This Privacy Policy explains how Quotely (“we”, “us”, “our”), operated from Ireland, processes personal data when you use our quote and invoicing app and related website services. It applies to business users of Quotely and describes our role with respect to end-customer data those users store in the app.
This policy version is 1.1, referenced when you accept terms and privacy during registration in the mobile app.
1Who we are and how to contact us
Quotely, trading as Quotely, provides software for tradespeople and small businesses in Ireland and the European Union to create quotes, send invoices, manage customers, and automate follow-ups. Our registered address is Ireland.
Data controller contact: privacy@quotely.ie
General support: support@quotely.ie
Registered company details are published on our subprocessor register and in our Data Processing Agreement for business users.
2Roles under GDPR
Data protection law distinguishes between controllers (who decide why and how data is processed) and processors (who process data on a controller's instructions).
- Business users (tradespeople and companies using Quotely) are data controllersfor their customers' name and email address, and for the content of quotes and invoices they create.
- Quotely is a data processor for that customer-related data — we store and transmit it on your instructions (for example, when you send a quote or schedule a follow-up).
- For your own account data (registration email, profile, consents), Quotely acts as data controller.
End customers (people who receive quotes) should contact the business that sent the quote to exercise their rights. We will assist business users in fulfilling lawful requests where required.
3Personal data we collect
3.1 Business user account data
- Email address (login and account communication)
- Display name
- Business name and related profile details
- Subscription plan and billing consent records
- Consent and audit records (terms, directory listing, follow-ups, lawful basis)
- Push notification device tokens (if you enable notifications)
3.2 Customer data you enter
- Customer name and email address (minimal fields by design)
- Lawful basis confirmation and timestamp when adding customers
- Quotes, invoices, line items, notes, and send/follow-up status
- Public quote and invoice view tokens (unguessable links for recipients)
3.3 Optional directory listing
If you opt in to the public Quotely directory, selected business profile information (such as business name, description, and contact details you choose to publish) may be displayed at quotely.ie/directory. Directory listing is entirely optional and can be withdrawn in app settings.
3.4 Technical and operational data
- Service logs using opaque identifiers — we do not log customer names, emails, or quote content
- Quote send event metadata (timestamps and status, not email body or recipient)
- Authentication and security events necessary to operate the service
4How we use personal data
We process personal data to:
- Provide and secure the Quotely service
- Send quotes and invoices on your instruction via email
- Deliver push notifications about quote responses and follow-up reminders (not advertising)
- Run automated follow-up scheduling you configure
- Display your optional public directory listing
- Manage subscriptions and record billing consents
- Comply with legal obligations and enforce our terms
5Lawful bases
For business user account data, we rely on:
- Contract (GDPR Art. 6(1)(b)) — to provide the service you sign up for
- Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, and service improvement, balanced against your rights
- Consent (Art. 6(1)(a)) — where required, for example optional directory listing or push notifications
For customer data entered by business users, the business user determines the lawful basis (typically contract or legitimate interests for B2B quoting). The app prompts users to confirm this when adding new customers.
6Subprocessors
We use trusted third-party providers to operate Quotely. They process data only on our instructions and under appropriate safeguards:
- Supabase — cloud hosting, database, authentication infrastructure, and scheduled data retention jobs
- Mailgun (Twilio) — transactional email delivery for quotes and related messages sent on your instruction
- Stripe — subscription billing and payment processing (payment identifiers and billing contact details only; Quotely does not store card numbers)
- Vercel — website and API hosting, serverless functions, and scheduled jobs
- Expo push notification service — delivery of mobile push notifications for quote updates and follow-up reminders
We select EU regions where available and require appropriate data processing terms. A current dated list is published at quotely.ie/subprocessors. Business users processing customer data through Quotely should also review our Data Processing Agreement.
7International transfers
Data is primarily processed in the European Economic Area (Supabase EU region, Mailgun EU). Where subprocessors operate globally (for example Stripe in the United States, Vercel edge regions, or Expo push infrastructure), we rely on appropriate safeguards such as Standard Contractual Clauses and vendor data processing agreements as required by GDPR.
8Retention
We retain personal data only as long as necessary for the purposes described above. Automated retention jobs apply the following periods:
- Inactive customers — anonymised after 3 years of inactivity when all associated quotes have reached a terminal state
- Abandoned draft quotes — deleted after 2 years
- Terminal quote and invoice personal data — customer-identifying fields anonymised after 7 years
- Canceled follow-up tasks — purged after 90 days
- Security audit events — retained for 7 years
Account data is retained while your account is active. When you request account deletion, your login is removed immediately and associated personal data is anonymised without undue delay (typically within 30 days), except where we must retain limited records for legal, security, or billing purposes.
9Cookies and similar technologies
Quotely uses only strictly necessary cookies required to operate the service. We do not use advertising, analytics, or third-party tracking cookies on the website.
- Supabase authentication cookies — keep you signed in securely; session duration depends on your login settings
- Session storage (team invites) — temporary browser storage for pending team invite tokens during signup; not shared with third parties
Because these are essential for the service, no cookie consent banner is required under Irish ePrivacy rules, but we inform you here. If we introduce non-essential cookies in future, we will request consent first.
10Security
We implement appropriate technical and organisational measures, including encryption in transit and at rest, tenant-scoped database access (row-level security), and least-privilege internal access. No method of transmission or storage is completely secure; please use a strong password and protect your device.
11Your rights
11.1 Business users
Depending on applicable law, you may have the right to:
- Access and receive a copy of your data (Settings → Export my data)
- Rectify inaccurate profile information
- Request erasure (Settings → Delete account)
- Withdraw consent for optional features (directory listing, follow-ups)
- Object to or restrict certain processing
- Lodge a complaint with the Data Protection Commission (Ireland) or your local supervisory authority
For requests you cannot complete in-app, email privacy@quotely.ie. We respond within one month as required by GDPR.
11.2 End customers
If you received a quote from a Quotely user, contact that business directly to access, correct, or delete your data. They are the controller. We will assist them as processor where required by law.
12Push notifications
If you enable push notifications on the mobile app, we use your device token to send service-related alerts — for example, when a customer responds to a quote or a follow-up is due. These notifications relate to your use of Quotely, not third-party advertising. You can disable notifications in your device or app settings.
13Public quote and invoice links
Quotes and invoices sent by email may include a secure link with an unguessable token so recipients can view the document without an account. These links are not indexed for search engines. Only share links with intended recipients.
14Children
Quotely is a business service for account holders aged 18 and over. It is not directed at children under 16, and we do not knowingly collect personal data from children.
15Changes to this policy
We may update this Privacy Policy from time to time. We will publish a new version number and effective date on this page. Material changes may require renewed consent in the app where legally required.
Please also read our Terms of Service, which govern use of the platform.
16Contact
Data protection enquiries
privacy@quotely.ieSupport
support@quotely.ie