Skip to content
Q
QuoteNode

Privacy Policy

Last updated: March 2026

QuoteNode is self-hosted software. You deploy it on your own infrastructure and control all data processing. This privacy policy describes how the QuoteNode application handles data within your deployment.

Data Controller

When you deploy QuoteNode, you are the data controller. QuoteNode (the software vendor) does not have access to your instance, your database, or any data processed by your deployment.

You are responsible for your own privacy policy towards your customers and users, in compliance with applicable laws (GDPR, CCPA, or other local regulations).

What Data the Application Processes

QuoteNode processes the following categories of data within your instance:

User accounts

  • Name, email address, role, and authentication credentials (bcrypt-hashed passwords, optional TOTP secrets encrypted with AES-256-GCM)
  • Session data (encrypted cookies with configurable lifetime)
  • Login history (timestamps, IP addresses)

Customer records

  • Company details (name, tax ID, VAT-EU number, addresses)
  • Contact persons (name, position, email, phone)
  • Activity timeline (calls, meetings, notes, offer history)
  • Tags, groups, and custom discount rates

Offers and commercial data

  • Offer content (line items, pricing, discounts, trading terms)
  • Immutable snapshots created when offers are sent
  • PDF documents generated from offer data
  • Public link interaction data (opens, downloads, replies, decisions)
  • When a client opens a public offer link, the system records: timestamp, anonymizable IP address, country code (via local GeoIP database), user agent, and interaction type
  • IP addresses can be automatically hashed after a configurable retention period for GDPR compliance

What Data Leaves Your Instance

By default, no data leaves your instance. QuoteNode has no telemetry, no analytics callbacks, no external license server communication, and no CDN dependencies.

Data leaves your instance only when you explicitly configure it:

  • Email delivery — offer notifications sent via your configured SMTP server
  • Public offer links — offer content displayed to clients who access the link
  • Remote backups — if you configure rclone to push backups to cloud storage
  • Exchange rates — manually configured by the administrator; no automatic external fetching

Cookies

The QuoteNode application uses session cookies for authenticated users. These are:

  • Strictly necessary — required for authentication and session management
  • First-party only — no third-party cookies are set
  • Encrypted — session data is encrypted server-side
  • Configurable lifetime — set via application configuration

No advertising, tracking, or analytics cookies are used.

Data Retention

You control all data retention within your instance:

  • Audit logs — append-only, retained indefinitely by default (configurable)
  • IP addresses — configurable automatic anonymization after N days
  • Generated PDFs — retained until manually deleted or purged by retention policy
  • Backups — retention controlled by your backup configuration

GeoIP Data

QuoteNode uses a local MaxMind GeoLite2-Country database file for country-level geolocation. No IP addresses are sent to external services for geolocation. The database file is stored locally and updated manually or via scheduled download.

Children’s Privacy

QuoteNode is business software designed for professional use. It is not intended for use by individuals under the age of 16.

Changes to This Policy

This policy may be updated with new software releases. Changes are documented in the release notes.

Contact

For questions about data handling in the QuoteNode application, contact: [email protected]

Ready to own your data?

Free for freelancers. Reasonably priced for teams. Deploy in minutes with Docker Compose.

Get Started