Privacy Policy

Last updated: May 2026

    Quick Lead is designed with privacy first. Your job data and personal details stay on your own device. The only data stored on our servers is booking requests submitted by your clients, which are held temporarily (up to 30 days) and then deleted.
  

Who we are

Quick Lead is a job management app for tradespeople, operated by Quick Lead. For privacy enquiries contact: [email protected]

What data we collect and why

Your engineer details (name, company, phone, email, Gas Safe / NICEIC number)

Entered by you in Settings
Stored only on your device (browser localStorage) and backed up to Firestore
Used to populate invoices, certificates and email signatures

Job data (addresses, tenant names, phone numbers, job descriptions)

Extracted from your Quick Lead inbox by AI (Anthropic Claude) when you tap "Parse"
Stored only on your device and backed up to Firestore
Never stored on Quick Lead servers

Authentication

Sign-in is email and password only
Quick Lead does not connect to Gmail, Google Calendar, Google Drive, or any third-party email or calendar account
Authentication is handled by Firebase Authentication (Google Cloud) — only your email address and a hashed password are stored

Security log — sign-in IP and browser

On every successful sign-in we record your IP address, browser/device string (User-Agent) and the timestamp
Lawful basis: legitimate interest in protecting your account from unauthorised access and detecting credential stuffing or account takeover
Stored on Cloudflare KV (EU/US datacentres), automatically deleted after 90 days
Not shared with any third party. Used only for security review by Quick Lead
You can request deletion of this record at any time by emailing [email protected]

Third-party services

Firebase / Google Cloud (authentication & data storage)
Firebase Authentication stores your email address and hashed password. Firestore stores your job and account data. Google's privacy policy applies: policies.google.com/privacy

Anthropic (Claude AI)
When you parse a job email, the email content is sent to Anthropic's Claude API to extract job details. Anthropic's privacy policy applies: anthropic.com/privacy

VoodooSMS
If you configure SMS sending, tenant phone numbers and message content are sent to VoodooSMS to deliver text messages. Their privacy policy applies: voodoosms.com

Stripe
If you add a Stripe payment link to invoices, payments are processed directly by Stripe. Quick Lead does not handle payment card data. Stripe's privacy policy: stripe.com/gb/privacy

Data retention

Job data / app settings — stored in your browser localStorage indefinitely until you clear it or uninstall the app
Booking requests (submitted by your clients via your booking link) — stored on Cloudflare KV servers for up to 30 days, then automatically deleted
Push notification tokens — stored on Cloudflare KV for up to 2 years or until you disable notifications
SMS credentials (VoodooSMS username/password you enter in Settings) — stored on Cloudflare KV for up to 2 years or until you remove them

Data storage and security

All job data is stored in your browser's localStorage — on your device only
Booking requests, push tokens and SMS credentials are stored on Cloudflare's infrastructure (EU/US datacentres), encrypted in transit via HTTPS
Communication with all APIs is encrypted via HTTPS
No payment card data is ever handled by Quick Lead

Your rights (GDPR)

Under UK/EU GDPR you have the right to:

Access — your data is visible directly in the app
Deletion — clear all data from Settings → scroll to bottom, or clear your browser data
Portability — export your data as CSV at any time from Settings
Withdraw consent — sign out and clear browser data at any time

To exercise any right or raise a concern, contact: [email protected]

Cookies and local storage

Quick Lead does not use tracking cookies. We use browser localStorage solely to store your app data (jobs, settings, invoices) on your own device. This is necessary for the app to function.

Bot protection

Our public booking form may use Cloudflare Turnstile to distinguish real customers from automated bots. Turnstile is a CAPTCHA replacement designed by Cloudflare to be privacy-friendly: it does not show puzzles, does not track users across the web, and is designed to comply with UK-GDPR. Turnstile does collect limited browser characteristics (such as user-agent and timing signals) at the moment you submit the booking form, processed by Cloudflare under its own privacy policy at cloudflare.com/privacypolicy.

Children's privacy

Quick Lead is intended for use by tradespeople and business owners. We do not knowingly collect data from anyone under 16.

Changes to this policy

We may update this policy from time to time. The date at the top of this page will reflect any changes. Continued use of the app after changes constitutes acceptance.

Contact

For any privacy questions: [email protected]

Quick Lead — Privacy Policy