Privacy Policy

tradies2Quote is operated by tradies2Quote, based in Tauranga, New Zealand. In this policy, “we”, “us” and “our” refer to tradies2Quote. “You” means the tradie or business that signs up to use tradies2Quote.

We are the data controller for the personal information you give us. This policy explains what we collect, why we collect it, who we share it with, and the rights you have over it.

We collect three kinds of information.

1. Account information — your name, email address, business name, hashed password, country, and any branding (logo, business number, contact details) you choose to add for your quotes.

2. Job and quote content — the audio you record, the cleaned-up transcript of that audio, the line items and prices that go into each quote, and the client contact details you save against a job. This is the working data of the product.

3. Technical information— IP address, browser and device type, basic usage events (e.g. “quote generated”, “PDF exported”), and error logs. We use this to keep the service running and to spot problems.

We do not collect payment card details ourselves. If and when we charge for paid plans, payment is handled by Stripe — your card never touches our servers.

• To create your account and let you sign in.
• To transcribe your voice memos and turn them into a quote.
• To generate, store, and deliver your quote and invoice PDFs.
• To send you transactional emails (sign-in links, password resets, your client's opened-quote notifications).
• To debug, monitor, and improve the service. Where we look at usage to improve the product, we work from aggregated data, not from the content of your individual quotes.
• To detect, prevent, and respond to abuse or fraud.
• To comply with our legal obligations.

We do not sell your personal information. We do not share it with advertisers. We do not use it to train AI models — see the next section for what happens to your voice memos.

When you record a voice memo, the audio is uploaded to our servers and forwarded to OpenAI for transcription using the Whisper API. The transcript is then sent to Anthropic (Claude) to be turned into a structured quote.

Both OpenAI and Anthropic have committed, under their API terms, that they do not use API inputs to train their models. They process your data only to return the response, and they store it for a short period (typically up to 30 days) for abuse monitoring before deletion.

We do not store the raw audio on our own servers. The recording is streamed through our backend, transcribed by OpenAI, and discarded once the text transcript has been extracted. The transcript itself lives inside your quote and is deleted when you delete the quote or close your account.

We use a small set of third-party providers to run the service. Each one only receives the data it needs to do its job.

• Supabase — database, authentication, and file storage. Stores your account, your quotes, and your audio files.
• Vercel — application hosting and edge network. Handles every request you make to the site.
• OpenAI — voice transcription via the Whisper API. Receives your audio recordings only.
• Anthropic — quote generation via the Claude API. Receives the cleaned transcript and your quote prompt only.
• Stripe — payment processing (when paid plans launch). Handles billing details. We never see your card number.
• Resend — transactional email delivery (when email features launch). Sends sign-in links and quote notifications.

Each of these providers is bound by their own privacy policy and by contractual data-processing terms with us.

Your account data and quote content are stored on Supabase infrastructure. Our application is hosted on Vercel's global edge network. Both providers operate data centres in multiple regions, including the United States.

That means your personal information may be transferred to and processed in countries outside New Zealand and the United Kingdom. We rely on the contractual safeguards our providers offer (including standard contractual clauses where required) to keep your data protected to a comparable standard.

• Active account data — we keep it for as long as your account is open.
• Deleted quotes — purged within 30 days of deletion.
• Closed accounts — we delete your personal information within 30 days of account closure. Routine backups holding a copy are overwritten within a further 30 days.
• Aggregated usage metrics— we may keep de-identified statistics (e.g. “quotes generated this month”) indefinitely. These do not identify you.
• Records we are legally required to keep — tax invoices and similar records may be retained for the period required by NZ law (typically 7 years).

Under the New Zealand Privacy Act 2020 and, where it applies to you, the UK GDPR / EU GDPR, you have the right to:

• Access — ask for a copy of the personal information we hold about you.
• Correct — ask us to fix information that is wrong or out of date.
• Delete — ask us to remove your personal information. Email us from the address on your account and we will close it and delete your data within 20 working days.
• Export — get a copy of your quotes and client data in a machine-readable format.
• Object — tell us to stop processing your information for a particular purpose.
• Complain— to the New Zealand Office of the Privacy Commissioner (privacy.org.nz) or, in the UK, the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email privacy@tradies2quote.com. We respond within 20 working days.

We use a small number of essential cookies. They keep you signed in, remember your theme preference, and protect against cross-site request forgery. Without them, the app cannot function.

We do not use advertising cookies, tracking pixels, or third-party analytics that follow you around the web. If we add product-analytics in future (for example, anonymised usage measurement), we will update this policy before turning it on.

tradies2Quote is built for self-employed tradespeople and registered trade businesses. It is not directed at children and we do not knowingly collect information from anyone under the age of 16. If you believe a child has signed up, contact us and we will delete the account.

Data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted by our hosting providers (Supabase, Vercel). Passwords are hashed using industry-standard algorithms — we never store them in plain text.

Your account data is isolated at the database level using row-level security: a query running as your account literally cannot return another user's rows. No security is perfect, but we work to make a breach as costly and as small as possible.

We may update this policy as the product evolves. When we make a material change (something that affects your rights or changes how we use your data), we will notify you by email and inside the app before the change takes effect. The “Last updated” date at the top of this page always reflects the current version.

Questions about this policy, or want to exercise a right under it?

• Email privacy@tradies2quote.com
• Post: tradies2Quote, Tauranga, New Zealand