Legal
Privacy Policy
Effective date: March 15, 2026 · Low-IP, LLC
Low-IP, LLC ("we", "us", "our") operates Suite by Low-IP ("the Service"). This Privacy Policy explains how we collect, use, and protect your information when you use the Service. By using the Service, you agree to the practices described here.
1. Information We Collect
Account information
When you subscribe or create a demo account, we collect your name, email address, company name, and a securely hashed password (we never store plain-text passwords).
Profile information
During onboarding you may optionally provide your industry, team size, timezone, phone number, and a company logo.
Payment information
Payments are processed by Stripe. We do not store credit card numbers or payment details. We only receive a Stripe customer/session ID to link your subscription to your account.
Usage and technical data
We temporarily log IP addresses solely to enforce rate limiting on login attempts. These logs are stored in memory only and are not persisted to disk.
Business data you enter
Contacts, estimates, proposals, invoices, and call logs you create in the Service are stored in your account and belong to you.
2. How We Use Your Information
- ▸To provide, operate, and maintain the Service
- ▸To send you account credentials, onboarding emails, and service updates
- ▸To respond to support requests and provide customer service
- ▸To prevent fraud and enforce rate limiting on login attempts
- ▸To comply with legal obligations
3. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers necessary to operate the Service:
gmail.send scope only. This allows Suite to send emails (proposals, estimates, invoices) on your behalf using your Gmail address. We do not read, store, or access your Gmail inbox, messages, or any other Google data. OAuth tokens are stored securely on our servers and used solely to send outbound mail at your direction. You may disconnect at any time from Settings → Email.
Google API Services User Data Policy
Suite by Low-IP's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, when you connect your Gmail or Google Workspace account:
- ▸We request only the gmail.send scope — the minimum permission needed to send email on your behalf.
- ▸We do not read, index, store, or share the contents of your Gmail inbox or any received emails.
- ▸Google user data is used exclusively to send outbound emails (proposals, estimates, invoices) that you initiate within Suite.
- ▸We do not use Google user data for advertising, profiling, or any purpose beyond sending email on your behalf.
- ▸You can revoke access at any time from Suite Settings → Email → Disconnect, or from your Google Account permissions page.
4. Data Storage & Security
Our Security Commitment
Security is a core priority at Low-IP, LLC — not an afterthought. We treat your business data with the same care we would want for our own. Our infrastructure is designed with multiple layers of protection, and we continuously review and improve our security posture.
Your data is stored on servers located in the United States. Technical security measures we implement include:
- ▸Bcrypt password hashing — passwords are never stored in plain text
- ▸HTTPS-only communication with TLS encryption on all data in transit
- ▸HttpOnly, Secure, SameSite session cookies to prevent XSS and CSRF attacks
- ▸Login rate limiting with IP-based lockout after repeated failed attempts
- ▸JWT tokens signed with a cryptographically strong secret, never hardcoded
- ▸Firewall rules restricting all inbound traffic to Cloudflare-proxied requests only
- ▸Intrusion detection and automatic IP banning for brute-force or abusive traffic
- ▸All sensitive configuration (secrets, API keys) stored in environment variables — never in source code
Abuse & Malicious Activity
We maintain a strict zero-tolerance policy for any attempt to misuse, exploit, or compromise the Service. This includes unauthorized access attempts, vulnerability probing, data scraping, and any other malicious intent. Such activity will result in immediate account termination and may be reported to law enforcement. We preserve logs necessary to support any resulting investigation.
Responsible Disclosure
If you discover a security vulnerability in our platform, we ask that you report it to us responsibly at [email protected] before any public disclosure. We take all reports seriously and will respond promptly. We do not take legal action against security researchers who report vulnerabilities in good faith.
No method of transmission over the internet is 100% secure. We strive to protect your information but cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
5. Data Retention
Trial accounts expire after 7 days. Active subscriber accounts are retained for the duration of the subscription. Upon account deletion or cancellation, we may retain data for up to 30 days before permanent deletion. You may request earlier deletion by contacting support.
6. Cookies
We use a single session cookie (hub_demo_session) to keep you logged in. This cookie is httpOnly, secure, and contains only a signed authentication token. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
7. Your Rights
You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at [email protected]. We will respond within 10 business days.
8. Children's Privacy
The Service is intended for business use and is not directed to children under 13. We do not knowingly collect information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date.