Privacy Policy

QuickGraft is a software service built for UK tradespeople and sole traders. We are the data controller for the personal information you provide when using our service. You can contact us at [email protected] with any data-related queries.

We collect the following information when you register and use QuickGraft: Account data: Your name, email address, and password (stored as a secure hash — never in plain text). Business data: Your business name, UTR number, VAT number, phone number, and address — used to populate your quotes and invoices. Usage data: Quotes and invoices you generate, client details you add, and your pricing profile settings. Technical data: IP address, browser type, and device information collected automatically when you use the service.

We use your data to: Provide the QuickGraft service — generating quotes, invoices and managing your client records. Communicate with you — account confirmations, quote notifications, and service updates. Improve the service — understanding how features are used to make QuickGraft better. Comply with legal obligations — financial record-keeping requirements.

We share your data with trusted third-party services that help us operate QuickGraft: Supabase — our database and authentication provider, hosting data in the EU. Anthropic — the AI service that generates your quotes. Job descriptions are processed to create structured quotes. We do not share personally identifiable client data with Anthropic beyond what you include in your job description. Stripe — payment processing for your QuickGraft subscription. Resend — transactional email delivery (quote and invoice emails). Vercel — website hosting, based in the USA with EU data transfer protections in place. We do not sell your data to any third party. Ever.

We keep your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (typically 6 years for financial records under UK law).

Under UK GDPR you have the right to: Access — request a copy of the personal data we hold about you. Rectification — ask us to correct inaccurate data. Erasure — ask us to delete your data (subject to legal retention requirements). Portability — receive your data in a machine-readable format. Objection — object to certain types of processing. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

QuickGraft uses the following cookies: Essential cookies: Required for you to stay logged in and use the service securely. These cannot be disabled. Analytics cookies: We use privacy-first analytics to understand how the service is used. These do not track you personally and do not require consent under UK ICO guidance. We do not use advertising or marketing cookies.

We take security seriously. Your password is never stored — only a secure cryptographic hash. All data is encrypted in transit (HTTPS via Cloudflare) and at rest. Database access is protected by Row Level Security — your data is only accessible to you.

We may update this policy from time to time. We will notify you of significant changes by email. The date at the bottom of this page shows when it was last updated.

For any privacy queries, contact us at [email protected]. If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.