✦ PropozalBack to home

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains how Propozal collects, uses, and protects your personal data, in compliance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

Propozal is the data controller responsible for your personal data. For any privacy-related request, contact our data protection team at privacy@propozal.com.

2. Data We Collect

  • Account data: name, email address, password (hashed), company details.
  • Proposal content: the proposals, client details, and documents you create.
  • Billing data: subscription status and payment metadata (processed by Stripe; we do not store card numbers).
  • Usage data: log data, device/browser information, and analytics events.
  • Client interaction data: proposal views, time spent, and signatures captured on public proposal pages.

3. How We Use Your Data

  • To provide, operate, and improve the service;
  • To generate proposal content via AI based on your inputs;
  • To process subscriptions and payments;
  • To send transactional emails (e.g. proposal viewed/signed notifications);
  • To analyze usage and improve performance and security;
  • To comply with legal obligations.

Our legal bases are: performance of a contract (providing the service), legitimate interests (security, product improvement), consent (where required), and legal obligation.

4. Data Retention

We retain your personal data for as long as your account is active. After account deletion, we remove or anonymize your data within 30 days, except where retention is required for legal, accounting, or fraud-prevention purposes.

5. Third-Party Processors

We share data with trusted sub-processors strictly to operate the service:

  • Supabase — database, authentication, and file storage (hosting your account and proposal data).
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • Google (Gemini API) — AI text generation from the inputs you provide.
  • Vercel — application hosting and privacy-friendly analytics.

Each processor is bound by data protection agreements and processes data on our instructions.

6. International Transfers

Some processors may store or process data outside the EU. Where this occurs, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data (“right to be forgotten”);
  • Restrict or object to certain processing;
  • Data portability — receive your data in a structured, machine-readable format;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@propozal.com. We respond within one month.

8. Cookies

We use strictly necessary cookies for authentication and session management, and privacy-friendly analytics cookies to understand aggregate usage. We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings.

9. Security

We implement industry-standard technical and organizational measures — encryption in transit, row-level security, access controls, and rate limiting — to protect your data. No method of transmission or storage is 100% secure, but we continuously work to safeguard your information.

10. Contact

For privacy questions or to exercise your rights, contact privacy@propozal.com.