Privacy policy

This notice covers people who visit quotefollow.uk, create or test a QuoteFollow account, receive a quote link, respond to a quote, or contact QuoteFollow about the service.

For account, billing, support, security, and website data, QuoteFollow is the controller. For customer and quote data that a trade user enters into the app, the trade user is normally the controller and QuoteFollow acts as their processor.

• Account data: name, email address, login details, sign-up status, and account activity.
• Business profile data: business name, trade type, contact details, address, website, logo, VAT number, and default quote wording.
• Customer and quote data entered by a trade user: customer name, email, phone, address, quote title, description, line items, prices, expiry dates, quote status, and quote events.
• Public quote response data: quote views, accept or decline actions, customer questions, timestamps, and basic technical logs.
• Email data: recipient address, subject, delivery status, bounce or failure information, and message metadata needed to send and troubleshoot quote emails.
• Billing data: Stripe customer, subscription, checkout, invoice, trial, and payment status references. QuoteFollow does not store full card numbers.
• Technical data: IP address, device and browser information, pages visited, server logs, security events, and cookie or session identifiers needed to run the service.
• Support data: messages you send, diagnostics, and any information needed to respond to your request.

• To create accounts, authenticate users, and keep each workspace private.
• To let trade users create customers, quotes, quote links, follow-up schedules, and status timelines.
• To send quote emails, follow-up emails, and owner notifications.
• To record quote views, questions, acceptances, declines, follow-ups, and expiries.
• To manage trials, subscriptions, invoices, billing status, abuse prevention, and account limits if billing is enabled.
• To keep the service secure, monitor errors, investigate misuse, and protect private quote data.
• To answer support requests and improve the product during the pre-commercial testing period.
• To meet legal, tax, accounting, data protection, and dispute-handling obligations where they apply.

Depending on the context, QuoteFollow relies on contract, legitimate interests, legal obligation, or consent. Contract is used where data is needed to provide the account or requested service. Legitimate interests are used for security, service improvement, fraud prevention, support, and limited product testing where those interests are not overridden by people's rights. Legal obligation is used for records that must be kept. Consent is used where UK law requires it, such as optional non-essential cookies or direct marketing that needs opt-in consent.

Trade users are responsible for choosing and documenting their own lawful basis for entering their customers' personal data into QuoteFollow and for sending quote or follow-up emails to those customers.

QuoteFollow is built for quote-related emails, not spam or bought marketing lists. Trade users must only send quote and follow-up emails where they have a lawful basis and comply with the Privacy and Electronic Communications Regulations, including any opt-out requirements that apply to their customers.

QuoteFollow may add or require footer wording that identifies the sender and gives the recipient a practical way to object or reply, especially where a follow-up could be treated as marketing or promotional.

QuoteFollow uses strictly necessary cookies or similar storage for login sessions, security, routing, and service reliability. Payment, authentication, hosting, and security providers may also set essential cookies or use similar technologies when needed to provide the service.

QuoteFollow does not currently use advertising cookies. Analytics or marketing cookies should not be added unless the site also provides clear information and a consent mechanism before those cookies are set.

• Supabase for authentication, database, storage, and row-level-security-backed data handling.
• Resend or another configured email provider for quote emails, follow-ups, owner notifications, and delivery records.
• Stripe for checkout, subscriptions, customer portal, invoices, payment status, and payment-related compliance.
• Oracle Cloud and Cloudflare for hosting, routing, security, TLS, DNS, logs, and service availability.
• Professional advisers, regulators, courts, or public authorities where needed for legal, tax, accounting, security, or dispute reasons.

QuoteFollow does not sell customer or quote data.

Some providers may process data outside the UK. Where this creates a restricted transfer under UK data protection law, QuoteFollow should rely on UK adequacy regulations, the UK-US data bridge where applicable, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or another valid safeguard.

• Account and workspace data is kept while the account is active and for a reasonable period afterwards for backup, audit, billing, security, and dispute handling.
• Customer, quote, quote item, follow-up, and quote event data is kept while the trade user keeps it in their workspace, unless deletion is requested and no legal reason requires retention.
• Email delivery and technical logs are kept only as long as needed for deliverability, security, debugging, and evidence of quote activity.
• Billing and tax-related records may be kept for up to six years after the relevant accounting period, or longer if required by law or dispute handling.
• Pre-commercial test data should be deleted when no longer needed for the agreed test.

QuoteFollow uses server-side service keys, Supabase row-level security, non-guessable public quote tokens, HTTPS, provider access controls, and limited logging to protect private quote data. No online service can guarantee perfect security, so users should avoid adding unnecessary personal data and should report suspected issues quickly.

Depending on the data and lawful basis, you may have rights to access, correct, erase, restrict, receive, or object to the use of your personal data. If consent is used, you can withdraw it. You can also complain to the UK Information Commissioner's Office if you think your data has not been handled properly.

If you are a customer of a trade user and your data was entered into QuoteFollow by that trade user, you may need to contact the trade business first because they are normally the controller for that quote relationship. QuoteFollow will help them respond where required.

For privacy questions, contact QuoteFollow at [email protected]. This contact address should be replaced or supplemented with the final legal operator details before commercial launch.