QuotemQuotem
DashboardStart free trial

Legal

Privacy Policy

Last updated 24 April 2026

This Privacy Policy explains how Softwarem Ltd (“Softwarem”, “we”, “us”) collects and uses personal data when you use Quotem (the “Service”), available at goquotem.app and related subdomains. Quotem is a SaaS platform for service businesses — it helps our customers manage quotes, bookings, payments, and customer communication.

We are the data controller for information about our account holders and website visitors. For data that our customers process about their own end-clients through the Service, we are a data processor acting on their instructions.

1. What we collect

1.1 Account data

When you sign up we collect your name, email address, business name, phone number, password (stored hashed), and any branding, logo, or preferences you set in your account.

1.2 Billing data

Payments are processed by Stripe. We store a Stripe customer ID, your plan, and invoice history. We do not store full card numbers — Stripe handles that directly under their own PCI-compliant infrastructure.

1.3 Customer-of-customer data

Quotem accounts store information about the end-clients our customers serve — names, email addresses, phone numbers, addresses, quote and booking content. We process this data only as instructed by the account holder.

1.4 Usage data

We log IP address, browser, device, pages visited, and actions taken in the Service so we can keep it running, detect abuse, and improve it. We use essential analytics and error tracking (Sentry) for the same reasons.

1.5 Cookies

We use cookies to keep you signed in, remember preferences, and measure basic traffic. You can block or delete cookies in your browser — the Service may not work properly without session cookies.

2. How we use it

  • To provide the Service, including generating quotes, sending emails, and processing payments.
  • To charge you under your chosen plan.
  • To communicate with you about your account, changes to the Service, and product updates.
  • To protect the Service against abuse, fraud, and security threats.
  • To comply with our legal and tax obligations.

We do not sell your personal data, and we do not use customer-of-customer data to train third-party AI models.

3. Legal bases (UK/EU GDPR)

  • Contract — to deliver the Service you've signed up for.
  • Legitimate interests — to secure, improve, and support the Service.
  • Legal obligation — for tax, accounting, and law-enforcement requests.
  • Consent — for optional marketing communications (you can opt out any time).

4. Sub-processors

We share data with the following sub-processors strictly to run the Service:

  • Vercel — hosting and edge delivery.
  • Neon — managed PostgreSQL database (EU region).
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • Google (Gmail API) — when an account owner connects their own Google workspace for sending email from the Service.
  • Anthropic — AI features (chat, auto-reply, summaries). Anthropic does not use the content we send to train their models.
  • Sentry — error tracking.
  • Google Maps & Places — address autocomplete and travel-distance calculation.

We only share what each sub-processor needs to perform its function. Where data leaves the UK/EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

5. Google user data

When you connect a Google account to Quotem (for example, to send email from the Service via your own Gmail account), Quotem's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Scopes we request

  • openid and userinfo.email — so we can identify which Google account you connected and show it in your Quotem integrations screen.
  • gmail.send (https://www.googleapis.com/auth/gmail.send) — so Quotem can send quotes, invoices, booking confirmations and related customer-facing messages from your Gmail account on your behalf. This scope only permits sending; it does not grant access to read, modify, or delete any message in your mailbox.

5.2 How we use Google user data

We use the email address associated with the connected Google account solely to label the integration inside Quotem and ensure emails are sent from the correct identity. We use the gmail.send permission only to transmit email messages you or your team author (or approve) inside Quotem, at the moment you send them.

5.3 How we store Google user data

We store the OAuth refresh token and the associated Google email address, encrypted at rest in our database, so we can keep sending messages on your behalf without asking you to re-authorise every session. We do not store the content of sent messages beyond what Quotem would normally retain for the quote, booking, or thread the message belongs to.

5.4 How we share Google user data

We do not share, sell, or transfer Google user data to third parties except: (a) to Google itself in order to send the email you requested; (b) where necessary to comply with applicable law or valid legal process; or (c) as part of a merger, acquisition, or sale of assets, in which case we will honour the commitments in this policy. We do not use Google user data to serve advertisements, and we do not use it to train AI or machine-learning models, whether our own or third-party.

5.5 Human access

Quotem staff do not read your Google user data except: (a) with your explicit consent, for example when you ask us to investigate a specific issue; (b) for security investigations where we have reason to believe the account is being abused; or (c) where required by law.

5.6 Revoking access

You can disconnect Quotem from your Google account at any time from your Quotem integrations page, or directly from your Google account at myaccount.google.com/permissions. On disconnection we delete the stored refresh token within 30 days.

6. How long we keep data

  • Account data — for the life of your account plus up to 12 months after closure.
  • Billing records — 7 years (UK statutory retention).
  • Server and error logs — up to 90 days.
  • Customer-of-customer data — for as long as the account holder keeps it in the Service. When the account is closed, this is deleted within 30 days unless legal obligations require otherwise.

7. Your rights

Under UK/EU GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion (subject to our legal retention obligations).
  • Restrict or object to certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent to marketing at any time.
  • Complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

To exercise any of these rights, email support@softwarem.co.uk. We respond within 30 days.

If you are an end-client of a Quotem customer (e.g. you received a quote through Quotem), please contact that business directly — they are the data controller for your data and decide how it's used.

8. Security

We use TLS in transit, encrypted storage at rest, hashed passwords (bcrypt), scoped API keys, and role-based access for our team. No system is perfectly secure — if you suspect a breach, contact support@softwarem.co.ukimmediately.

9. Children

Quotem is a B2B service not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we'll delete it.

10. Changes

We may update this Policy from time to time. If changes are material we'll notify account holders by email at least 14 days before they take effect.

11. Contact

Softwarem Ltd
United Kingdom
support@softwarem.co.uk