Privacy Policy

Effective May 7, 2026

Proposa ("Proposa," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect when you use the Proposa website and application (the "Service"), how we use it, who we share it with, and the choices you have. By using the Service, you agree to the terms of this Policy.

1. Information we collect

Information you give us

  • Account: name, email address, password (handled by Clerk), profile photo if you upload one.
  • Company & client data: business name, logo, contact details, industry, default terms, and similar profile information.
  • Proposal content: the text, scope items, pricing, timelines, terms, and any other content you create or upload, including client names and emails you enter.
  • Payment information: processed by Lemon Squeezy (our merchant of record). We do not store full card numbers; we receive only a token, the last four digits, brand, and expiration.
  • Support messages: anything you send us by email or in the application.

Information collected automatically

  • Usage data: pages visited, features used, clicks, and timestamps, via PostHog product analytics.
  • Device & log data: IP address, user agent, browser, operating system, referring URL, error logs, request timing.
  • Cookies & similar: session cookies for authentication (Clerk) and analytics identifiers (PostHog). You can block non-essential cookies in your browser; this may break some features.
  • Share-link analytics: when a recipient opens a proposal share link, we record view timestamps, IP-derived approximate location, and any comments or accept/decline decisions submitted on the page. This is shared with the proposal's owner so they can see when their proposal was opened.

2. How we use your information

  • provide and operate the Service: create accounts, render PDFs, store templates, deliver share links;
  • process payments and manage subscriptions;
  • generate AI drafts you request (your inputs are sent to our AI provider — see Section 4);
  • send transactional email (sign-up confirmations, billing receipts, share notifications);
  • analyze usage to improve features, fix bugs, and prioritize work;
  • prevent fraud, enforce our Terms, and comply with legal obligations.

We do not sell your personal information. We do not use your proposal content to train any AI model.

3. Legal bases (for users in the EU/UK)

We process your information under the following legal bases: (a) contract — to deliver the Service you signed up for; (b) legitimate interests — to operate, secure, and improve the Service; (c) consent — for non-essential cookies and marketing; and (d) legal obligation — for tax, accounting, and regulatory requirements.

4. Sharing with service providers

We use carefully chosen third-party providers to run the Service. They process your information only on our instructions and under their own commitments to security and privacy:

  • Clerk — authentication, account management.
  • Supabase — Postgres database hosting.
  • Vercel — application hosting and serverless functions.
  • Cloudflare R2 — object storage for logos and uploaded files.
  • Lemon Squeezy — payment processing & merchant of record.
  • Anthropic — AI draft generation (your prompt and proposal inputs are sent to Anthropic's API on your request).
  • Resend — transactional email delivery.
  • PostHog — product analytics.

We may also disclose information when required by law, to enforce our Terms, to protect the rights, property, or safety of Proposa, our users, or the public, or in connection with a merger, acquisition, or sale of all or part of our business.

5. International transfers

Your information may be transferred to, stored in, and processed in countries other than your own, including the United States. By using the Service, you consent to such transfers.

6. Data retention

We retain your information for as long as your account is active and as needed to provide the Service. After account deletion, we retain limited records (e.g. billing history) for as long as required by law or to resolve disputes. Backup copies may persist for a short period after deletion.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, to restrict or object to certain processing, and to withdraw consent. To exercise these rights, email support@proposa.app. We will respond within the timelines required by applicable law.

California residents may have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of the "sale" or "sharing" of personal information. We do not sell personal information.

8. Security

We use industry-standard measures to protect your information, including TLS in transit, encryption at rest where supported by our providers, scoped access tokens, and limited administrative access. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

9. Children

The Service is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. We will update the effective date at the top of this page and, for material changes, notify you in the application or by email. Continued use of the Service after the changes take effect constitutes acceptance.

11. Contact

Questions or requests? Email support@proposa.app.