P
ProposalAI

Privacy Policy

Effective April 27, 2026

This template describes the categories of data ProposalAI collects and how it is used. Replace the bracketed sections with content reviewed by your legal counsel before launch.

1. Information we collect

  • Account data — email, password hash, name, company, country, role.
  • Content — proposals, themes, settings, uploaded RFPs, vendor branding.
  • Usage data — requests to our API, page views, generation counts, error logs.
  • Billing data — handled and stored by Stripe; we keep only the customer ID and plan status.
  • Email tracking — when you send a proposal by email, we record opens, clicks, and views.

2. How we use it

  • To operate the service: authenticate you, generate proposals, render PDFs, send emails on your behalf.
  • To enforce plan limits and prevent abuse.
  • To respond to support requests.
  • To send service notifications (verification, password resets, billing).

3. Subprocessors

We share the minimum data necessary with the following providers:

  • Supabase — database, authentication, file storage.
  • Anthropic — AI proposal generation. Inputs are sent to Anthropic's API.
  • Stripe — payments and subscription billing.
  • Resend — transactional email.
  • Sentry — error monitoring.
  • Vercel — application hosting and edge delivery.

4. Cookies

We use a small set of cookies and similar storage. Essential cookies (used to keep you signed in) cannot be disabled. Analytics cookies can be declined via the cookie banner; doing so does not affect your ability to use the service.

5. Data retention

Account data is retained for as long as your account is active. Proposals and settings are kept until you delete them. When you delete your account, your data is removed from our systems within 30 days, except where retention is required by law.

6. Your rights

  • Access — view your data via the app.
  • Export — download your proposals and settings as a JSON archive from Settings → Account.
  • Correct — edit your information in Settings.
  • Delete — close your account from Settings → Account.
  • Object / restrict — contact us at the address below.

7. Security

Passwords are stored as salted hashes by our authentication provider. Connections are encrypted with TLS. API keys and webhook secrets are masked when stored. We log access to administrative endpoints.

8. International transfers

Data is processed in the regions of our subprocessors, primarily the United States and the European Union. We rely on standard contractual clauses where required.

9. Children

The service is not intended for users under 16.

10. Changes

We will notify registered users of material changes by email at least 30 days before they take effect.

11. Contact

Email privacy@proposalai.ai with privacy questions or to exercise the rights described above.

Questions? Contact support · Privacy · Terms

We use essential cookies to keep you signed in and analytics cookies to improve the product. Learn more.