How We Keep Your Data Safe

All data moving between your browser and QuickEstimate's servers is encrypted using industry-standard protocols. Your stored data is equally protected.

• All connections use TLS 1.2 or higher — the same standard used by banks and payment processors
• Data at rest is encrypted using AES-256, one of the strongest encryption algorithms available
• Passwords are never stored in plain text — they are hashed using bcrypt before being saved
• SSL certificates are automatically renewed so there's no lapse in protection

Even in the unlikely event of a breach at the infrastructure level, encrypted data cannot be read without the decryption keys, which are stored separately and securely.

QuickEstimate is hosted on enterprise-grade cloud infrastructure with multiple layers of physical and network security built in.

• Hosted on ISO 27001-certified data centres with 24/7 physical security and access controls
• Servers are isolated in a private virtual network — not publicly accessible by default
• Firewalls and intrusion detection systems monitor all traffic in real time
• Regular third-party penetration testing is carried out to identify and fix vulnerabilities
• Automatic security patches are applied to keep server software up to date

We give you the tools to control who can access your QuickEstimate account and what they can see or do within it.

• Two-factor authentication (2FA) available for all accounts — strongly recommended for all users
• Role-based permissions let you control what team members can view or edit
• Session timeouts automatically log out inactive users after a set period
• Login activity logs let you review recent sign-ins and flag anything suspicious
• Suspicious login attempts trigger account alerts and optional temporary lockouts

If you ever suspect unauthorised access to your account, you can immediately revoke all active sessions from the Security tab in your account settings.

Your data is backed up automatically and continuously so that nothing is ever lost, even in the event of an unexpected system failure.

• Full database backups run daily and are stored in geographically separate locations
• Incremental backups capture changes every hour to minimise potential data loss
• Backups are encrypted and tested regularly to confirm they can be restored successfully
• In the event of data loss, recovery can be completed within a defined recovery time objective (RTO)

Backup retention periods vary by plan. Enterprise plans include extended backup history. See your plan details or contact support for specifics.

QuickEstimate is built to comply with major data protection regulations and to respect your rights over the data you store with us.

• Compliant with GDPR (EU), UK GDPR, and Australian Privacy Act requirements
• We never sell your data or use your business information for advertising purposes
• You own your data — it can be exported in full at any time from your account settings
• On account closure, your data is permanently deleted within 30 days upon request
• Sub-processors and third-party integrations are vetted and listed in our privacy policy

Despite robust preventive measures, we maintain a clear, tested response plan for security incidents so we can act quickly and communicate transparently.

• A dedicated security incident response team is on call around the clock
• Affected users are notified within 72 hours of a confirmed breach — in line with GDPR requirements
• Notifications include a clear description of what data was affected and what steps to take
• Post-incident reports are published openly to explain what happened and how it was resolved
• We work with independent security researchers through a responsible disclosure programme

Our goal is always to be faster, clearer, and more transparent than required. If something goes wrong, you'll hear from us promptly and honestly.