Privacy Policy
Privacy Policy
Last updated: 27 April 2026
This Privacy Policy explains how QuoteMate handles personal data across the website, web app, contractor accounts, quote generation, saved quotes, customer-facing documents, public share links, supplier workflows, billing, support, analytics, and early-access voice/AI features where enabled.
QuoteMate is built for UK trade contractors.
In many cases, QuoteMate is the controller for account, billing, security, and product usage data.
Where a contractor enters information about their own customer or job, QuoteMate may process that information to provide the service to that contractor. The contractor remains responsible for their own relationship with that customer.
1. Who We Are
QuoteMate Ltd, trading as QuoteMate.
Registered address: 29 Bayes Avenue, Coggeshall, Colchester, England, CO6 1ZN
Company number: 16971354
Privacy contact: support@quotemate.co.uk
QuoteMate is a UK-focused business-to-business SaaS product for contractor quoting.
2. Scope
This policy covers the QuoteMate website and web app, contractor and supplier accounts, business profile and settings pages, quote builders for live trade modules, saved quote history, generated customer PDFs and job documents, public quote share links, billing and subscription flows, support and feedback communications, public share lead forms, supplier/material workflows, and analytics or telemetry features.
It also covers optional, early-access, or internal features where enabled, including AI job-plan rendering, voice intake, transcription, audio uploads, multimodal intake, and CRM webhook delivery.
3. Personal Data We Collect
We may collect and process the following categories of personal data.
Account identity data, including email address, role, plan or trial status, onboarding state, login/session records, password reset records, IP address, and user agent.
Business profile data, including trading name, legal name, company number, VAT number, contact details, address, logo, brand colours, payment terms, quote terms, supplier preferences, margins, defaults, and quote document settings.
Contractor organisation and team data, including organisation membership, staff seats, permissions, pricing governance events, invitations, proposals, approvals, and revocations.
Billing and subscription metadata, including Stripe customer ID, subscription ID, checkout session IDs, price IDs, billing status, plan tier, payment status, trial limits, and invoice or portal actions.
QuoteMate does not store full payment card numbers. Payment card details are handled by Stripe.
Customer, client, and project data entered by contractors, including customer names, email addresses, phone numbers, billing address, site address, project title, scope notes, quote notes, and public-share contact visibility choices.
Trade-specific quote inputs and outputs, including fencing and pressure-washing measurements, materials, access/logistics, quote readiness status, warnings, disclosures, supplier/material selections, assumptions, pricing snapshots, manual adjustments, and quote truth/action-policy records.
Generated output data, including customer-facing quote PDFs, order-style documents, document fingerprints, storage keys, byte sizes, generation errors, AI-rendered job plans, quote history, public share data, and customer-facing assumptions.
Supplier workflow data, including supplier organisations, branches, catalog versions, product families, branch coverage, supplier contacts, review requests, supplier orders, site contact details, delivery address snapshots, order notes, review notes, substitutions, and demand events.
Public share and lead data, including public quote link views, lead-capture full name, email, phone, message, marketing/follow-up consent, UTM data, IP address, and user agent.
Support, feedback, and sales interest data, including feedback messages, feature requests, sales lead email addresses, source/job type, support emails, and admin notifications.
Audit, security, analytics, and telemetry data, including event type, route, quote status, funnel stage, feature usage, sanitized metadata, IP address, user agent, rate-limit/security events, and operational metrics.
Uploaded file or media data where enabled, including business logos, voice/audio artifacts, transcript versions, normalized transcript text, candidate versions, semantic observations, and public or private storage keys.
Cookies and browser storage data, as explained in our Cookie Policy.
4. How We Collect Data
We collect data directly from users when they register, sign in, configure settings, create quotes, save records, upload logos, use voice or intake tools, contact support, submit feedback, or use billing flows.
We collect data from contractors about their own customers when the contractor enters customer, project, site, quote, and contact details.
We generate data when QuoteMate quote engines calculate outputs, assign readiness/action states, create documents, produce public share links, generate job plans, create supplier requests, and record audit evidence.
We collect data automatically from the browser and server when users interact with the app, including cookies, local storage, session storage, logs, security checks, product analytics, and rate-limit events.
We may receive data from third-party processors such as Stripe, email providers, analytics tools, storage providers, and CRM webhook recipients where configured.
5. Purposes and Likely Lawful Bases
We process personal data for the following purposes.
Provide the service
Examples include accounts, quote generation, saved history, settings, documents, public shares, supplier workflows, and support.
Likely lawful basis: contract with contractor users and legitimate interests for operational support.
Process contractor customer data
Examples include customer contact details, site address, project notes, quote outputs, and share links.
Likely lawful basis: contract or legitimate interests for providing QuoteMate to the contractor. The contractor must identify their own lawful basis for their customer relationship.
Billing and subscriptions
Examples include Stripe checkout, billing portal sessions, plan status, invoices, and failed payment handling.
Likely lawful basis: contract and legal obligation for accounting and tax records.
Security, fraud prevention, audit, and rate limiting
Examples include session records, CSRF cookies, IP address, user agent, audit logs, origin checks, rate-limit checks, and sanitized telemetry.
Likely lawful basis: legitimate interests and legal obligation where security or accounting records must be kept.
Support and service communications
Examples include password reset, account support, feedback, issue reports, and trial reminder emails where enabled.
Likely lawful basis: contract, legitimate interests, consent, or soft opt-in where marketing rules require it.
Product improvement and early-access analytics
Examples include quote funnel events, blocked action events, feature usage, and session replay where enabled.
Likely lawful basis: legitimate interests for essential product telemetry. Consent is used for non-essential cookies, session replay, and marketing measurement where required.
AI, voice, transcription, and automation where enabled
Examples include audio transcription, AI job-plan rendering, semantic observations, and multimodal intake.
Likely lawful basis: contract or legitimate interests to provide requested early-access features. Explicit consent or additional safeguards may be needed if users upload sensitive content.
Legal compliance and dispute handling
Examples include evidence logs for quote PDFs, public share, job plans, supplier orders, invoices, misuse reports, and complaints.
Likely lawful basis: legal obligation and legitimate interests.
6. Customer Data Entered by Contractors
Contractors may enter personal data about their own customers, including names, addresses, contact details, project details, site notes, quote notes, and customer-facing quote assumptions.
QuoteMate processes that data so the contractor can create, save, review, manage, and share quotes and documents.
The contractor is responsible for ensuring they have the right to collect, enter, use, and share their customer data in QuoteMate.
Contractors should give their customers appropriate privacy information and should not enter unnecessary sensitive data.
QuoteMate will not use contractor customer data for unrelated marketing.
Public share links and customer documents may expose selected customer, project, and quote information to recipients chosen by the contractor.
7. Public Share Links and Documents
QuoteMate can generate customer PDFs, quote documents, job plans, and public quote share links.
Public share links are intended to be shared by contractors with their customers.
Where a public share link is enabled, anyone with that link may be able to view the selected quote information unless the link is disabled, expired, or blocked by policy.
The contractor controls who receives quote outputs and is responsible for reviewing the content before sending.
QuoteMate may block, restrict, or label documents or shares where quote readiness or action policy says the quote is estimate-only, needs review, needs a site visit, or cannot be quoted safely.
8. Billing and Payments
Billing is handled through Stripe where billing is enabled.
QuoteMate stores Stripe identifiers and billing metadata such as customer ID, subscription ID, checkout session ID, plan, status, and entitlement information.
Payment card details are handled by Stripe.
QuoteMate does not store full card numbers.
Stripe may return payment or subscription events to QuoteMate through webhooks so that plan access can be updated.
9. AI, Voice, Transcription, and Uploaded Content
Where enabled, QuoteMate may provide optional or early-access AI and voice functionality, including AI job-plan rendering, audio transcription, voice intake, multimodal intake, and semantic analysis.
These features may process audio, transcripts, job descriptions, quote context, and generated outputs where enabled.
Voice and AI features may be disabled, limited, internal, or available only to selected users.
Current default retention settings may vary by feature and deployment, but audio artifacts and transcripts may be retained for limited periods to provide, debug, secure, and improve the feature.
Users should not upload unlawful, unnecessary, confidential, or sensitive content unless they have a lawful basis and the feature is appropriate for that data.
Third-party AI or transcription providers may process relevant content where those features are enabled.
10. Data Sharing and Processors
We may share data with processors and third parties where needed to provide, secure, support, bill, analyse, or improve the service.
These may include the following categories.
Hosting, database, infrastructure, queues, metrics, and security providers used to run QuoteMate.
Cloudflare R2 or compatible object storage for PDFs, business logos, and media/artifact storage where configured.
Stripe for contractor and supplier billing, subscriptions, checkout, portal sessions, invoices, and payment events.
Email providers, including Resend or configured SMTP, for password reset, support, feedback, trial, and service emails.
Google Analytics where a measurement ID is configured and consent requirements are met.
Microsoft Clarity where enabled and analytics/session replay consent is granted.
Meta Pixel and Meta Conversions API where enabled and consented for marketing measurement.
Sentry and operational metrics tooling where configured for error and performance monitoring.
OpenAI where AI job-plan, voice transcription, semantic, or multimodal features are enabled.
CRM webhook recipients where public share lead capture and CRM delivery are enabled.
Supplier organisations and branches where contractor workflows send supplier orders, review requests, site contact data, or delivery details.
Professional advisers, regulators, courts, law enforcement, or authorities where required or appropriate.
11. International Transfers
Some providers may process personal data outside the UK.
Where this happens, QuoteMate uses appropriate safeguards such as adequacy regulations, standard contractual clauses, UK addenda, or provider-specific data protection terms where required.
12. Retention and Deletion
QuoteMate keeps account, billing, quote, document, supplier, and settings data while needed to provide the service, maintain records, handle support, secure the platform, comply with legal/accounting duties, and resolve disputes.
QuoteMate includes account export and deletion tools where available.
Quote and document records may be retained where needed for legal, accounting, security, backup, fraud prevention, dispute handling, or evidence purposes.
Public share links may be disabled, expire, or become unavailable depending on account state, quote state, product settings, or retention rules.
Audit logs, evidence records, billing records, security logs, backups, and object storage records may be retained for limited periods where needed for recovery, accounting, security, legal, or dispute purposes.
Voice/audio artifacts and transcripts, where enabled, may have separate retention periods.
Some deleted information may remain in backups or logs for a limited period before being overwritten or removed according to retention processes.
13. Your UK GDPR Rights
To exercise rights, contact support@quotemate.co.uk.
Contractors should route customer data requests appropriately where QuoteMate processes customer data on their behalf.
Depending on the circumstances, you may have the right to:
Access your personal data.
Correct inaccurate personal data.
Erase personal data in certain circumstances.
Restrict processing in certain circumstances.
Object to processing in certain circumstances.
Request data portability where applicable.
Withdraw consent where processing is based on consent.
Complain to the UK Information Commissioner’s Office.
14. Security
QuoteMate uses authentication, password hashing, HTTP-only session and refresh cookies, CSRF protection, rate limiting, origin checks, production configuration guards, audit logs, access controls, and sanitized event metadata.
Public shares use generated identifiers and can be disabled or expire where configured.
No online service can be guaranteed completely secure.
Users must keep their login credentials, email account, devices, public share links, and team access secure.
If you believe your account or data has been compromised, contact support@quotemate.co.uk promptly.
15. Children
QuoteMate is business software for contractors and suppliers.
It is not intended for children.
16. Changes and Contact
QuoteMate may update this policy as the product, processors, or law changes.
Material updates should be communicated where appropriate.
Questions and privacy-specific requests can be sent to:
Email: support@quotemate.co.uk
Registered address: 29 Bayes Avenue, Coggeshall, Colchester, England, CO6 1ZN
Company number: 16971354