Submissions are held for admin review before any approved content appears in public search.

Search usage. If you browse without signing in, we may record anonymous search activity (for example, a hashed visitor identifier and monthly search count) to enforce fair-use limits such as five searches per calendar month for anonymous users.

Technical data. Like most websites, our hosting providers process standard request logs (such as IP address, browser type, and timestamps) needed to deliver the service, prevent abuse, and maintain security.

Protecting contributor privacy is central to EstiLedger. When you upload invoice or estimate photos, we automatically detect and mask customer personal information before those images are stored. This masking runs on our servers as part of the upload process—it is not a manual step you must remember to perform.

Our automated system looks for customer-identifying details on the document, such as personal names, phone numbers, email addresses, full street addresses, account or payment card numbers, vehicle license plates, vehicle identification numbers (VINs), and handwritten signatures. Detected regions are covered with solid blocks so they are not readable in the stored image.

We intentionally preserve non-personal business and pricing information that makes the dataset useful—such as shop names, line items, labor and parts descriptions, quantities, prices, taxes, totals, and document dates—while aiming to remove private customer details.

Automated masking may not catch every piece of personal information. You should still avoid uploading documents you are not permitted to share, and you may review the preview shown in the app before submitting. If masking cannot be completed, the upload will not be accepted.

We use collected information to:

• Operate search, accounts, contributions, and admin review;
• Extract structured pricing data from approved images using AI (for example, line items, totals, vendor name, and service date);
• Enforce search limits and contribution-based access rules;
• Improve reliability, security, and abuse prevention; and
• Respond to support requests.

We do not sell your personal information. We do not use your data for third-party advertising profiles.

After admin approval, contributed documents and derived structured data may appear in public search results for other users. Approved images are the masked versions stored at upload time. Location associated with a post is limited to city and state.

Document previews may be blurred or gated until a viewer signs in or meets contribution requirements, as described on the site.

We use essential cookies to keep you signed in (for example, an httpOnly session cookie). We do not use third-party advertising cookies. You can sign out at any time to end your session.

We rely on trusted infrastructure and API providers to run EstiLedger, including:

• Supabase — database, authentication-related storage, and image storage;
• Vercel — application hosting;
• Google — optional sign-in and AI services used for personal-information detection, masking, and structured data extraction from approved images;
• OpenStreetMap / Nominatim — resolving city and state when you enter a location on a post.

These providers process data on our behalf under their own terms and privacy policies. We configure our systems so that sensitive credentials (such as database and AI API keys) are kept on the server, not exposed in the browser.

We retain account and contribution data for as long as needed to operate the service. If you delete an approved post, it is removed from public search; related access benefits may change if that was your only approved contribution. You may contact us to request deletion of your account, subject to legal or operational requirements.

We use industry-standard measures such as encrypted connections (HTTPS), hashed passwords, and server-side access controls. No method of transmission or storage is completely secure; please use a strong, unique password for your account.

EstiLedger is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date above. Continued use of EstiLedger after changes become effective constitutes acceptance of the updated policy.

Questions about this policy or your data? Email contact@estiledger.com.