Privacy Policy
Last updated: 5 March 2026
Quote Invoice UK (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use our website and services at quoteinvoice.co.uk. It is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
The data controller for your personal information is Quote Invoice UK. If you have any questions about this policy or how we handle your data, please contact us at privacy@quoteinvoice.co.uk.
2. What Data We Collect
We collect the following categories of personal data:
- Account information: Your name, email address, and password when you register for an account.
- Business information: Your business name, address, VAT number, and logo that you add to your profile.
- Customer data: Names, addresses, and contact details of your clients that you enter into the platform.
- Usage data: Information about how you use our service, including pages visited, features used, and actions taken.
- Payment data: Billing information processed securely by our payment provider, Stripe. We do not store your full card details.
- Communications: Emails or messages you send to us for support or enquiries.
- Cookies and tracking: Technical data collected via cookies and similar technologies. See Section 8 for details.
3. How We Use Your Data
We use your personal data for the following purposes:
To provide and maintain your account and the Quote Invoice UK service.
To process your subscription payments and manage billing.
To improve and develop our product based on how users interact with it.
To send you service-related notifications, such as payment receipts and account alerts.
To send you marketing emails about new features or offers (you can opt out at any time).
To comply with applicable laws, regulations, and legal processes.
4. How We Share Your Data
We do not sell your personal data. We may share it with trusted third parties only where necessary to operate our service:
- Supabase – our database and authentication provider, hosted in the EU.
- Stripe – our payment processor. Stripe is PCI-DSS compliant.
- Resend – our transactional email provider, used to send invoices and notifications.
- Vercel – our hosting provider.
- Analytics providers – we may use privacy-respecting analytics tools to understand usage patterns.
All third-party processors are required to handle your data in accordance with UK GDPR and are bound by appropriate data processing agreements.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with our services. If you close your account, we will delete or anonymise your data within 90 days, unless we are required to retain it for legal or regulatory purposes (for example, financial records which may need to be kept for up to 6 years under UK tax law).
6. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access – request a copy of the data we hold about you.
- Right to rectification – ask us to correct inaccurate or incomplete data.
- Right to erasure – request deletion of your data (“right to be forgotten”).
- Right to restrict processing – ask us to limit how we use your data.
- Right to data portability – receive your data in a structured, machine-readable format.
- Right to object – object to processing based on legitimate interests or for direct marketing.
- Rights related to automated decision-making – we do not use automated decision-making or profiling.
Exercise your rights directly in your account
You can exercise several of these rights without contacting us, directly from your Settings page inside your QuoteInvoice account:
- Update your data – edit your profile, business details, and customer records at any time from Settings.
- Export your data – download a complete copy of all personal data we hold about you (profile, customers, invoices, quotes, and expenses) as a structured JSON file via Settings → Your Data & Privacy → Export all data.
- Delete your account – permanently delete your account and all associated personal data via Settings → Your Data & Privacy → Delete account.
To exercise other rights (restriction, objection, subject access request) or if you need assistance, please email privacy@quoteinvoice.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
7. Data Security
We take the security of your data seriously. We use industry-standard measures including encryption in transit (TLS/HTTPS), encrypted storage, and access controls to protect your information. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Data Breach Notification
In the event of a personal data breach, we will act promptly in accordance with our obligations under UK GDPR.
ICO Reporting
We are required to notify the Information Commissioner's Office (ICO) (opens in new tab) about personal data breaches within 72 hours of becoming aware of them, where the breach is likely to result in a risk to individuals' rights and freedoms.
Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. If you believe your data has been compromised, please contact us immediately at privacy@quoteinvoice.co.uk.
9. Cookies
We use cookies and similar technologies to operate our service and understand how it is used. Cookies we use include:
- Essential cookies – required for authentication and core functionality. These cannot be disabled.
- Analytics cookies – help us understand how visitors use our site (e.g. page views, session duration). Only set with your consent.
- Marketing cookies – used to measure the effectiveness of advertising campaigns. Only set with your consent.
You can manage your cookie preferences at any time via the cookie banner on our site. You can also control cookies through your browser settings.
10. International Transfers
Some of our third-party service providers may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with UK GDPR.
11. Children's Privacy
Our service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a prominent notice on our website. The “Last updated” date at the top of this page will always reflect the most recent revision. Continued use of our service after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
Quote Invoice UK
Email: privacy@quoteinvoice.co.uk