Privacy Policy

Your data.
Handled properly.

Last updated: 30 April 2026
Who we are

Quote & Done is operated by Melissa Iverach, based in Bathurst, NSW, Australia. We build voice-powered quoting and invoicing tools for Australian tradies.

For privacy questions, email mel@quoteanddone.com.

The short version
We collect what we need to run your quoting and invoicing. Your profile, quotes, and invoices are stored securely on our servers in Sydney so they're available across your devices and ready when your clients need them. Bank details are encrypted. AI providers process your voice and text to build quotes -- they delete it within 7-30 days and never use it for training. Payment details go directly to Stripe. We don't sell your data to anyone.
What we collect and why
01
Your business profile
Name, business name, ABN, trade, state, hourly rate, phone, email, and licence number. Why: so your quotes and invoices look professional and consistent every time.
02
Voice and text input
When you describe a job, your voice is transcribed and the text is sent to our AI to build the quote. Why: this is the core product -- turning your description into a structured, professional quote.
03
Quotes and invoices
Client name, phone, email, job address, scope of works, line items, and totals. Why: so your clients can view and accept quotes online, and so you have a reliable history of every job you've quoted.
04
Payment details
BSB and account number (for bank transfer invoices) are encrypted using AES-256 before storage. Card payments go directly to Stripe -- we never see your card number.
05
Usage data
Anonymous counts like "a quote was built" or "voice input was used." Why: to monitor whether the app is working properly. No names, no quote content, no way to identify you.
How we protect it

Encryption in transit. All data is encrypted using HTTPS/TLS between your device, our servers, and our technology partners.

Encryption at rest. Bank details (BSB and account number) are encrypted on our server using AES-256 -- even with direct access to our files, they're unreadable without the key. All data is hosted on encrypted volumes in Sydney, Australia.

Secure links. Every quote and invoice link uses a cryptographically random token. They cannot be guessed or discovered by changing the URL.

No training on your data. Your quotes, voice recordings, and business details are never used to train AI models -- not by us, not by our providers.

Technology partners

Anthropic (Claude) processes job descriptions to build quotes. Inputs and outputs are deleted within 7 days. Not used for training. Privacy policy.

OpenAI (Whisper) transcribes voice input. Data retained up to 30 days for abuse monitoring, then deleted. Not used for training. Privacy policy.

Stripe handles subscription billing and client payments via Stripe Connect. Card details go directly to Stripe. Privacy policy.

Fly.io hosts the application in Sydney, Australia. Privacy policy.

Google (Firebase Cloud Messaging) delivers push notifications to your device (e.g. "Karen accepted your quote"). Google receives a device token but not your quote content. Privacy policy.

Meta (Facebook Pixel) measures advertising effectiveness. Tracks page views and subscription events. Does not access your quote content or business details. You can opt out via Facebook ad preferences or a browser ad blocker. Privacy policy.

If any provider changes their data handling in a way we're not comfortable with, we replace them. The app is built to make that straightforward.

Your clients' data

When you quote or invoice a client, their contact details and job information are stored on our server so they can view, accept, and pay online. This data is deleted 90 days after the invoice is paid, or on request.

Client details included in voice input are processed by our AI providers, who delete them within 7-30 days.

Data retention

Your profile: stored on our server for as long as your account is active. Synced to your device for offline access.

Quotes and invoices: stored on our server for delivery and history. Paid invoices are deleted 90 days after payment. You can request deletion at any time.

Voice and text input: processed in real time. Deleted by our AI providers within 7-30 days.

Usage counts: anonymous, retained indefinitely for product monitoring.

Feedback: text you submit via the feedback panel is retained until we've read and acted on it.

Australian Privacy Act

The Privacy Act 1988 includes a small business exemption. We comply with the Australian Privacy Principles regardless, because it's the right standard for a business tool that handles trade and client data.

The small business exemption is being phased out. We're already ahead of those changes.

If you believe we've mishandled your personal information, contact us at mel@quoteanddone.com. You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Deleting your data

You can request deletion of your account and all associated data by emailing mel@quoteanddone.com. We'll confirm deletion within 5 business days.

Shared quotes and invoices that your clients have already accessed will be removed from our servers. Copies your clients may have saved (screenshots, PDFs) are outside our control.

Changes to this policy

We'll update this page as features change. For significant changes to data handling, we'll notify active users. Our commitments stay the same: your data is never used for AI training, sensitive details are always encrypted, and we only collect what the product needs to work.

This policy was last updated on 30 April 2026.