Quofix

This page summarises how Quofix handles personal data when UK businesses use the service. It is intended for contractors, subcontractors and small teams evaluating Quofix for commercial use.

It does not replace our privacy policy or a signed data processing agreement where your organisation requires one. Contact us if you need a formal DPA or processor details for procurement.

Quofix is the data controller for account, billing and service-operation data (for example your sign-in email, subscription status and support correspondence).

For personal data you enter about your projects — such as client or site contact names, job titles and quotation content — you are typically the data controller for that business data. We process it on your instructions to provide the workspace, saved jobs and quotation features.

Do not enter special category data (health, ethnicity, etc.) or unnecessary personal data unless you have a lawful basis to do so for your business.

• Account identifiers and email (authentication)
• Workspace and trading details you choose to save
• Takeoff inputs, material lines, quotations and variation records
• Usage and billing metadata (plan tier, quote counts, Stripe references)
• Support messages you send to us

We do not sell personal data or use your quotation content to train third-party AI models.

We use the following categories of sub-processor to run the service:

• Supabase — Authentication, database hosting and account storage
• Stripe — Payment processing and subscription billing

Each provider publishes its own privacy and security documentation. Links are listed in our privacy policy.

Some sub-processors may store or process data outside the UK. Where required, we rely on appropriate safeguards (such as the UK International Data Transfer Agreement and/or EU Standard Contractual Clauses made available by those providers).

We apply measures appropriate to a small business SaaS tool, including HTTPS, access controls, and authentication via our identity provider. Payment card data is handled on Stripe-hosted pages.

Our personnel and contractors with access to production systems are required to keep information confidential and use it only for operating the service.

Data is retained while your account is active and for a reasonable period afterwards for legal, tax and dispute resolution. Support to delete account data is described in the privacy policy.

You can clear local browser drafts without affecting cloud saved jobs until you delete those jobs or close your account.

We process workspace data to deliver the features you use (takeoffs, quotes, exports, sync on eligible plans). We will assist with reasonable requests to support your compliance, such as confirming sub-processors or helping with access/deletion requests that relate to data we control.

Contact support@quofix.app for data processing questions. Allow up to one month for rights requests where UK GDPR applies.

If your organisation requires a signed data processing agreement, email us with your company name, contact details and any mandatory clauses. We will respond with what we can offer for a business of our size.

Nothing on this page creates a processor relationship beyond what is described in our terms of use and privacy policy.