Plain English summary: We collect only what we need to provide our service. We don't sell your data. You can delete your data at any time.
1. Who We Are
Quota is operated by Sam Waltham, trading as Quota, based in the United Kingdom. We provide automated quoting software for cleaning businesses via Facebook Messenger.
For privacy enquiries, contact us at: hello@quota.chat
2. Information We Collect
2.1 Information You Provide
| Data | Purpose |
|---|---|
| Email address | Account login, notifications, support |
| Password | Account security (stored encrypted) |
| Business name | Personalising messages to your customers |
| Services and pricing | Generating accurate quotes |
| Custom messages | Sending your preferred responses |
2.2 Information from Facebook
When you connect your Facebook Page, we receive:
- Page information: Page ID, name, and profile picture
- Page access token: Allows us to send messages on your behalf
- Customer messages: Messages sent to your Page via Messenger
- Customer names: First name of customers who message you
2.3 Information We Collect Automatically
- Usage data: How you use the dashboard (pages visited, features used)
- Device information: Browser type, operating system
- Log data: IP address, access times, error logs
3. How We Use Your Information
We use your information to:
- Provide the service: Process messages, generate quotes, send responses
- Improve the service: Understand usage patterns, fix bugs, develop features
- Communicate with you: Send notifications, respond to support requests
- Ensure security: Detect and prevent fraud or abuse
- Comply with law: Meet legal obligations, respond to lawful requests
4. Legal Basis for Processing (UK GDPR)
We process your data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Providing the service | Contract performance |
| Sending service notifications | Contract performance |
| Improving the service | Legitimate interests |
| Security and fraud prevention | Legitimate interests |
| Marketing communications | Consent (opt-in) |
| Legal compliance | Legal obligation |
5. How We Share Your Information
We do not sell your personal data. We share data only with:
5.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Meta (Facebook) | Messenger integration | Messages sent/received |
| Anthropic (Claude AI) | Message understanding | Message content (not retained by Anthropic) |
| Railway | Hosting infrastructure | All service data |
| Resend | Email notifications | Email addresses, notification content |
5.2 Legal Requirements
We may disclose data if required by law, court order, or to protect our rights, safety, or property.
5.3 Business Transfers
If Quota is acquired or merged, your data may be transferred. We will notify you of any change in ownership.
6. Data About Your Customers
When customers message your Facebook Page, we act as a data processor on your behalf. You remain the data controller for your customer data.
This means:
- You are responsible for your own privacy obligations to your customers
- We process customer data only to provide the service to you
- We do not use your customer data for our own marketing
- Customer data is deleted when you delete your account
7. International Data Transfers
Your data may be processed in countries outside the UK, including the United States (where some of our service providers are located). We ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by the ICO
- Data processing agreements with all providers
8. Data Security
We protect your data using:
- Encryption: All data encrypted in transit (HTTPS) and at rest
- Access controls: Limited access on a need-to-know basis
- Secure infrastructure: Industry-standard cloud hosting
- Password hashing: Passwords stored using bcrypt
- Token security: Facebook tokens stored encrypted
No system is 100% secure. If you become aware of any security issue, please contact us immediately.
9. Data Retention
We retain your data for as long as your account is active, plus:
- Account data: 30 days after deletion request
- Conversation history: 30 days after deletion request
- Billing records: 7 years (legal requirement)
- Server logs: 90 days
See our Data Deletion Policy for more details.
10. Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data
- Portability: Receive your data in a portable format
- Object: Object to processing based on legitimate interests
- Restriction: Request limited processing
- Withdraw consent: Where processing is based on consent
To exercise these rights, email hello@quota.chat. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
11. Cookies
We use essential cookies to:
- Keep you logged in to your dashboard
- Remember your preferences
- Maintain security
We do not use advertising or tracking cookies.
12. Children's Privacy
Quota is not intended for use by anyone under 18 years of age. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification
- Notice in the dashboard
- Updating the "Last updated" date above
Continued use of the service after changes constitutes acceptance of the updated policy.
14. Contact Us
For any privacy-related questions or to exercise your rights:
- Email: hello@quota.chat
- Website: quota.chat
We aim to respond to all enquiries within 48 hours.