1. Who we are
PartQuote (Dutch Chamber of Commerce [KvK pending], VAT [BTW pending]) brokers between customers with CNC manufacturing needs and CNC suppliers. For privacy questions reach us at support@partquote.eu.
2. What data we process
On signup: name, email address, company details (Chamber of Commerce number, VAT id, billing and shipping address). Authentication is handled by Clerk; we receive only the email and user id from Clerk.
On quote request: the STEP file you upload, machining specifications (material, quantity, tolerance, surface finish, lead time) and your notes.
During order processing: status updates, shipping address, and — only after you explicitly accept the quote — your STEP file becomes visible to the selected supplier.
For invoicing: payment details (IBAN for SEPA bank transfers) and invoice history.
3. Purpose and lawful basis
We process your data to (a) manage your account, (b) compute a price via our parser, (c) match your quote request to a suitable supplier, (d) coordinate production and delivery, (e) issue invoices and (f) comply with legal obligations (7-year accounting retention).
Lawful basis: performance of the contract between you and PartQuote (GDPR Art. 6(1)(b)) and where applicable legal obligation (Art. 6(1)(c)).
4. Sharing with suppliers
On quote acceptance, your STEP file and machining spec are shared with the supplier PartQuote selects. Every supplier signs a Data Processing Agreement (DPA) and a Non-Disclosure Agreement (NDA) with PartQuote before getting access to customer files.
We do NOT share your identity (name, contact details) with suppliers; only project context and the file. Other suppliers who can see the project during the assignment process are not shown your identity either.
5. Retention
Account data: while your account is active, plus 30 days after deletion.
Quote requests and STEP files: 12 months after creation (so you can re-request a previous quote). Earlier deletion on request.
Invoices, orders, accounting records: 7 years (legal retention).
Audit logs (admin actions): 24 months.
6. Your GDPR rights
You have the right to access, rectify, erase, restrict, port and object. Email support@partquote.eu and we respond within 30 days.
Account deletion is available via the account page or by email. There is no fee for exercising GDPR rights.
You may also file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl) or your national equivalent.
7. Security
Files are stored encrypted in Supabase Storage with access gated by short-lived signed URLs (max 5 minutes). The parser runs on a private server. Authentication uses Clerk over TLS. Production database access is limited to PartQuote personnel with two-factor authentication.
8. Cookies
We use only functional cookies (Clerk session, language preference, cookie consent). No tracking or advertising cookies.
9. Changes
We may update this policy. Material changes will be communicated to registered users by email.