QuoteSmith ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our website and services at quotesmith.co.uk.

Who We Are

QuoteSmith is a web-based proposal generation tool for UK tradespeople. We are the data controller for the personal data we process. If you have any questions about this policy, please contact us at support@quotesmith.co.uk.

What Data We Collect

We collect the following types of personal data:

Account information: When you register, we collect your name, email address, and password (stored securely using bcrypt hashing). We never store your password in plain text.

Business information: Your business name, address, phone number, and logo — which you provide to customise your proposals.

Proposal data: The client names, addresses, job descriptions, and pricing information you enter when creating proposals. This data is stored to allow you to manage and regenerate your proposals.

Payment information: When you subscribe, payment is processed securely by Stripe. We do not store your full card details — Stripe handles this in compliance with PCI DSS standards. We store only your Stripe customer ID and subscription status.

Usage data: We use Google Analytics 4 to collect anonymised data about how visitors use our website, including pages visited, time on site, and referral sources. This data is used to improve our service and is not linked to individual accounts.

How We Use Your Data

We use your personal data to:

  • Provide and maintain our proposal generation service
  • Process your subscription payments via Stripe
  • Send you important account notifications (e.g. subscription confirmations, password resets)
  • Improve our website and service based on anonymised usage patterns

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

  • Contract: Processing your account and proposal data is necessary to provide the service you have signed up for.
  • Legitimate interest: Anonymised analytics data helps us improve our service for all users.
  • Consent: Where required, we will ask for your explicit consent before processing data for any purpose not covered above.

Data Storage and Security

Your data is stored on secure servers hosted in the United Kingdom. We use industry-standard security measures including:

  • HTTPS encryption on all connections (TLS 1.2+)
  • Bcrypt password hashing
  • Secure HTTP headers (HSTS, X-Frame-Options, X-Content-Type-Options)
  • Regular security updates and monitoring

Data Retention

We retain your account and proposal data for as long as your account is active. If you cancel your subscription, your data remains accessible in read-only mode. If you wish to delete your account and all associated data, please contact us at support@quotesmith.co.uk and we will process your request within 30 days.

Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify any inaccurate or incomplete data
  • Erase your personal data (right to be forgotten)
  • Restrict processing of your data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests

To exercise any of these rights, please contact us at support@quotesmith.co.uk. We will respond within one calendar month.

Cookies

We use essential cookies to maintain your login session. Google Analytics 4 uses cookies to collect anonymised usage data. You can control cookie settings through your browser preferences.

Third-Party Services

We use the following third-party services that may process your data:

  • Stripe — payment processing (PCI DSS compliant)
  • Google Analytics 4 — anonymised website analytics
  • Anthropic (Claude AI) — AI-powered proposal text generation. Job details you enter are sent to Anthropic's API to generate proposal content. Anthropic does not use this data for training purposes.

Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us at support@quotesmith.co.uk.