Skip to main content
QuoteBase Logo
QuoteBase
Back to HomeGet Started

Privacy Policy

Last updated: April 17, 2026

Our Commitment to Privacy

QuoteBase ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our procurement automation platform.

Information We Collect

Personal Information

  • Email address and contact information
  • Company name and business details
  • Account credentials (managed securely via Supabase Auth)
  • Profile information and user preferences (theme, language)

Business Data

  • RFQ documents, Excel files, and procurement data
  • Supplier directory and communication history
  • Quote responses, pricing comparisons, and negotiation rounds
  • Custom field definitions and organization settings

Technical Information

  • IP addresses, device fingerprints (via Supabase)
  • Browser type, operating system, and screen resolution
  • Session cookies and authentication tokens (essential cookies only)
  • Privacy-first analytics via Umami (no personal data tracked)

How We Use Your Information

Service Delivery

  • Process RFQs, parse Excel files, and manage multi-round negotiations
  • Facilitate supplier communications via email (Resend) and portal access
  • Generate comparison reports, analytics dashboards, and export PDFs
  • Provide customer support and technical assistance

Platform Improvement

  • Analyze usage patterns with privacy-first analytics (Umami)
  • Enhance Excel parsing, column mapping, and custom field features
  • Improve Row Level Security (RLS) and multi-tenant isolation
  • Optimize performance with edge caching (Vercel) and database queries

Communication

  • Send transactional emails via Resend (password resets, RFQ notifications)
  • Provide product updates and feature announcements (opt-in only)
  • Share procurement best practices and ROI insights
  • Respond to support inquiries and feedback

Legal Compliance

  • Meet GDPR, CCPA, and Turkish KVKK requirements
  • Prevent fraud with Supabase Auth and secure session management
  • Enforce terms of service and acceptable use policies
  • Respond to legal requests and data subject access requests (DSARs)

Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. You can control cookie preferences through your browser settings.

View Cookie Policy

Data Security

We implement industry-standard security measures to protect your information:

  • TLS 1.3 encryption in transit (Vercel + Supabase)
  • AES-256 encrypted database storage (Supabase PostgreSQL)
  • Row Level Security (RLS) for multi-tenant data isolation
  • PKCE-based OAuth authentication with secure session management
  • Regular security audits and dependency updates
  • GDPR, CCPA, and Turkish KVKK compliance
  • Automated backups and disaster recovery (Supabase)
  • Secure payment processing via Paddle (PCI-DSS compliant)
  • All servers hosted in Frankfurt, Germany (EU data residency)

Data Storage & Location

All customer data is stored and processed exclusively within the European Union:

  • Primary database: Supabase Frankfurt (eu-central-1)
  • Application hosting: Vercel Frankfurt edge nodes
  • Redis cache: Upstash Frankfurt region
  • Email delivery: Resend (EU infrastructure)
  • No data transfers to non-EU countries except encrypted backups

Your Privacy Rights (GDPR & KVKK)

Access & Control

  • Access your personal data via dashboard export
  • Update profile information and organization settings
  • Export all RFQ data, quotes, and supplier information (JSON/CSV)
  • Request account deletion (30-day data retention for compliance)

Communication Preferences

  • Unsubscribe from marketing emails (transactional emails remain active)
  • Configure RFQ notifications, quote alerts, and deadline reminders
  • Manage cookie consent via Cookie Preferences dialog
  • Request data portability in machine-readable format

Contact Us

For privacy inquiries, data subject access requests (DSARs), or GDPR/KVKK compliance questions:

Email: hello@quotebase.io

Address: QuoteBase Privacy Team, İzmir, Turkey

Response Time: We respond to privacy inquiries within 30 days (GDPR/KVKK requirement)

Policy Updates

We may update this Privacy Policy periodically. We'll notify you of significant changes via email or platform notification. Continued use of our services after changes constitutes acceptance of the updated policy.

QuoteBase - Excel to RFQ in 2 Minutes | Smart Procurement Platform