Legal

Privacy Notice

Last updated: 2026-07-12

Data controller: ACN 699 263 057 Pty Ltd (ABN 77 699 263 057), of Australia, trading as Smart Quote AI. Contact: support@smart-quote.com.

This Notice explains what personal information we collect, why, how we use and share it, and your rights under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"), and — where applicable — the EU General Data Protection Regulation ("GDPR") and the UK GDPR.

1. Information we collect

  • Account. Name, email, business name, role.
  • Usage & telemetry. Feature use, request logs, device and browser info, approximate IP-derived location, error diagnostics.
  • Content you create. Clients, jobs, quotes, notes and attachments.
  • Address geolocation. Coordinates derived from addresses you enter, used to render maps and travel-time estimates.
  • Support messages. Anything you send us by email or in-app.
  • Integration data. Xero organisation name, contacts, invoices and other records you choose to sync.
  • Payments. Handled by Paddle; we receive limited billing metadata (plan, status, country, last-4) but not full card details.

2. How we use it

To operate the Service, authenticate you, provide AI-assisted features, sync with connected apps (Xero, Google, Microsoft), send transactional emails, protect the Service from abuse, meet legal obligations, and improve the product.

3. Legal bases (GDPR / UK GDPR)

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — security, fraud prevention, product improvement.
  • Consent — non-essential cookies and marketing communications.
  • Legal obligation — tax, accounting, and lawful requests.

4. Subprocessors

Current subprocessors: Paddle (Merchant of Record and billing), Lovable Cloud (hosting, database, auth), Google (OAuth, maps), Xero (accounting sync, optional), and the Lovable AI Gateway (LLM inference). Microsoft (calendar OAuth) is a planned subprocessor and is not enabled until you connect it. See the always-current list on the DPA page.

5. International transfers

Personal data may be processed outside Australia, the EEA, and the UK. Where data is transferred out of the EEA/UK we rely on adequacy decisions or the European Commission's Standard Contractual Clauses (SCCs) with our subprocessors, together with appropriate technical safeguards.

6. Retention

We retain account and content data for as long as your account is active and for up to 12 months after cancellation, except where a longer period is required by law (e.g. tax records). Backups are rotated within 35 days.

7. Security

Data is encrypted in transit (TLS) and at rest. Access is scoped by row-level security. We follow least-privilege access controls and log administrative access.

8. Your rights

8.1 Under GDPR / UK GDPR

You have the right to: access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent, and to lodge a complaint with a supervisory authority (ICO in the UK; your local DPA in the EU). We respond within one month.

8.2 Under the Australian Privacy Principles

We comply with all 13 APPs, including open and transparent management (APP 1), anonymity where practicable (APP 2), only collecting what we need (APPs 3–5), using and disclosing only for permitted purposes (APP 6), direct-marketing controls (APP 7), cross-border safeguards (APP 8), identifier limits (APP 9), quality and security (APPs 10–11), and access and correction (APPs 12–13).

8.3 Making a request or complaint

Email privacy@smart-quote.com. If you are not satisfied with our response you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au — 1300 363 992.

9. Notifiable Data Breaches

We follow the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. Eligible data breaches are assessed within 30 days and, where notification is required, we notify affected individuals and the OAIC as soon as practicable.

10. Data Processing Agreement

A DPA is available on request; see /legal/dpa.

11. Cookies

See our Cookie Policy. You can change your preferences at any time.

12. Changes

We will notify material changes in-app or by email.