Privacy Policy

The controller responsible for processing personal data is:

Email: info@drafttoquote.com

For account data, billing data, website usage data, support communication, and our own business administration, DraftToQuote acts as the controller.

For personal data that users enter into DraftToQuote about their own clients, prospects, projects, or business contacts, the user is generally the controller and DraftToQuote acts as a processor acting on the user’s instructions.

Users are responsible for ensuring that they have a valid legal basis to process and upload such client data into DraftToQuote.

Where DraftToQuote processes personal data on behalf of a business user, we may act as a processor under Art. 28 GDPR. Business users who require a data processing agreement may contact us at privacy@drafttoquote.com.

We have not appointed a formal data protection officer.

For privacy-related questions, please contact us at:

privacy@drafttoquote.com

We may process the following categories of personal data:

We process personal data for the following purposes:

• creating and managing user accounts
• authenticating users
• generating quote drafts from client briefs
• saving and editing quotes
• creating public quote links
• rendering PDFs
• sending quote emails
• managing user preferences
• processing subscriptions and billing
• providing customer support
• improving reliability and security
• preventing misuse, fraud, and abuse
• complying with legal, tax, and accounting obligations

We process personal data under the following legal bases:

Providing account data, authentication data, and technical data is necessary to create and use a DraftToQuote account.

Providing quote and document data is necessary if you want to generate, save, edit, send, or export quotes.

Providing billing data is necessary if you purchase a paid subscription.

If you do not provide the required data, we may not be able to provide the relevant parts of the service.

DraftToQuote uses AI-assisted functionality to help users turn client briefs into editable quote drafts.

When you use quote generation, the brief text and related quote context may be sent to OpenAI in order to generate draft content.

OpenAI may process prompts, responses, and related technical metadata as necessary to provide and secure the AI service. According to OpenAI, API inputs and outputs are not used to train OpenAI models by default unless the account holder explicitly opts in.

You are responsible for reviewing and editing all AI-generated output before sending it to clients. AI-generated content may be incomplete, inaccurate, unsuitable, or inappropriate for a specific project.

Do not submit unnecessary sensitive personal data, special-category personal data, confidential third-party secrets, or data that you are not allowed to process.

Users are responsible for ensuring that they have the necessary rights, permissions, and legal basis to enter client information, project briefs, and related business data into DraftToQuote.

DraftToQuote is a tool for creating and managing quote documents. We do not verify whether users are legally entitled to process the data they enter.

We use technical service providers to operate DraftToQuote, including:

These providers may process technical and account-related data necessary to operate the service.

We use Stripe to process subscriptions and billing.

Stripe may process:

• billing name
• billing email
• billing address
• payment method information
• invoice data
• transaction metadata
• subscription status

We do not store full payment card details on our own servers.

We use Resend to send service-related emails.

This may include:

• quote emails
• account-related emails
• billing-related emails
• support messages
• delivery status data

If you choose to sign in with Google, Google may provide us with basic account information such as your email address, name, and profile identifier. We use this information to authenticate you and create or access your DraftToQuote account.

We use cookies, local storage, session storage, and similar technologies that are necessary to operate DraftToQuote.

These technologies may be used for:

• user login and authentication
• keeping users signed in
• session security
• fraud and abuse prevention
• remembering necessary user preferences
• maintaining the functionality of the application

These cookies and similar technologies are necessary to provide the service requested by the user.

We do not currently use non-essential analytics cookies, advertising cookies, marketing pixels, retargeting technologies, heatmaps, or session recording tools.

If we introduce optional analytics, advertising, marketing, or similar tracking technologies in the future, we will update this Privacy Policy and, where required, ask for consent before using them.

You can control or delete cookies through your browser settings. However, blocking necessary cookies may prevent parts of the service from working correctly.

DraftToQuote does not collect client deposits, escrow payments, or project funds on behalf of users.

Payments between users and their clients happen outside DraftToQuote. Users are solely responsible for their own client payment arrangements, invoices, taxes, and payment instructions.

We may share personal data with the following categories of recipients where necessary:

• hosting providers
• database and authentication providers
• payment providers
• transactional email providers
• AI service providers
• analytics or monitoring providers, if used
• legal, tax, or accounting advisors
• authorities where legally required

Current important providers include:

• Vercel
• Supabase
• Stripe
• Resend
• OpenAI
• Google, for Google login

Some of our service providers are based outside Germany, the European Union, or the European Economic Area, or may process personal data in countries outside the EU/EEA.

This may include providers such as OpenAI, Stripe, Google, Vercel, Supabase, and Resend, depending on their infrastructure, support, security, and subprocessors.

Where personal data is transferred outside the EU/EEA, we rely on legally recognized transfer mechanisms where required, such as:

• adequacy decisions by the European Commission
• Standard Contractual Clauses
• additional contractual, technical, or organizational safeguards
• other applicable transfer mechanisms under data protection law

You may contact us at privacy@drafttoquote.com for more information about applicable transfer safeguards.

We do not claim that all data always remains in Germany.

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless longer retention is required by law.

Typical retention periods:

DraftToQuote does not use personal data for automated decision-making with legal or similarly significant effects under Art. 22 GDPR.

AI-assisted quote generation creates editable draft content. Users remain responsible for reviewing, editing, and deciding whether to use any generated output.

Subject to the requirements of applicable law, you have the right to:

• request access to your personal data
• request correction of inaccurate data
• request deletion of your data
• request restriction of processing
• object to processing
• request data portability
• withdraw consent where processing is based on consent
• lodge a complaint with a supervisory authority

To exercise your rights, contact us at:

privacy@drafttoquote.com

You have the right to lodge a complaint with a data protection supervisory authority.

If you are located in Germany, you may contact the supervisory authority responsible for your federal state or any other competent data protection authority.

Responsible authority for our location:

Postal address:

Phone: +49 711 615541-0

Email: poststelle@lfdi.bwl.de

Website: https://www.baden-wuerttemberg.datenschutz.de

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

No online service can guarantee absolute security.

We may update this Privacy Policy from time to time. The current version will be available on this page.

If we make material changes, we may notify users by email, in-app notice, or another appropriate method.