Privacy Policy — ConfigQuote

Overview

ConfigQuote (“we”, “us”, or “our”) operates configquote.com and the ConfigQuote SaaS platform. This Privacy Policy explains how we collect, use, and protect information about you when you use our services.

By using ConfigQuote you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

Data We Collect

We collect information in three ways:

Account & Profile Data

Name and email address (when you register or contact us)
Company / workspace name and subdomain slug
Billing name and address (collected by Stripe; we do not store card numbers)
Profile information you choose to provide

Usage & Technical Data

IP address, browser type, and device information
Pages visited, features used, and actions taken within the app
Log files and error reports
Session and authentication tokens (stored in encrypted cookies)

Data You Submit

Customer contacts, quotes, and products you create in the platform
Configuration rules and product catalogue data
Integration credentials (stored encrypted at rest)

Google OAuth & Gmail Integration

ConfigQuote offers an optional Gmail connection that lets you send quote emails directly from your own Gmail address. When you click Connect Gmail:

You are redirected to Google’s secure authorisation screen.
We request the https://www.googleapis.com/auth/gmail.send scope (send emails on your behalf) and basic profile scopes (userinfo.email, userinfo.profile) to identify which account was connected.
We store the OAuth access token and refresh token, encrypted in your isolated workspace database, solely to send emails on your behalf.
We do not read, store, or analyse your Gmail inbox or any emails you receive. Tokens are used exclusively to send outbound quote emails that you initiate within the platform.
You can revoke access at any time from the Email Provider page in your workspace, or directly from your Google Account permissions page. Upon revocation, all stored Google OAuth tokens are immediately deleted from our systems.
ConfigQuote does not share Google user data with any third parties except as strictly necessary to deliver the email-sending feature on your behalf.

Permitted uses of Google user data

Google user data (including OAuth tokens and profile information obtained via Google APIs) is used only to provide and improve the ConfigQuote features you have requested — specifically, sending outbound quote emails from your connected Gmail address. No Google user data is used for any other purpose.

Prohibited uses — we will never use Google user data for

Targeted, personalised, retargeted, or interest-based advertising
Serving or facilitating advertisements of any kind
Selling, renting, or providing data to data brokers or information resellers
Determining credit-worthiness or for lending decisions
Building or enriching user profiles for purposes unrelated to ConfigQuote
Training machine learning or AI models
Any purpose not directly related to providing the email-sending feature you have explicitly enabled

ConfigQuote’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

Stripe Payments

Subscription billing and payment processing is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. We do not collect or store full credit card numbers on our servers.

When you subscribe, you are redirected to a Stripe-hosted Checkout page. All card data is entered directly on Stripe’s servers.
We store your Stripe customer ID and subscription status to manage your plan and send billing notifications.
Stripe may use your payment data for fraud detection and legal compliance. See Stripe’s Privacy Policy for full details.
Invoices and billing history are accessible from the Billing page in your workspace.

How We Use Your Data

Provide, operate, and improve the ConfigQuote service
Authenticate your identity and maintain session security
Process payments and manage your subscription
Send transactional emails (account activation, invoices, password reset, quote notifications)
Respond to support requests and enquiries
Monitor service health, diagnose bugs, and prevent abuse
Comply with applicable legal obligations

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Data obtained via Google APIs (including Google OAuth tokens and profile information) is used only to provide the email-sending feature you have explicitly connected. It is never used for advertising, analytics beyond service operation, AI training, or any purpose unrelated to delivering that feature.

Sharing & Disclosure

We share data only in these limited circumstances:

Service providers — Stripe (payments), cloud infrastructure providers (hosting, databases), and email delivery services — under strict data processing agreements.
Legal requirements — when required by law, court order, or to protect our rights and the safety of users.
Business transfer — if ConfigQuote is acquired or merges, user data may transfer as part of that transaction. We will notify you via email or a prominent site notice beforehand.

Data Retention

We retain your data for as long as your account is active. When you delete your workspace:

Your workspace database (quotes, customers, products, integrations) is scheduled for deletion within 30 days.
Billing records and invoices may be retained for up to 7 years for legal and tax compliance.
Anonymised aggregate usage statistics may be retained indefinitely.

Security

We implement industry-standard security measures:

All data in transit is encrypted via TLS (HTTPS).
Sensitive credentials (OAuth tokens, SMTP passwords) are encrypted at rest using AES-256.
Each customer workspace runs in an isolated database, preventing cross-tenant data access.
Access to production infrastructure is restricted to authorised personnel only.

No method of internet transmission is 100% secure. If you discover a security vulnerability, please report it to security@configquote.com.

Your Rights

Depending on your location you may have the right to:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate data.
Erasure — request deletion of your data (subject to legal retention obligations).
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests.
Restriction — request we limit how we process your data in certain circumstances.

To exercise any of these rights, email privacy@configquote.com. We will respond within 30 days.

Cookies

ConfigQuote uses strictly-necessary cookies only:

Cookie	Purpose	Duration
configquote_session	Authenticated session management	Session
XSRF-TOKEN	CSRF protection	Session
theme	Dark / light mode preference (localStorage)	Persistent

We do not use advertising or third-party tracking cookies.

Children’s Privacy

ConfigQuote is a business service not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, contact us immediately at privacy@configquote.com.

Changes to This Policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top. For material changes, we will notify you by email or via an in-app notice at least 14 days before the change takes effect. Your continued use of ConfigQuote after the effective date constitutes acceptance of the revised policy.

Contact Us

For privacy enquiries, data requests, or to report a concern:

ConfigQuote

Privacy: privacy@configquote.com

Security: security@configquote.com

Website: configquote.com