QuoteCore+Back to homepage

Privacy Policy

Effective date: 12 May 2026

This Privacy Policy explains how QuoteCore+ ("we", "our", "us") handles personal data when you visit our website at quote-core.com and when you sign up for early access to our forthcoming web application.

This policy covers the public website only. A separate Privacy Policy applies to the QuoteCore+ web application itself and is presented to users when they sign in to it.

We are based in Costa Rica but our visitors and future users are in many countries. We treat every person according to the strictest privacy law that applies to them, which in most cases is the EU/UK GDPR.

Who we are

The data controller for the website and the early-access list is:

[Costa Rica Entity Name TBC]
[Costa Rica Registered Address TBC]
Email: info@quote-core.com

For visitors in the EU or UK, we have not yet appointed a representative under Article 27 of the GDPR / UK GDPR. Until we do, you can contact us directly at the email above for any privacy queries.

What we collect

When you simply browse the website

  • Standard server-side request data: IP address, user-agent string, referrer, and page paths. Used for security and operational diagnostics.
  • A small set of strictly-necessary cookies required to deliver the page. Not used for analytics or advertising.

When you sign up for early access

  • The email address you submit through the early-access form.
  • The timestamp of the submission and the IP address it came from (for anti-abuse purposes).

What we do NOT collect

  • No advertising cookies, no retargeting pixels, no social media tracking pixels.
  • We do not buy or sell personal data, ever.

Why we use it

  • To run the website — serve pages, prevent abuse, keep the site available.
  • To contact you about early access — let you know when QuoteCore+ opens up.
  • To send transactional product updates related to early access.
  • To comply with the law.

Lawful basis (GDPR)

  • Consent (Art. 6(1)(a)) — for adding you to the early-access list. You can withdraw at any time.
  • Legitimate interests (Art. 6(1)(f)) — to keep the website secure and working.
  • Legal obligation (Art. 6(1)(c)) — to retain records required by law.

Who we share with

  • Supabase — database and storage for the early-access list. Hosted in the EU (Frankfurt).
  • Vercel — web hosting. Global edge network; data may transit US infrastructure.
  • Resend — transactional email delivery. US-based.

We do not sell your data and we do not share it with advertisers, analytics providers, or social platforms.

Where data is stored

Your early-access record is stored in the EU (Supabase eu-central-1, Frankfurt). Email delivery transits the US via Resend. For transfers outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs).

How long we keep it

  • Early-access email addresses — kept until QuoteCore+ launches and for a reasonable period thereafter, or until you ask us to delete it. If you do not claim a spot within 12 months of launch, we delete your entry.
  • Server logs from Vercel/Supabase — per their own retention policies (typically 30 days).
  • Email delivery logs at Resend — typically 30-90 days.

Your rights

Contact us at info@quote-core.com to exercise any of these rights — we will respond within one month.

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — have your early-access entry deleted.
  • Portability — receive your data in a machine-readable format.
  • Restriction — pause our processing while a dispute is resolved.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — at any time, by emailing us or clicking unsubscribe.

California residents have additional rights under CCPA/CPRA. Costa Rica residents have rights under Law 8968 (PRODHAB). These broadly mirror the GDPR rights above.

Cookies

The website uses strictly-necessary cookies only: session/CSRF tokens required for the site to load and the early-access form to submit safely, and a cookie-notice dismissal value. We do not use analytics, advertising, or social media cookies.

Security

We take reasonable technical and organisational measures including HTTPS everywhere, encrypted-at-rest storage, row-level security on the database, and rate-limiting on the early-access form. If we ever suffer a breach that affects your data, we will notify you and relevant regulators within statutory timeframes.

Children's data

QuoteCore+ is a business tool for trades. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we will delete the entry.

Changes to this policy

When we update this policy materially, we will update the effective date at the top and notify early-access subscribers by email if the change affects how we use their data.

The QuoteCore+ application

When QuoteCore+ launches and you create an account, a separate Privacy Policy will apply to your use of the application. Until then, only this website policy applies.

Contact us

Privacy queries, rights requests, or anything else:
info@quote-core.com