legal

Privacy policy.

Last updated: 5 June 2026

ForemanQuote is a quoting and invoicing service for trade businesses, currently in early access. This page describes, in plain English, what personal data we collect — on this site, inside the app, and through our outreach — why we collect it, the legal basis for each use, who else sees it, how long we keep it, and how to exercise your GDPR rights. It is written to satisfy Articles 13 and 14 of the EU General Data Protection Regulation (GDPR).

1. Data controller — and when we act as a processor

The data controller for personal data collected on this site and in the ForemanQuote app is ForemanQuote, reachable at team@getforemanquote.com. ForemanQuote operates from the European Union. No Data Protection Officer (DPO) has been appointed because the criteria of GDPR Article 37 do not apply at this scale; the controller handles privacy requests directly. The controller's full legal identity is available on request at the email address above.

One important distinction. When a contractor uses ForemanQuote to store and send quotes or invoices, the personal data of their customers (names, emails, signatures, approvals) is controlled by that contractor, not by us: we process it on the contractor's instructions, as a processor under GDPR Article 28. If you received a quote or invoice through ForemanQuote, address privacy requests to the business that sent it — we support that business in fulfilling every request.

2. What personal data we collect

If you only browse this site: aggregate analytics events, but only after you click Accept in the cookie banner. No analytics cookies or device fingerprints are set before consent. Two first-party attribution cookies are described in Section 10.

If you submit the email form: your email address and the timestamp of submission.

If you pay the €1 reservation hold: your name, email, billing country, and partial card details (last four digits only). Full card numbers are processed by Stripe and never reach our servers.

If you create a contractor account: the business and contact details you enter at onboarding (business name, email, phone, address, VAT and licence numbers, logo), the quotes, invoices and templates you create, your trial and subscription status, your billing history held at Stripe, your Stripe payout-connection status, where you first heard of us, and — only with your cookie consent — product analytics events.

If a contractor sends you a quote or invoice (processed on the contractor's behalf): your name, email, phone and address as entered by the contractor; the name, date and IP address recorded when you approve; your hand-drawn signature plus a tamper-evidence fingerprint of it; and the time, IP address and browser type recorded when the quote page is first opened, so the contractor knows it arrived.

If we contact your business (data not obtained from you — GDPR Art. 14): publicly listed business details — business name, trade, city, website and public email address — collected from public directories and Google's business listings (Google Places). We log whether our message was delivered, clicked, or led to a signup, and we keep a permanent do-not-contact list of addresses that opted out.

Email replies and support requests: the contents of any message you send us at team@getforemanquote.com or via a reply-to address on our emails.

3. Why we collect it (purposes)

We do not sell personal data, we do not share it with advertisers, and we run no third-party ad tracking.

  • To provide the service: create, send and track quotes and invoices, and collect deposits, on contractors' instructions.
  • To run trials, subscriptions, billing and payment-failure handling.
  • To send transactional and lifecycle email (welcome, trial ending, billing problems, cancellation confirmations).
  • To send you exactly one launch notification when general access opens, if you opted in.
  • To process and, on request, refund the €1 reservation hold.
  • To introduce ForemanQuote to trade businesses by email, with a permanent opt-out.
  • To respond to your messages.
  • To understand traffic patterns and improve the product (only with your cookie consent).

4. Legal basis for processing (GDPR Article 6)

Operating your account, quotes, invoices and subscriptionPerformance of a contract (Art. 6(1)(b))
Processing the €1 reservation and any refundPerformance of a contract (Art. 6(1)(b))
Sending the launch notification you opted in toConsent (Art. 6(1)(a))
Tax, accounting, and anti-fraud records on paymentsLegal obligation (Art. 6(1)(c))
Quote-view receipts and the signature audit trailContractor's legitimate interest in proof of delivery and approval (Art. 6(1)(f), as processor)
Business-to-business introduction emails to published addressesLegitimate interest in direct marketing (Art. 6(1)(f), Recital 47), with a permanent opt-out
Replying to your support messagesLegitimate interest in providing customer service (Art. 6(1)(f))
Aggregate site and product analyticsConsent given through the cookie banner (Art. 6(1)(a))

5. Who else sees your data (processors)

We use a small set of GDPR-compliant providers to run the service. Each is a data processor under GDPR Article 28; each has its own privacy policy linked below. We do not sell your data. We do not share it with advertisers. We do not run tracking pixels or third-party ad cookies.

  • Supabase Hosts our database, login system and file storage (quotes, invoices, signatures, logos) in the EU. Privacy policy →
  • Stripe Processes subscriptions, the €1 reservation, and the deposits contractors collect from their customers. Handles full card data. Privacy policy →
  • Resend Sends quotes, invoices, and our transactional and lifecycle email. Privacy policy →
  • Vercel Hosts the site and, after your cookie consent, runs aggregate analytics. Privacy policy →
  • PostHog Product analytics on EU servers, only after your cookie consent. Privacy policy →
  • Google Google Places, the public business directory we source outreach contacts from. Privacy policy →
  • Smartlead Delivers our outreach email and reports bounces, replies and opt-outs. Privacy policy →
  • Anthropic Automatically sorts replies to our outreach (interested / not interested / unsubscribe). Reply text is not stored after sorting. Privacy policy →
  • Zoho Runs the team@getforemanquote.com support mailbox. Privacy policy →

6. International data transfers

Several providers (Stripe, Resend, Vercel, Smartlead, Anthropic, Google) are headquartered in the United States; Supabase and PostHog store our data in EU regions. Where personal data is transferred outside the European Economic Area, the transfer relies on the European Commission Standard Contractual Clauses (Decision 2021/914) signed with each provider, or on the EU-US Data Privacy Framework where applicable. You may request a copy of the relevant transfer safeguard by writing to team@getforemanquote.com.

7. How long we keep it (retention)

Email submitted via the signup form, without a paid reservationUntil launch + 90 days, then deleted
Reservation and customer record after a €1 paymentUntil you convert to a paid account, cancel, or 12 months pass with no activity, whichever is earliest
Contractor account, quotes, invoices, signaturesWhile your account exists; deleted within 90 days of account deletion, except invoice records tax law requires us to keep (up to 10 years)
Quote-view receipts (time, IP, browser type)Kept with the quote they belong to, same lifetime
Outreach data on businesses that never respondedDeleted no later than 12 months after our last message
Do-not-contact listKept indefinitely — that is its purpose
Stripe payment recordsHeld by Stripe under its own retention rules (typically 10 years for tax)
Support email correspondence24 months from the last reply, then deleted
Aggregate analytics eventsPer provider policy (Vercel typically 90 days; PostHog under its own policy)

8. Your rights (GDPR Articles 15 to 22)

At any time you can ask us to do any of the following, free of charge:

  • Tell you what personal data we hold about you (right of access, Art. 15).
  • Correct anything inaccurate (right of rectification, Art. 16).
  • Delete it (right to erasure, Art. 17).
  • Restrict processing (Art. 18).
  • Export it in a portable machine-readable format (right to portability, Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3)).

9. How to exercise your rights and complain

Email team@getforemanquote.com from the address you used with us. We acknowledge within 72 hours and complete the action within 30 days at the latest (usually within 7 business days).

If we emailed your business and you would rather we did not: one reply saying “unsubscribe”, or one click on the opt-out link, puts your address on the do-not-contact list permanently (Art. 21(2)). You will never hear from us again.

If you believe we mishandle your data, you also have the right to lodge a complaint with your national supervisory authority. For Italian residents the authority is the Garante per la protezione dei dati personali (gpdp.it). For Spain, the Agencia Española de Protección de Datos (aepd.es). For France, the CNIL (cnil.fr). For Germany, the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (bfdi.bund.de), or the data protection authority of your federal state.

10. Cookies and on-device storage

We use one piece of localStorage to remember your cookie-banner choice. No analytics cookies are set before you click Accept; until then, analytics run without storing anything on your device. Strictly necessary cookies are set only when needed: login session cookies when you sign in, and Stripe's functional cookies during checkout, which cannot be disabled without breaking the payment flow.

We set two first-party attribution cookies, each lasting 30 days: fq_attr remembers which page or source first brought you here, and fq_ref is set only if you arrive from a link in one of our emails, so we know the message was useful. Both are readable only by us and are never shared with third parties. If you click Reject in the cookie banner, both are deleted immediately and never set again; you can also ask us to delete the associated record at any time.

If you install the app or use it offline, it keeps a copy of your own quotes in your browser's local database (IndexedDB) so it works on site without signal. That copy stays on your device and is removed when you log out or clear site data.

11. Automated decision-making

We do not make decisions about you using solely automated means that produce legal or similarly significant effects. Software — including an AI text classifier — sorts replies to our outreach email into categories such as “interested” or “unsubscribe” so they are routed correctly; a person reads anything substantive, and the reply text is not stored after sorting. Stripe runs its own fraud-prevention checks on payments; you can read about those at stripe.com/privacy.

12. Changes to this policy

If anything material changes, the Last updated date at the top of this page changes with it. Material changes that affect existing reservers or subscribers are also sent by email. Continued use of the service after a change indicates acceptance of the updated policy.

Questions? Email team@getforemanquote.com
Privacy policy · ForemanQuote