Quotimiser
Get started

Privacy policy

Last updated: 31 March 2026

This policy explains how Quotimiser ("we", "us") collects and uses personal data when you use our website and service.

1. Who we are

We provide the Quotimiser quote and invoicing platform. For data protection enquiries, use the details on our contact page.

2. Data we collect

We may process:

  • Account data: name, email, password hash, and settings you provide.
  • Business data: quotes, invoices, client details you enter (such as client names, email addresses, phone numbers, and addresses), and content you upload (e.g. logos).
  • Usage and technical data: IP address, device/browser type, and logs needed for security and reliability.
  • Analytics data: with your consent, we use Google Analytics to collect anonymised usage data (pages visited, session duration, device type). Google Analytics uses cookies and processes data in accordance with Google's Privacy Policy. You can control this via our cookie consent banner.
  • Billing data: processed by our payment provider (Stripe); we do not store full card numbers on our servers.
  • Bank account details (manual): if you enter manual bank transfer details in Settings > Payments, we store those details (account name, sort code, account number, IBAN, BIC/SWIFT) to display them on your invoices and PDFs for your clients. You are responsible for ensuring these details are accurate.
  • Pay by Bank (Stripe Connect): when you enable Pay by Bank on invoices, Stripe processes those bank payments on your behalf. We receive payment confirmation and amounts for your invoice ledger; we do not store your clients' online banking credentials.

Client data entered by traders: Quotimiser stores client contact details (such as names, email addresses, phone numbers, and postal addresses) that registered traders enter when raising quotes and invoices. The trader is the data controller for that client data; Quotimiser acts as data processor on their behalf. Traders are responsible for having a lawful basis to hold their clients' information and for keeping any exported copies secure.

3. How we use data

We use personal data to:

  • provide and improve the Service;
  • authenticate you and support your account;
  • process subscriptions and comply with legal obligations;
  • detect abuse and protect users and our systems;
  • send service-related messages (you can manage marketing preferences where applicable).

4. Legal bases (UK GDPR)

We rely on contract (to deliver the Service), legitimate interests (security, analytics, product improvement), consent where required (e.g. non-essential cookies — see our cookie policy), and legal obligation where applicable.

5. Subprocessors and service providers

We use the following third-party services to operate the platform:

  • Railway (Railway Corporation, USA) — application hosting. See Railway's privacy policy.
  • Cloudflare (Cloudflare, Inc., USA) — DNS, CDN, and DDoS protection. See Cloudflare's privacy policy.
  • Amazon Web Services (AWS) (Amazon Web Services, Inc., USA) — S3 object storage for user-uploaded files. See AWS privacy notice.
  • Google Analytics (Google LLC, USA) — website analytics, enabled only with your consent. See Google's Privacy Policy.
  • Stripe (Stripe, Inc., USA) — payment processing for subscriptions. See Stripe's privacy policy.
  • Stripe (Stripe Payments Europe, Ltd. and affiliates) — subscription billing for Quotimiser Pro and, when you connect Stripe Connect, Pay by Bank payments from your clients on invoice portals. Stripe processes payments according to its own terms and fee schedule. See Stripe's privacy policy.
  • Mailgun (Sinch Email, USA) — transactional email delivery. See Mailgun's privacy policy.

Each subprocessor is bound by contractual terms requiring appropriate data protection safeguards.

6. International transfers

Our service providers are primarily based in the United States. Where we transfer data outside the UK/EEA, we use appropriate safeguards such as standard contractual clauses (SCCs) and rely on adequacy decisions where available.

7. Retention

We keep data only as long as needed for the purposes above, including legal, accounting, and dispute resolution needs. You may request deletion subject to exceptions (e.g. unresolved bills).

8. Your rights (UK GDPR / EU GDPR)

Under UK/EU GDPR you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data via your account settings.
  • Erasure: delete your account and all associated data.
  • Portability: export your data in a machine-readable format.
  • Restrict or object: to processing; contact us to exercise this right.
  • Withdraw consent: update your cookie preferences at any time via the cookie banner.
  • Complain: to the ICO (www.ico.org.uk) if you believe your rights have been infringed.

Contact us via our contact page to exercise any of these rights.

9. Children

The Service is not directed at children under 16.

10. Changes

We may update this policy and will revise the "Last updated" date above.