Legal

Privacy Policy

Last updated: 26 May 2026

This Privacy Policy explains what personal data PlutoPrice collects, why, and what your rights are. We've tried to write it in plain English. If anything's unclear, email info@plutoprice.co.uk and we'll explain.

Who we are

PlutoPrice is a software service based in the United Kingdom. We are the "data controller" for the personal data described below.

Contact: info@plutoprice.co.uk

What data we collect

  • Account data — your email address and a password hash when you sign up. Your name and business details when you fill out your profile.
  • Business data — your business name, trade, contact phone, VAT registration status, brand colour, and uploaded logo.
  • Quote data — the customer names, contact details, job descriptions, and pricing you create within the app.
  • Payment data — handled entirely by Stripe. We store only your Stripe customer ID and subscription ID; we never see your card number.
  • WhatsApp data (when enabled) — your verified mobile number, and the content of messages you send to PlutoPrice on WhatsApp.
  • Usage logs — basic technical logs (IP address, page accessed, timestamp, browser type) generated automatically by our hosting provider and retained for security/debugging.
  • Cookies — essential cookies only: one for your login session, one for anti-CSRF protection. We don't use advertising or cross-site tracking cookies.
  • Analytics — we use Cloudflare Web Analytics to count page views and visits so we can understand how people find us. It is privacy-first and cookieless: it sets no cookies, does not fingerprint you, and does not track you across other websites. It collects only aggregate, anonymous traffic data.

How we use it

We use your data to provide and improve PlutoPrice. Specifically:

  • To create and manage your account.
  • To generate quote drafts from your job descriptions using AI (see below).
  • To send quotes to your customers via a public link.
  • To process subscription payments and manage your billing.
  • To respond to support requests.
  • To detect and prevent fraud or misuse.

Lawful basis

Under UK GDPR, we rely on:

  • Performance of a contract for everything needed to deliver the service you subscribed to.
  • Legitimate interests for security, fraud prevention, and basic technical logging.
  • Consent for anything else — we'll ask you specifically if it applies (e.g. optional marketing emails, which we currently don't send).

AI processing — what you should know

When you draft a quote, the job description you type is sent to OpenAI to generate the quote structure. When you send a WhatsApp voice note (once enabled), the audio is sent to OpenAI's Whisper service for transcription.

OpenAI's API terms state they do not train their models on data submitted via the API. We do not send your customer contact details, prices, or quote totals to OpenAI — only the job description and your price book item names. If you'd rather not have your data processed by OpenAI, please don't use the AI drafting feature; you can still create quotes manually.

Who we share data with

We share your data only with the service providers we need to run PlutoPrice:

  • Stripe — payment processing (subject to Stripe's privacy policy).
  • OpenAI — AI quote drafting and voice transcription.
  • Twilio — WhatsApp message routing (once enabled).
  • Render — hosting our application and database.
  • GoDaddy — email hosting for support correspondence.
  • Google / Microsoft — only if you choose to sign in via Google or Microsoft.

We never sell your data. We don't share it with advertisers or marketers.

International transfers

Some of our service providers (Stripe, OpenAI) are based in the United States. Where personal data leaves the UK, it's covered by appropriate safeguards under UK GDPR (Standard Contractual Clauses or equivalent adequacy mechanisms).

How long we keep it

  • Active accounts — for as long as you have an account.
  • Deleted accounts — we delete account data within 30 days of deletion request.
  • Billing records — we retain invoices for six years to comply with HMRC requirements.
  • Backups — automated database backups are retained for up to 30 days.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have it corrected if it's wrong.
  • Have it deleted (subject to legal retention requirements like the HMRC six-year rule).
  • Receive a copy in a portable format.
  • Object to processing or ask us to restrict it.
  • Withdraw consent at any time (where we relied on consent).
  • Complain to the Information Commissioner's Office (ico.org.uk) if you think we've mishandled your data.

To exercise any of these, email info@plutoprice.co.uk. We aim to respond within 30 days.

Security

We protect your data with industry-standard measures: TLS encryption in transit, encrypted password hashes (we never store plain-text passwords), encrypted database at rest with our hosting provider, and minimal data sharing as described above. No system is perfectly secure, but we take it seriously.

Children

PlutoPrice is intended for use by people aged 18 or over operating in a trade. We don't knowingly collect data about children.

Changes to this policy

If we materially change this policy, we'll let registered users know by email and update the "Last updated" date at the top.

Contact

Questions? info@plutoprice.co.uk

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.