ProposalAI

Privacy Policy

Effective: February 17, 2026

ProposalAI ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. This policy complies with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, and password when you create an account.
  • Billing Information: Payment method details and billing address, processed securely through Stripe. We do not store your full credit card number.
  • Usage Data: Information about how you interact with the Service, including pages visited, features used, timestamps, device information, browser type, and IP address.
  • Content Data: Data you input into the Service for processing.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: To operate, maintain, and deliver the features and functionality of the Service.
  • Billing and Payments: To process transactions and manage your subscription.
  • Analytics: To understand how users interact with the Service and to improve our product.
  • Communication: To send you transactional emails (account confirmations, billing receipts, security alerts) and, with your consent, product updates and announcements.
  • Security: To detect, prevent, and address fraud, abuse, and technical issues.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a Contract: Processing necessary to provide the Service you have subscribed to.
  • Legitimate Interest: Analytics, security, and product improvement, where our interests do not override your fundamental rights.
  • Consent: Marketing communications and non-essential cookies, which you can withdraw at any time.
  • Legal Obligation: Where required by applicable law, such as tax and accounting requirements.

4. Third-Party Service Providers

We share your information with the following trusted third-party service providers who assist us in operating the Service:

  • Stripe — Payment processing. Stripe processes your billing information in accordance with their Privacy Policy.
  • Supabase — Database hosting and authentication. Your account data and application data are stored on Supabase infrastructure.
  • Vercel — Application hosting and content delivery. Usage data and IP addresses may be processed by Vercel for hosting purposes.
  • Anthropic — AI processing. Content you submit for AI-powered features may be processed by Anthropic's Claude API to generate results. Anthropic does not use your data to train their models.

We do not sell your personal information to third parties.

5. Cookies

We use cookies and similar tracking technologies to operate the Service:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with the Service and to improve our product. You may opt out of analytics cookies through your browser settings.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, which may be retained for up to 7 years).

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the GDPR:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data.
  • Right to Restriction: Request that we restrict processing of your personal data.
  • Right to Portability: Request your personal data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest or for direct marketing.

8. Your Rights (CCPA)

If you are a California resident, the CCPA provides you with the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: We do not sell personal information, so this right does not apply.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

9. Data Deletion

To request deletion of your personal data, please email us at alejandroebufarini@gmail.com. We will process your request within 30 days and confirm deletion via email. Note that some data may be retained as required by law.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. When transferring data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice within the Service. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at alejandroebufarini@gmail.com.