Privacy Policy

1. Information We Collect

We collect information you provide directly to us when you use Quantract:

• Account Information: Name, email address, company name, phone number, and password
• Business Data: Client records, quotes, invoices, job details, and certificates you create
• Usage Data: How you interact with the Service, features used, and pages visited
• Payment Information: Billing details processed securely through Stripe (we do not store full card numbers)
• Device Information: IP address, browser type, operating system, and device identifiers
• Communication Data: Support requests, feedback, and correspondence with us

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Deliver, maintain, and improve Quantract's features and functionality
• Customer Support: Respond to your questions, requests, and provide technical assistance
• Communications: Send service updates, security alerts, and administrative messages
• Analytics: Understand how users interact with Quantract to improve the experience
• Marketing: Send promotional communications (you can opt-out at any time)
• Security: Detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: Comply with applicable laws, regulations, and legal requests

Marketing Opt-Out: You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email or contacting us at privacy@quantract.co.uk.

3. How We Share Information

We do not sell your personal data. We only share information in the following circumstances:

• Service Providers: With trusted third parties who assist in operating the Service (hosting, payment processing, analytics)
• Legal Requirements: When required by law, subpoena, or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

Our service providers include:

• Neon (database hosting)
• Render (application hosting)
• Stripe (payment processing)
• Resend (email delivery)
• Google Analytics (usage analytics)

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Secure Infrastructure: Hosted on secure, SOC 2 compliant servers
• Access Controls: Strict access controls and authentication mechanisms
• Regular Backups: Automated daily backups with point-in-time recovery
• Security Monitoring: Continuous monitoring for threats and vulnerabilities
• Incident Response: Documented procedures for security incidents

While we take extensive precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

5. Your Rights (GDPR Compliance)

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing
• Rights Related to Automated Decisions: Not be subject to decisions based solely on automated processing

To exercise these rights, contact us at privacy@quantract.co.uk. We will respond within 30 days.

6. Cookies

We use cookies and similar technologies to operate the Service:

• Essential Cookies: Required for core functionality (authentication, security)
• Analytics Cookies: Help us understand how you use Quantract (via Google Analytics)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

• Active Accounts: Data retained while account is active
• After Cancellation: Data retained for 30 days to allow reactivation, then deleted
• Legal Requirements: Some data may be retained longer if required by law
• Backups: Data may persist in backups for up to 90 days

8. International Transfers

Our primary servers are located in the UK and EU. However, some service providers may process data in other countries:

• We ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions)
• US-based processors comply with UK GDPR requirements
• We only work with providers that meet our security and privacy standards

9. Children's Privacy

Quantract is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: ico.org.uk