Privacy Policy

Last updated: March 2026

1. Overview

QuoteForge ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Austrian data protection laws (DSG).

2. Data Controller

Patrick Felber (Einzelunternehmer)
QuoteForge
7400 Oberwart, Burgenland, Austria
Email: privacy@quoteforge.app

3. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, password (hashed)
  • Profile data: Company name, logo, business address
  • Proposal data: Client names, project descriptions, pricing information
  • Usage data: Page views, feature usage, proposal analytics
  • Technical data: IP address, browser type, device information
  • Payment data: Processed by Stripe — we do not store credit card numbers

4. Legal Basis for Processing (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide our services
  • Legitimate interest (Art. 6(1)(f)): Analytics, security, fraud prevention
  • Consent (Art. 6(1)(a)): Marketing emails, optional analytics cookies
  • Legal obligation (Art. 6(1)(c)): Tax and accounting requirements

5. How We Use Your Data

  • To provide, maintain, and improve our services
  • To generate AI-powered proposals on your behalf
  • To send proposal tracking notifications
  • To process payments via Stripe
  • To analyze usage patterns and improve the platform
  • To comply with legal obligations

6. Data Sharing & Transfers

We share data with the following processors:

  • Google Cloud (Firebase): Authentication, file storage — EU/US (Standard Contractual Clauses)
  • Stripe: Payment processing — US (EU-US Data Privacy Framework)
  • Vercel: Frontend hosting — Global CDN (Standard Contractual Clauses)
  • Render: Backend hosting — EU/US (Standard Contractual Clauses)
  • Google AI (Gemini): AI proposal generation — processed without storing personal data
  • Resend: Transactional emails — US (Standard Contractual Clauses)

We do not sell your personal data to third parties.

7. Your Rights (Art. 15-22 GDPR)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability — receive your data in a machine-readable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise these rights, email us at privacy@quoteforge.app. We will respond within 30 days.

8. Data Retention

We retain your personal data for as long as your account is active. After account deletion, we delete all personal data within 30 days, except data we are legally required to retain (e.g., invoices for 7 years per Austrian tax law — BAO § 132).

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies. Analytics data is collected server-side without cookies. No cookie consent banner is required as we rely only on technically necessary cookies (§ 165 TKG 2021).

10. Security

We implement appropriate technical and organizational measures including: encryption in transit (TLS 1.3), encryption at rest, regular security audits, access controls, and automated vulnerability scanning.

11. Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien
dsb@dsb.gv.at
www.dsb.gv.at

12. Changes

We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification.