Privacy Policy

NHP Equities Pty Ltd ("QuoteOS", "we", "our", or "us") operates the QuoteOS platform, an AI-assisted quote generation service for trade professionals. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

This policy applies to all users of QuoteOS, regardless of location. We are committed to complying with applicable data protection laws in all jurisdictions where we operate, including but not limited to the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA/CPRA), and the Australian Privacy Act 1988.

Account Information:

• Name, email address, and contact details
• Organisation name and business details
• Billing information (processed by our payment provider, Stripe)
• Authentication credentials (managed by Clerk)

Service Data:

• Pricing library data you upload or create
• Quote content, including project descriptions and line items
• Customer information you enter for quotes (names, addresses, contact details)
• PDF documents generated through the platform

Technical and Usage Data:

• IP address and approximate location (country/region level)
• Browser type, device information, and operating system
• Pages visited, features used, and interaction patterns
• Error logs and performance data

We process your personal data under the following lawful bases:

Contract Performance: Processing necessary to provide the QuoteOS service, including account management, quote generation, and customer support.

Legitimate Interests: Processing for service improvement, security monitoring, fraud prevention, and analytics, where such interests are not overridden by your rights.

Consent: Where required by law, we obtain your consent for marketing communications and non-essential cookies. You may withdraw consent at any time.

Legal Obligation: Processing required to comply with applicable laws, regulations, or legal processes.

QuoteOS uses AI technology to assist in generating quotes based on your input and pricing library. Important points about our AI processing:

• AI processing occurs in isolated, secure environments
• Your pricing data, customer information, and quote content are never used to train AI models
• AI-generated content is provided as a draft for your review—you maintain full control over what is sent to your customers
• We do not share your data with third-party AI providers for model training purposes
• Automated decisions do not have legal or similarly significant effects without human review

We use your information to:

• Provide, operate, and maintain the QuoteOS platform
• Generate quotes based on your pricing library and job requirements
• Process payments and manage your subscription
• Send transactional communications (receipts, service updates, security alerts)
• Provide customer support and respond to enquiries
• Improve our services through aggregated, anonymised analytics
• Detect, prevent, and address security issues and fraud
• Comply with legal obligations

With your consent, we may also send marketing communications about new features and offers. You can opt out at any time.

We do not sell your personal information. We may share your information with:

Service Providers:

• SOC 2 Type II certified authentication provider
• SOC 2 Type II certified database hosting with row-level security
• PCI DSS Level 1 compliant payment processor
• SOC 2 Type II certified AI processing provider (no training on your data)
• Transactional email delivery service
• SOC 2 Type II certified hosting infrastructure

Legal Requirements: We may disclose information when required by law, court order, or government request, or to protect our rights, safety, or property.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

QuoteOS is operated from Australia. Your data may be processed in countries outside your jurisdiction, including Australia, the United States, and the European Union.

Where we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where applicable.

For transfers from Australia, we comply with Australian Privacy Principle 8 regarding cross-border disclosure of personal information.

We use cookies and similar technologies for:

• Essential functionality (authentication, session management)
• Analytics (understanding how users interact with our service)
• Preferences (remembering your settings)

You can control cookie preferences through your browser settings. Disabling essential cookies may affect service functionality.

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained while your account is active, deleted within 30 days of account closure upon request
• Quote data: Retained while your account is active; you may delete individual quotes at any time
• Billing records: Retained for 7 years as required for tax and legal compliance
• Server logs: Retained for up to 90 days for security and debugging purposes

Depending on your location, you have the following rights regarding your personal data:

All Users:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Data Portability: Receive your data in a structured, machine-readable format
• Opt-out: Unsubscribe from marketing communications

EU/UK Residents (GDPR/UK GDPR):

• Object to processing based on legitimate interests
• Restrict processing in certain circumstances
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with your local supervisory authority

California Residents (CCPA/CPRA):

• Know what personal information is collected and how it is used
• Request deletion of personal information
• Opt-out of the sale or sharing of personal information (we do not sell your data)
• Non-discrimination for exercising your rights

Australian Residents:

• Access and correction rights under the Privacy Act 1988
• Complain to the Office of the Australian Information Commissioner (OAIC)

We implement robust technical and organisational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Row-level security ensuring complete data isolation between organisations
• Secure authentication with multi-factor authentication support
• Regular security assessments and monitoring
• Access controls limiting employee access to personal data
• Incident response procedures for potential data breaches

QuoteOS is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Your continued use of QuoteOS after changes take effect constitutes acceptance of the updated policy.

For privacy-related enquiries, data subject requests, or complaints:

Email: support@getquoteos.com
Address: NHP Equities Pty Ltd, Melbourne, Victoria, Australia

We aim to respond to all requests within 30 days, or sooner where required by applicable law.