Privacy Policy
Last updated: April 11, 2026
For service usage and account terms, please also review our Terms of Service.
1. Data Controller
InQuote, a company registered in Belgium with its registered office in Brussels, is the data controller for the personal data processed through the InQuote platform. Privacy and deletion requests are routed through the Contact page.
2. Data we process
We collect and process the following categories:
- Account details: name, email, profile identifiers, session metadata.
- Company and client records used for quotes, invoices, AI contexts, and workflow history.
- Billing fields for plan and subscription lifecycle with Stripe processor references.
- Integration metadata: OAuth grants, scope usage, external targets, and access outcomes.
- Security and sharing telemetry, including PIN verification events, lockouts, shared-link access outcomes, and audit signals.
- Product telemetry (cookieless) for usage and reliability monitoring.
3. Legal basis (GDPR Art. 6)
We process personal data to perform the contract, protect security, improve service reliability, meet legal duties, and process data where you provide explicit consent.
4. Purposes
We use your data to deliver the product, process documents, manage subscriptions, operate integrations, detect abuse, and improve reliability and user experience.
5. Retention schedule
Retention is purpose-based and configured as follows:
- Soft-deleted quotes, invoices, clients, and chat threads are cleaned up after 30 days.
- Active account, business, and billing records are retained while the account remains active.
- Security and audit data are retained for operational integrity and legal/forensic requirements.
- Integration tokens/credentials are encrypted and removed based on provider lifecycles and revocation actions.
6. Your rights and workflow
GDPR rights include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where applicable.
- Access your personal data
- Correct inaccurate data
- Request deletion (subject to legal limits)
- Restrict processing
- Request data portability
- Object to marketing/analytics processing
Submit rights requests via the Contact flow. We confirm within 30 days, with lawful extensions where required.
If needed, you may lodge a complaint with the Belgian Privacy Commission (GBA).
7. International transfers
Transfers outside the EEA are handled through provider safeguards, standard contractual clauses, and where applicable adequacy-based mechanisms.
8. Third parties and sub-processors
We rely on third-party processors for core infrastructure and integrations. The current operational list and transfer model are in our Sub-processors page.
9. Cookies and similar technologies
We only use essential cookies for in-app state, plus PostHog in cookieless mode for analytics. Full details are in the Cookie Policy.
10. Incident response
We maintain internal incident procedures for security events and suspected data exposure. Where law requires, we communicate with affected users and authorities.
11. Policy changes
We may update this Privacy Policy as operations evolve. We publish material updates in-app and through available account communications.