1. Who we are
SoloQuote (“we”, “us”, “our”) is the data controller for your personal data. You can contact us at hello@soloquote.io.
2. Data we collect
We collect the following categories of personal data:
Account data: Email address, business name, industry, and tone preferences provided during registration and onboarding.
Proposal data: Client names, client email addresses, job descriptions, pricing, timelines, and AI-generated proposal content that you create using the Service.
Signature data: When a client signs a proposal, we record their typed name, a UTC timestamp, and their IP address as part of the electronic signature audit trail.
Payment data: Subscription billing is handled entirely by Stripe. We store your Stripe customer ID but never see or store your payment card details.
Usage data: We track your proposal count for free-tier enforcement. We also collect feature-interest clicks (when you click "coming soon" buttons) to understand what features to build next.
Business profile data: Logo, brand colour, website URL, and business email that you optionally provide in Settings.
3. How we use your data
We use your data to provide and operate the Service (generating proposals, rendering PDFs, collecting signatures); to process payments and manage subscriptions; to enforce usage limits; to communicate with you about your account or material changes to the Service; and to improve the Service based on aggregated, anonymised usage patterns.
4. AI and your data
Your proposal inputs are sent to Anthropic's Claude API to generate proposal content. This data is processed per Anthropic's API data policy, which states that API inputs are not used to train their models. We do not use your proposals, client data, or any personal information to train or fine-tune any AI models.
5. Data storage and security
Your data is stored in the European Union using Supabase (EU region, hosted on AWS eu-central-1). All data is encrypted in transit (TLS) and at rest. Access to the database is protected by Row Level Security policies ensuring users can only access their own data. We use Supabase Auth for authentication with industry-standard security practices.
6. Data sharing
We share personal data only with the following categories of third parties, all of which are necessary for operating the Service:
Supabase: Database hosting and authentication (EU region).
Stripe: Payment processing (PCI DSS Level 1 compliant).
Anthropic: AI proposal generation via API (data not used for model training).
Netlify: Web hosting and serverless functions.
We do not sell your personal data to any third party. We do not share your data with advertisers or data brokers.
7. Your role as a data processor
When you use SoloQuote to store client names, email addresses, and other client information, you are the data controller for your clients' data and we act as a data processor on your behalf. You are responsible for having an appropriate legal basis (such as legitimate interest or consent) for processing your clients' personal data through SoloQuote. You should inform your clients that you use SoloQuote to generate and manage proposals.
8. Your rights under GDPR
If you are in the European Economic Area, you have the following rights:
Right of access: You can request a copy of all personal data we hold about you.
Right to portability: You can export all your data (proposals, content, signatures) as a JSON file from your account Settings page.
Right to erasure: You can delete your account and all associated data from your account Settings page. Proposals are soft-deleted (client-identifying information is removed) and anonymised data may be retained for analytics.
Right to rectification: You can update your personal data at any time through your account Settings.
Right to object: You can object to processing of your data by contacting us at hello@soloquote.io.
Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority. In Ireland, this is the Data Protection Commission (dataprotection.ie).
9. Data retention
Account and proposal data is retained for as long as your account is active. When you delete your account, personal data is removed within 30 days. Anonymised, aggregated data (job types, pricing ranges, feature interest counts) may be retained indefinitely for service improvement. Signature audit trail data is retained for 7 years after signature to comply with standard commercial record-keeping requirements.
10. Cookies and tracking
SoloQuote uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics tools. No cookie consent banner is required because we only use strictly necessary cookies.
11. Children's privacy
SoloQuote is a business tool and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact
For any privacy-related questions or to exercise your data rights, contact us at hello@soloquote.io.