Privacy Policy

1. Introduction

Welcome to SimplyQuote (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing and quote management platform, including our website, applications, and services (collectively, the “Service”).

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide to Us:

• Account Information: When you create an account, we collect your name, email address, and password.
• Business Information: Business name, address, phone number, website, tax identification numbers, and other business profile details.
• Client Information: Information about your clients that you add to the Service, including names, email addresses, addresses, and contact details.
• Financial Information: Invoice and quote details, payment terms, amounts, and transaction records. Payment processing is handled by third-party payment processors (Stripe, PayPal, Square), and we do not store your full credit card information.
• Communication Data: Information you provide when you contact us for support or feedback.

2.2 Information Automatically Collected:

• Usage Data: Information about how you access and use the Service, including page views, features used, and time spent on the platform.
• Device Information: Device type, operating system, browser type, IP address, and unique device identifiers.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to track activity and enhance user experience. You can control cookie preferences through your browser settings.
• Log Data: Server logs that may include IP address, browser type, referring/exit pages, and timestamps.

2.3 Information from Third Parties:

• Payment Processors: Information from Stripe, PayPal, and Square regarding subscription status and payment transactions.
• Analytics Providers: Information from analytics services to understand user behavior and improve the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To operate, maintain, and improve our platform, including creating and managing your account.
• Process Transactions: To process payments, subscriptions, and manage billing.
• Send Invoices and Quotes: To send invoices and quotes to your clients on your behalf via email.
• Customer Support: To respond to your inquiries, provide technical support, and resolve issues.
• Communication: To send you service-related notifications, updates, security alerts, and administrative messages.
• Personalization: To personalize your experience and provide content and features tailored to your preferences.
• Analytics and Improvements: To analyze usage patterns, track performance, and improve the Service's functionality and user experience.
• Security and Fraud Prevention: To detect, prevent, and address technical issues, fraudulent activity, and security threats.
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the rights of others.
• Marketing: With your consent, to send you promotional materials, newsletters, and marketing communications (you can opt out at any time).

4. Legal Basis for Processing Personal Data (GDPR)

If you are from the European Economic Area (EEA) or the United Kingdom, SimplyQuote's legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

We may process your Personal Data because:

• Performance of a Contract: We need to perform a contract with you (e.g., providing the SimplyQuote Service).
• Consent: You have given us permission to do so (e.g., for analytics or marketing).
• Legitimate Interests: The processing is in our legitimate interests (e.g., improving our Service, fraud prevention) and it is not overridden by your rights.
• Legal Obligation: To comply with the law.

5. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• With Your Clients: When you send invoices or quotes, we share the information you include (business details, invoice/quote content) with your designated recipients.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
• Legal Requirements: When required by law, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With Your Consent: With your explicit consent or at your direction.

Specific Data Shared with Third-Party Service Providers:

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Employee training on data protection and security practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Controller and Processor Roles

Important Notice for B2B Users: As a B2B invoicing platform, we have distinct roles regarding different types of data:

Your Responsibilities: As the Data Controller for your client information, you are responsible for ensuring you have the legal basis to collect and process your clients' personal data and for providing them with appropriate privacy notices.

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service and fulfill the purposes described in this Privacy Policy
• Comply with legal, tax, accounting, or regulatory requirements
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

Specific Retention Periods:

When you delete your account, we will delete or anonymize your personal information within the timeframes specified above, except where we are required to retain it for legal or regulatory purposes.

9. Your Data Protection Rights (GDPR & UK GDPR)

If you are located in the EEA or the United Kingdom, you are entitled to the following data protection rights:

• The Right to Access: You have the right to request copies of your personal data.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
• The Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
• The Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state or the UK where you reside, work, or where the alleged infringement took place.

If you make a request, we have one month to respond to you. To exercise any of these rights, please contact us through our Contact Page.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and personalize content. We provide a Cookie Consent Manager that allows you to control which cookies you accept.

Please note that Essential Cookies (required for the Service to function) cannot be disabled. However, you can choose to enable or disable Performance, Functional, and Targeting cookies via our consent banner.

Third-Party Cookies:

We use third-party cookies from the following providers:

• Google Analytics: Stores cookies for up to 24 months to track usage patterns. These cookies collect anonymized data. For more information, see Google's Privacy Policy.
• Payment Processors: Stripe, PayPal, and Square may set cookies during payment processing. See their respective privacy policies for details.

Do Not Track Signals:

We do not currently respond to browser "Do Not Track" (DNT) signals. However, you can manage your cookie preferences through our consent manager and your browser settings.

Cookie Management: You can control cookies through your browser settings. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

11. Third-Party Services

The Service integrates with third-party services including:

• Payment Processors: Stripe, PayPal, and Square for payment processing.
• Analytics: Google Analytics and similar services to analyze usage patterns.
• Cloud Services: For hosting and data storage.
• Email Services: For sending invoices and communications.

These third-party services have their own privacy policies, and we are not responsible for their practices. We encourage you to review their privacy policies before providing them with your information.

12. Children's Privacy

The Service is not intended for children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer your information internationally, we take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Policy and applicable data protection laws, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Addendum (UK SCCs) where applicable
• Adequacy decisions by the European Commission or UK authorities
• Other legally recognized transfer mechanisms

You can contact us for more information about the specific safeguards we apply to international data transfers.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt-out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Right to limit the use of sensitive personal information
• Right to non-discrimination for exercising your CCPA/CPRA rights

We will respond to verified consumer requests within 45 days of receipt. If we need additional time (up to 45 more days), we will inform you in writing. To exercise these rights, please contact us through our Contact Page.

15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated features within the Service (such as invoice number generation or quote calculations) are purely functional tools and do not involve profiling based on personal characteristics.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page, updating the "Last Updated" date, and sending you an email notification to the address associated with your account. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via:

Visit our Contact Page for any privacy-related inquiries.

We will respond to your inquiry as promptly as possible and work to address your concerns. For data protection rights requests, we will respond within the timeframes required by applicable law.