TailoredQuote Privacy Policy

Last updated: May 2026 · Version 3.0

This Privacy Policy explains how TailoredQuote LTD (“TailoredQuote”, “we”, “us”, “our”) collects, uses, stores, shares, and otherwise processes personal data when you use tailoredquote.co.uk, create an account, start a free trial, subscribe to a paid plan, contact us, use TailoredQuote features, upload content, send quotes, use the e-signature workflow, or otherwise interact with our website, Service, and communications.

This Privacy Policy is intended to help individuals understand what personal data we handle, why we handle it, the lawful bases we rely on, how long we keep information, who we share it with, and what rights individuals may have.

TailoredQuote is operated by TailoredQuote LTD, incorporated in England and Wales, with registered office at 28-30 Grange Rd W, Birkenhead CH41 4DA. Our company number will be added once confirmed.

If you have questions about this Privacy Policy or our handling of personal data, you can contact us:

• by email at [email protected]; or
• through the Contact page made available through the TailoredQuote website or logged-in Service.

1. Important Overview

TailoredQuote is a business-facing service for contractors, tradespeople, firms, and sole traders.

Depending on the context, TailoredQuote may act either:

• as a controller of personal data for its own business purposes; or
• as a processor handling personal data on behalf of a TailoredQuote customer.

This distinction matters.

If you are:

• a TailoredQuote account holder, trial user, payer, website visitor, contact enquiry, or subscriber to our own communications, TailoredQuote will generally act as controller of your personal data for those purposes.
• a client, householder, signer, prospect, or contact whose details have been entered into TailoredQuote by one of our customers, the TailoredQuote customer will usually be the controller of that data and TailoredQuote will usually process that information on that customer’s behalf.

Where TailoredQuote customers upload their own customer records, quotes, property images, project images, contact details, and similar records, TailoredQuote normally provides the platform and processes that information on the customer’s instructions, subject to our Terms and Conditions and Data Processing Schedule.

2. What Personal Data We Collect

The categories of personal data we collect depend on how you use TailoredQuote.

2.1 Personal data we collect about website visitors and prospective customers

This may include:

• name;
• business name;
• trade or profession;
• email address;
• phone number;
• postcode, town, or other broad location information;
• details contained in messages submitted through forms or email;
• pages visited and interactions with the website;
• technical information such as IP address, browser type, device type, operating system, approximate location based on IP, referring page, and timestamps;
• cookie and similar technology data, subject to our Cookie Policy.

2.2 Personal data we collect about account holders, trial users, and subscribers

This may include:

• name;
• business name and trading style;
• email address;
• phone number;
• billing details;
• plan type;
• subscription status;
• payment and refund records;
• support history;
• account login and access history;
• device/browser/session information;
• user actions within the Service;
• uploaded branding and business profile details.

2.3 Personal data processed within customer accounts

Our customers may upload, create, or process the following types of data in TailoredQuote:

• customer names;
• email addresses;
• phone numbers;
• billing addresses and site addresses;
• property addresses;
• job descriptions;
• quote and invoice details;
• notes and communications;
• project and room photographs;
• property, garden, and site images;
• plans, documents, and files;
• signature-related information collected through the e-signature workflow;
• signed agreement records;
• timestamps, acceptance logs, and related technical metadata.

2.4 E-signature and quote acceptance data

Where the e-signature workflow is used, the Service may process information including:

• the signer’s typed name;
• signer email address;
• signature image;
• quote reference;
• date and time of acceptance;
• IP address;
• browser or device-related technical context;
• declaration or acceptance text shown at the time of acceptance;
• signed PDF and appended acceptance record.

2.5 Special category and highly sensitive data

TailoredQuote is not intended for routine processing of special category personal data, criminal offence data, biometric identification data, or children’s data.

We ask customers not to upload that type of information unless they have independently determined that doing so is strictly necessary, lawful, and appropriate. Our Terms and Conditions prohibit certain sensitive uses.

3. How We Collect Personal Data

We collect personal data:

• directly from you when you create an account, contact us, subscribe, or use the Service;
• automatically through your use of the website and Service, including through logs, analytics, and device information;
• from our customers when they upload customer/client data into the platform;
• from payment providers and service providers where relevant to billing or fraud prevention;
• from cookies and similar technologies, subject to your settings and our Cookie Policy.

4. How We Use Personal Data and Our Lawful Bases

UK data protection law requires us to identify a lawful basis for processing personal data.

The lawful basis we rely on depends on the purpose.

4.1 Contract

We rely on contract where processing is necessary to:

• create and administer accounts;
• provide the TailoredQuote Service;
• authenticate users;
• manage subscriptions and billing;
• deliver support requested by a customer;
• provide quote generation, invoice generation, document workflows, and similar core functionality.

4.2 Legitimate interests

We may rely on legitimate interests where processing is necessary for purposes such as:

• running and improving the website and Service;
• product development and testing;
• service analytics;
• fraud prevention and abuse detection;
• information security and incident response;
• platform monitoring and troubleshooting;
• retaining records needed to resolve disputes and enforce legal rights;
• responding to support enquiries;
• internal administration and operational planning;
• limited business-to-business marketing where lawful;
• maintaining evidential records around quote acceptance, e-signature events, and related audit trails.

Where we rely on legitimate interests, we consider the impact on individuals and aim to ensure our interests are not overridden by the rights and freedoms of those individuals.

4.3 Legal obligation

We may process personal data where necessary to comply with legal obligations, including obligations relating to accounting, tax, fraud prevention, law enforcement requests, court orders, regulator requests, and other legal compliance duties.

4.4 Consent

We may rely on consent where required, such as for certain non-essential cookies or optional marketing communications where consent is the appropriate lawful basis.

You can withdraw consent at any time, but this will not affect processing already carried out before withdrawal.

5. Controller / Processor Split

5.1 When TailoredQuote acts as controller

TailoredQuote generally acts as controller for personal data processed for its own purposes, including:

• website administration;
• account creation and administration;
• billing, payment, and refund administration;
• support and customer service;
• fraud prevention;
• security monitoring;
• internal analytics and product improvement;
• legal compliance;
• records of communications with us;
• cookie management and website preferences;
• our own business operations and enforcement of our Terms.

5.2 When TailoredQuote acts as processor

TailoredQuote generally acts as processor where a customer uses the Service to store or process personal data relating to that customer’s own clients, prospects, signers, householders, or other contacts, including:

• client/customer details;
• quote and invoice information;
• project notes;
• property and room images;
• signature workflow data;
• signed agreements;
• uploaded documents;
• and similar customer-managed records.

In those cases, the TailoredQuote customer usually decides why the data is being used and what is entered into the system, so that customer is usually the controller for those activities.

5.3 If you are a data subject of a TailoredQuote customer

If your data was entered into TailoredQuote by one of our customers, that customer is usually your main point of contact for privacy questions, data rights requests, and questions about why your data was collected.

We may still help our customer respond where appropriate.

6. E-Signature and Signed Agreement Data

Where our e-signature workflow is used, personal data may be processed to:

• deliver an acceptance link;
• display quote details to the intended recipient;
• collect the recipient’s typed name and signature image;
• record acceptance metadata;
• append an acceptance page to the relevant quote PDF;
• create and store a signed agreement record;
• notify the TailoredQuote customer that acceptance has taken place;
• make the signed agreement available for download.

Depending on the context:

• the TailoredQuote customer will usually be the controller of signer data collected through that workflow, because they decide to send the quote and seek acceptance;
• TailoredQuote will usually process that data on the customer’s behalf to provide the workflow;
• TailoredQuote may also process related service/security data as an independent controller where needed for fraud prevention, security, or legal compliance.

TailoredQuote does not guarantee that any signed record is valid or enforceable in every circumstance. The privacy handling of the data is separate from the legal effect of the signing process.

7. Property Images, Customer Photos, and Generated Images

The Service may process:

• photographs of houses, gardens, rooms, interiors, exteriors, and project sites;
• before-and-after images;
• uploaded source images;
• generated mockups and transformed visual outputs.

Private by default. Customer Content, including uploaded property photographs, room images, project images, and generated mockups, is private by default. TailoredQuote will not use your uploaded or generated images for marketing, portfolio, case studies, demonstrations, social media, advertising, or other promotional purposes without your separate written permission.

Our Terms and Conditions include a licence allowing TailoredQuote to use uploaded content for service delivery, support, and product improvement. This means:

• uploaded images are used to provide the Service, generate outputs, test and improve workflows, and support TailoredQuote’s business functions;
• uploaded and generated visuals are not used for external marketing or promotional purposes unless you have given separate written permission;
• you can withdraw marketing permission at any time by sending a written request; withdrawal does not affect prior lawful use or TailoredQuote’s ongoing right to retain and use the material for service delivery, legal compliance, security, backups, analytics, dispute handling, or product development.

Customers are responsible for ensuring that they have all necessary rights, permissions, notices, and lawful bases to upload those materials and to permit TailoredQuote to use them for service delivery.

8. Who We Share Personal Data With

We may share personal data with the following categories of recipients and named providers:

• Google (Tag Manager, Analytics 4, Ads) — analytics and advertising measurement. See our Cookie Policy sections 7.5 and 7.6 for details. Data may be transferred to servers in the United States; transfers are covered by Standard Contractual Clauses.
• Stripe — payment processing. TailoredQuote does not store or process card data directly; Stripe handles all payment card information under PCI DSS compliance.
• Supabase — database and file storage. Data is stored in the EU region.
• Vercel — website hosting and serverless function execution.
• Cloudflare — content delivery network and security.
• Apple / iCloud — transactional email delivery.
• OpenAI — AI processing for quote generation, image generation, and related features within the Service. Data sent to OpenAI is processed in accordance with OpenAI’s API data usage policy.
• Professional advisers such as lawyers, accountants, and insurers, where necessary.
• Regulators, courts, law enforcement, or other authorities where required by law.
• Prospective purchasers, investors, or transaction counterparties in connection with a merger, acquisition, restructuring, financing, or sale of all or part of our business, subject to appropriate confidentiality protections.

The precise subprocessor list may change over time as our operations evolve. We do not sell personal data.

9. International Transfers

We may use service providers or systems that process data in the UK, EEA, or other countries outside the UK.

In particular, some of our third-party providers — including Google (Analytics, Ads), Stripe, and Vercel — may process data on servers in the United States or other third countries. Where we make restricted international transfers, we aim to ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (UK IDTA) or Standard Contractual Clauses approved by the relevant authority, in accordance with applicable law.

10. How Long We Keep Personal Data

We do not keep personal data for longer than necessary for the purposes for which it is processed, subject to legal, operational, security, backup, and dispute-handling requirements.

Retention periods vary depending on the category of data and the purpose.

Examples of how we may approach retention:

• account, billing, and financial records: kept for as long as needed for contractual administration, accounting, tax, and legal compliance;
• support records and operational logs: kept for as long as needed for support, security, analytics, and legal protection;
• customer account content: retained while the account remains active and for limited periods afterwards in line with operational needs, unless deleted sooner or retained longer for lawful reasons;
• signed agreement records and acceptance evidence: may be retained for extended periods where appropriate to support record keeping, dispute handling, and evidence of contractual acceptance;
• backup copies: may persist for limited periods in ordinary backup rotation and disaster recovery systems.

Customers are responsible for exporting and retaining any data and records they need for their own business, legal, tax, insurance, or evidential purposes.

11. Security

We use reasonable and appropriate technical and organisational measures intended to help protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.

However:

• no internet-based system is completely secure;
• we cannot guarantee absolute security;
• customers are responsible for keeping their credentials secure and controlling access to their own accounts;
• customers are also responsible for ensuring they export and retain records they need.

12. Cookies and Similar Technologies

We use cookies and similar technologies on the website and, where relevant, within the Service.

Our Cookie Policy explains:

• what cookies and similar technologies we use;
• why we use them;
• whether they are essential or non-essential;
• how you can control them.

The TailoredQuote website uses a consent banner that allows you to control which categories of cookies and similar technologies are active. Necessary cookies are always on. Analytics cookies — including the full self-hosted analytics session cookie and Google Analytics 4 — are only activated with your consent via the “Analytics” category. Google Ads conversion tracking is only activated with your consent via the “Advertising” category. Full details of the cookies and technologies used, and how to manage your preferences, are in our Cookie Policy.

12a. Anonymous Volume Metrics (Legitimate Interest)

To accurately count site visits and understand which pages and traffic channels are most useful, TailoredQuote records a small set of anonymous, aggregated signals for visitors who have not granted analytics consent. We rely on the lawful basis of legitimate interest for this processing (UK GDPR Article 6(1)(f)) because it is necessary to operate and improve the website, the volume of data is minimal, and the impact on individuals is negligible.

For non-consenting visitors we record only:

• traffic channel label (e.g. organic search, paid search, direct, referral);
• UTM campaign labels appended to the URL (source, medium, campaign, term, content);
• which page on our site was visited;
• which third-party domain the visit came from (host only — not the full URL);
• browser, operating system, and device class (e.g. “Chrome on Windows, desktop”);
• the date and time of the visit.

For non-consenting visitors we do not record:

• any identifier that could re-identify the visitor (no IP address, no geolocation, no device fingerprint, no full user-agent, no advertising click identifiers such as gclid / fbclid / wbraid);
• the search terms typed into a search engine;
• the full referring URL;
• screen dimensions, browser version, or precise language;
• any pageview-level engagement (time on page, scroll depth);
• any cookie, localStorage entry, or sessionStorage entry. The session identifier used to deduplicate the row is generated in memory only and discarded as soon as the page is closed.

The result is a population-level count that cannot be used to identify, re-identify, profile, target, or contact any individual. If at any time you would like us to stop this anonymous processing, you can either grant analytics consent (which moves you onto the consented path described in section 12 above) or send a written request to the contact address below and we will exclude your IP range from any future processing.

13. Direct Marketing and Communications

We may send service-related communications needed to administer the Service, such as:

• account notices;
• billing notices;
• security messages;
• support responses;
• service updates;
• e-signature workflow messages;
• notifications connected to the use of the platform.

These are not the same as optional marketing communications.

Where we send optional marketing communications, we will do so in accordance with applicable law and any consent or opt-out rules that apply.

You can opt out of non-essential marketing communications at any time.

14. Your Rights

Depending on the circumstances, individuals may have rights under data protection law, including the right to:

• be informed;
• request access to personal data;
• request correction of inaccurate data;
• request erasure in certain circumstances;
• request restriction of processing in certain circumstances;
• object to certain processing, including some processing based on legitimate interests;
• request data portability in certain circumstances;
• withdraw consent where consent is relied on.

If TailoredQuote is acting as controller for the relevant processing, you may contact us directly about those rights.

If TailoredQuote is processing your data on behalf of one of our customers, you should usually contact that customer first, as they are normally the controller for that data.

15. How to Contact Us About Privacy

For privacy-related queries, rights requests, concerns, or complaints, you can contact TailoredQuote:

• by email at [email protected]; or
• through the Contact page made available through the TailoredQuote website or logged-in Service.

We may ask for information needed to verify identity before acting on a request.

16. Complaints

If you are unhappy with how personal data has been handled, we would appreciate the opportunity to address your concerns first.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify users by website notice, in-app notice, or email where appropriate. The latest version will be the version published on our website.

18. TailoredQuote Contact Routes

For consistency with our Terms and support routes:

• general contact and support can be made through the Contact page or by emailing [email protected];
• refund requests should be made through the Contact page in the logged-in area or by emailing [email protected] with the subject line “Refund” within 30 days of the relevant payment being taken;
• privacy requests may also be sent by those same routes.