Legal
Privacy Policy
Last updated: 2 July 2026
1. Who we are
QuoteKit (“we”, “us”, “our”) is an AI-powered quoting and invoicing tool built for UK tradespeople. For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), QuoteKit is the data controller of your personal data.
If you have any questions about this policy or how we handle your data, please contact us at: contactqk@quotekit.uk
2. What data we collect
We collect and process the following categories of personal data:
- Account data: name, email address, and password (managed securely by Clerk, our authentication provider).
- Business profile data: company name, address, phone number, email, website, registration number, VAT number, trade, accreditation numbers, and insurance details — only when you choose to save these.
- Usage data: number of quotes and invoices generated per month, your subscription plan and status.
- Payment data: billing details processed by Stripe. We never see or store your card number — Stripe handles all payment processing.
- Customer data you enter: names, addresses, and contact details of your customers that you type into quotes and invoices.
- Starter and Pro plans: this data is used only during your active session to generate the document. It is passed to Anthropic's API to produce the written text and is not stored on our servers afterwards.
- Business plan: quote and invoice documents (including customer names, addresses, and job details) are stored in our database to power the Tracking feature, allowing you to view and manage past documents. Bank account details are never stored. You can delete individual records or all tracking data at any time from the Tracking page.
- Technical data: IP address, browser type, and pages visited, collected automatically via server logs.
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Provide the QuoteKit service (generating quotes and invoices) | Contract performance |
| Manage your account and authentication | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Track monthly usage against your plan limits | Contract performance |
| Store quote and invoice history for Business plan users (Tracking feature) | Contract performance |
| Send transactional emails (account confirmation, receipts) | Contract performance |
| Comply with legal obligations (tax, fraud prevention) | Legal obligation |
| Improve and develop the service | Legitimate interests |
| Communicate product updates (you can opt out anytime) | Legitimate interests |
4. Your customer's data
When you enter your customers' names, addresses and contact details into QuoteKit to generate a quote or invoice, you are acting as the data controller for that information and we act as a data processor. We process this data only on your instructions to generate the document.
We do not sell, analyse, or share your customers' personal data with any third party except as described in section 5 below (e.g. passing job details to Anthropic's API to generate text).
You are responsible for ensuring you have a lawful basis to share your customers' data with QuoteKit for this purpose — for example, that you have a legitimate interest or contractual need to prepare the quote or invoice.
5. Who we share data with (sub-processors)
- Clerk — authentication and user management (privacy policy)
- Stripe — payment processing (privacy policy)
- Supabase — encrypted database hosting, EU region (privacy policy)
- Anthropic — AI generation of quote and invoice text. Job descriptions and customer names are sent to Anthropic's API to produce the written content. Data is processed under Anthropic's data processing agreement and is not used to train their models. (privacy policy)
- Resend — transactional and customer-facing email delivery. When you use QuoteKit to email a quote or invoice to a customer, the email content passes through Resend's infrastructure. (privacy policy)
We do not sell your personal data to any third party, ever.
6. Data retention
- Account data is retained for as long as your account is active and for 90 days after deletion (to allow account recovery), after which it is permanently erased.
- Payment records are retained for 7 years for HMRC compliance. This is a legal obligation and cannot be waived upon account deletion.
- Usage data (generation counts) is retained for 13 months and then deleted.
- Quote and invoice history (Business plan) — stored documents are retained until you delete them (individually via the Tracking page, or all at once via the “Clear all” option), or until you close your account. Bank account details are never stored.
- Customer data (Starter/Pro plans) — customer names and addresses entered into quotes and invoices are not stored beyond your active browser session on these plans.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — download a copy of all data we hold about you using the Download your data button in your account settings.
- Right to rectification — update inaccurate data via your account settings at any time.
- Right to erasure — permanently delete your account and all associated data using the Delete account button in your account settings, or by emailing contactqk@quotekit.uk.
- Right to restriction — ask us to limit how we use your data by emailing us.
- Right to data portability — receive your data in a machine-readable JSON format using the Download your data button.
- Right to object — object to processing based on legitimate interests by emailing us.
We will respond to all requests within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
QuoteKit uses only essential cookies required for authentication (Clerk session cookies) and security. We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under UK PECR.
9. Changes to this policy
We may update this privacy policy from time to time. We will notify registered users by email of any material changes. The “last updated” date at the top of this page reflects the most recent revision. Continued use of QuoteKit after changes constitutes acceptance of the updated policy.
Questions? Email contactqk@quotekit.uk