Privacy Policy

1. Who we are

Proposera is an AI-powered proposal platform for small and mid-sized teams. This Privacy Policy explains what data we collect when you use Proposera, how we use it, who we share it with, and the controls you have. By "Proposera," "we," or "us" we mean the operators of proposera.app.

2. Information we collect

We collect three categories of information:

• Account information: your name, email address, organization name, and authentication provider details (e.g. Google OAuth identifiers) when you sign up.
• Content you create: proposals you draft, RFPs you upload, company-profile data you provide, team membership and invitation records, and metadata generated by your activity (timestamps, statuses, credit ledger entries).
• Operational telemetry: IP address, user-agent, page-view events, error reports, and similar diagnostic data collected automatically to keep the service reliable and secure.

3. How we use your information

We use the data above to provide the service (rendering your dashboard, generating proposals via AI, sending transactional email), maintain billing and access control, monitor for fraud and abuse, debug errors, and communicate with you about your account. We do not sell your data, and we do not use your proposal or RFP content to train AI models.

4. Third-party services

Proposera relies on the following sub-processors to deliver the service. Each handles your data only on our instructions and under its own published privacy practices:

• Supabase — database, authentication, and file storage. Hosts your account and content.
• Vercel — application hosting and edge delivery, including basic page- view analytics.
• Stripe — payment processing for paid plans and credit-pack purchases. Stripe receives billing information directly; we never see your full card number.
• Anthropic — AI inference (Claude models) for proposal generation, RFP qualification, and QA review. Anthropic processes your prompts to return completions; per their commercial terms, content sent through the API is not used to train models.
• Inngest — background job orchestration for long-running tasks such as document parsing, AI generation, and exports.
• Sentry — application error monitoring. Captures stack traces and limited contextual data when something breaks.
• Resend — transactional email delivery for invitations, trial reminders, and export notifications.

5. Cookies and similar technologies

We use first-party cookies for authentication (keeping you signed in) and for basic session state. Vercel Analytics records anonymized page-view events; no third-party advertising cookies are set. You can clear cookies via your browser at any time, though signing back in will be required.

6. Your rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Correction: update inaccurate or incomplete information.
• Deletion: request that we delete your account and associated content.
• Portability: request an export of your content in a machine-readable format.
• Objection: object to specific processing activities where we rely on legitimate interests.

To exercise any of these rights, email us at the address below. We will respond within 30 days. Residents of California (CCPA) and the European Economic Area, United Kingdom, and Switzerland (GDPR) have additional statutory rights that we honor on request.

7. Data retention

We retain your account and content for as long as your subscription is active. If you cancel, your proposals remain accessible in read-only mode for 90 days, after which they move to cold storage and can be restored on request. Billing records are retained for the period required by applicable tax and accounting law. Server logs and error reports are retained for 30 days.

8. Security

We protect your data with encryption in transit (TLS) and at rest, row-level security to isolate organizations in the database, and standard authentication safeguards. For more detail see our Security page.

9. International data transfers

Proposera is operated from the United States. If you access the service from outside the United States, your data will be transferred to and processed in the U.S. Our sub-processors maintain Standard Contractual Clauses or equivalent safeguards for transfers from the European Economic Area, the United Kingdom, and Switzerland.

10. Children's privacy

Proposera is not directed to children under 16, and we do not knowingly collect personal information from children. If we become aware that we have collected such information, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in the product and reflected in the "Last updated" date at the top of this page. Continued use of Proposera after the effective date constitutes acceptance of the updated policy.

12. Contact us

Questions or requests about this Privacy Policy can be sent to privacy@proposera.app. We will respond within a reasonable time, and within 30 days for verified rights requests.