Privacy Policy

QuotingHub is operated by QuotingHub (Pty) Ltd, registered in South Africa. We are the responsible party (as defined under the Protection of Personal Information Act 4 of 2013, “POPIA”) for the personal information we collect through our platform at quotinghub.co.za.

Contact us via our website

Account Information: Full name, email address, password (hashed), and business name provided at registration.

Business Data: Client names and contact details, supplier details, project names and numbers, quote and invoice content, and any other information you enter into the platform.

Payment Information: Billing details (processed securely by our payment provider — we do not store full card numbers).

Usage Data: IP address, browser type, pages visited, and actions taken within the platform for security and performance purposes.

Communications: Any emails or messages you send to our support team.

We use your personal information to:

• Provide, maintain, and improve the Service
• Process payments and manage your subscription
• Send transactional emails (account confirmation, invoices, password resets)
• Provide customer support
• Detect and prevent fraud, abuse, or security breaches
• Comply with our legal obligations under South African law

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

We process your personal information on the following grounds:

• Contract: Processing necessary to perform the Service you signed up for
• Legitimate interests: Security monitoring, fraud prevention, and platform improvement
• Legal obligation: Compliance with South African law, including POPIA and tax legislation
• Consent: Where you have specifically opted in (e.g. marketing communications)

We share your information only with:

• Supabase: Our database and authentication provider (data hosted in secure cloud infrastructure)
• Resend: Our transactional email provider, used only to send emails you trigger (e.g. sending a quote to a client)
• Payment processor: For billing and subscription management
• Legal authorities: Where required by South African law or a valid court order

All third-party processors are bound by appropriate data processing agreements and are required to protect your information.

Your data is stored on secure, encrypted servers. We implement industry-standard security measures including:

• Encryption in transit (HTTPS/TLS) and at rest
• Row-level security ensuring your data is isolated from other organisations
• Multi-factor authentication options for your account
• Regular security reviews

While we take all reasonable precautions, no system is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Regulator as required by POPIA within 72 hours of becoming aware of the breach.

We retain your personal information for as long as your account is active or as needed to provide the Service.

• Active accounts: Data retained for the duration of your subscription
• Cancelled accounts: Data retained for 24 months after cancellation, then permanently deleted
• Deletion requests: Upon a verified request under POPIA, personal data deleted within 30 days
• Financial records: Retained for 5 years as required by South African tax law

As a data subject under POPIA, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or outdated information
• Deletion: Request deletion of your personal information (subject to legal retention obligations)
• Objection: Object to the processing of your information in certain circumstances
• Complaint: Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us via our website. We will respond within 30 days.

The Information Regulator of South Africa can be reached at: www.justice.gov.za/inforeg

We use essential cookies required for the Service to function (authentication sessions). We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the platform. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

QuotingHub (Pty) Ltd — Information Officer

Contact us via our website