Privacy Policy

ProQuoter is a cloud-based quoting, invoicing, and job management application designed for tradespeople in the United Kingdom. ProQuoter is operated from England, and our service is available at proquoter.co.uk.

For the purposes of UK GDPR, ProQuoter is the data controller for the personal data of users who sign up for an account. Where you store information about your own customers inside ProQuoter, you act as the data controller for that customer data, and ProQuoter acts as your data processor.

If you have questions about this policy or your personal data, contact us at support@proquoter.co.uk.

Information you provide directly

• Account information: your name, email address, and password when you register.
• Business details: your business name, trading address, phone number, website, and VAT number if you enter them in Settings.
• Customer records: names, addresses, phone numbers, and email addresses of your customers that you enter into ProQuoter.
• Quotes and invoices: line items, pricing, materials, labour rates, and any custom wording you write.
• Payments and financial records: payment amounts, dates, and method references you record. We do not store card numbers; payment processing is handled by Stripe (see Third-party services).
• Diary and job entries: scheduled jobs, site visits, notes, and associated customer and location details.
• Photos: images you attach to jobs, quotes, or surveys via the app.
• Uploaded documents: files you upload to the My Documents library (PDFs, images, DOCX) such as insurance certificates, qualifications, and compliance documents.
• Team member details: names and contact information for team members you add to your account on Pro or Teams plans.

Information collected automatically

• Usage data: pages visited, features used, timestamps, and error logs — used to improve the service and diagnose technical issues.
• Device information: browser type, operating system, and approximate location (country/region) for security and service compatibility purposes.
• Authentication tokens: session tokens issued by Supabase to keep you signed in securely.

Information we do not collect

We do not collect payment card numbers, bank account numbers, or any sensitive financial credentials. These are handled entirely by Stripe. We do not run advertising networks and do not share data with advertisers.

We use your data to:

• Create and manage your ProQuoter account and provide the service.
• Generate, store, and send quotes, invoices, receipts, and other documents to your customers on your behalf.
• Process subscription payments and manage your billing via Stripe.
• Sync your data across your devices so the app works reliably online and offline.
• Provide AI-powered features (such as Smart Assistant quote suggestions) using OpenAI where you choose to use them.
• Send transactional emails: email confirmation, password reset, and subscription receipts. We do not send marketing emails without your consent.
• Improve and develop the service, including diagnosing bugs and analysing usage patterns at an aggregate level.
• Comply with legal obligations, including tax and financial record-keeping requirements.

Our legal bases for processing are: performance of a contract (providing the service you signed up for); legitimate interests (improving the service, fraud prevention, security); and legal obligation (compliance with UK law).

ProQuoter uses an offline-first architecture. Your data is stored in three places:

• On your device:data is saved to your device’s local storage and IndexedDB so the app works without an internet connection.
• Supabase (cloud database): your data syncs to a Supabase-hosted PostgreSQL database. Supabase stores data in the European Economic Area (EEA). See the Third-party services section for details.
• Uploaded files (V1): in the current version of the My Documents feature, uploaded file binaries are stored only on the device that uploaded them (in IndexedDB). Document metadata (name, category, expiry date) syncs to Supabase. Cross-device file sync will be introduced in a future update.

Supabase

We use Supabase to host our database and authentication service. Supabase stores data within the EEA and operates under the EU Standard Contractual Clauses for international data transfers. Supabase acts as a data processor on our behalf. See supabase.com/privacy.

Stripe

We use Stripe to process subscription payments. When you enter payment details, they are transmitted directly to Stripe and are never stored by ProQuoter. Stripe is a data controller for your payment information and holds PCI DSS Level 1 certification. See stripe.com/gb/privacy.

OpenAI

When you use AI-powered features (such as Smart Assistant quote writing or enquiry capture), the relevant content you submit is sent to OpenAI for processing. We only send the minimum data required for each AI request (for example, job description text — not your full account or customer records). OpenAI processes this data under their API data usage policy, which does not use API submissions to train their models. See openai.com/policies/privacy-policy.

Vercel

ProQuoter is hosted on Vercel, which serves the web application and handles serverless functions. Vercel may process request metadata (IP addresses, headers) for routing and security purposes. See vercel.com/legal/privacy-policy.

We do not sell your data to any third party, and we do not share it with any party other than those listed above and as required by law.

Under UK GDPR you have the following rights regarding your personal data:

• Right to access: request a copy of the personal data we hold about you.
• Right to rectification: ask us to correct inaccurate or incomplete data.
• Right to erasure: ask us to delete your account and associated personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to restriction: ask us to restrict processing of your data in certain circumstances.
• Right to data portability: receive a copy of your data in a structured, machine-readable format so you can transfer it to another provider.
• Right to object: object to processing based on legitimate interests.
• Rights in relation to automated decision-making: we do not make solely automated decisions that have legal or similarly significant effects on you.

To exercise any of these rights, email us at support@proquoter.co.uk. We will respond within one calendar month. If you are unhappy with how we handle your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

We retain your account data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for longer by law (for example, financial records that UK tax law requires to be kept for 6 years).

Customer data you have entered (names, addresses, quote details) is retained as part of your account until you delete it or close your account. You can delete individual records at any time from within the app.

ProQuoter uses only technically necessary cookies and browser storage mechanisms (localStorage, sessionStorage, IndexedDB) required to operate the service:

• Session cookies: issued by Supabase to keep you authenticated.
• Local storage: used to store your app data offline and sync settings.

We do not use advertising cookies, tracking pixels, or analytics cookies that share data with third parties. We do not use Google Analytics or similar services.

We take the security of your data seriously and implement appropriate technical and organisational measures:

• All data in transit is encrypted using TLS 1.2 or higher.
• Data at rest in Supabase is encrypted using AES-256.
• Row-Level Security (RLS) policies in our database ensure each user can only access their own data.
• Passwords are hashed using bcrypt; we never store plaintext passwords.
• Access to production systems is restricted to authorised personnel only.

Despite these measures, no system is completely secure. If you become aware of any security concern relating to your account, please contact us immediately at support@proquoter.co.uk.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice within the app at least 30 days before the change takes effect. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of ProQuoter after a policy update constitutes your acceptance of the revised terms.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

We aim to respond to all privacy enquiries within 5 business days and will always resolve data subject requests within the 30-day period required by UK GDPR.