PROPOSIA

Privacy Policy

Last Updated: October 2025

1. Introduction

PROPOSIA ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at proposia.ai and our AI-powered research proposal generation service (collectively, the "Service").

Our company complies with the EU's General Data Protection Regulation (GDPR). For any privacy-related questions or to exercise your data protection rights, please contact us at [email protected].

2. Information We Collect

A. Information You Provide to Us:

  • Account Information: When you register for an account, we collect personal information such as your name and email address.
  • Payment Information: When you purchase pay-as-you-go usage or one-time credit bundles, our payment processor, Stripe, will collect your payment information. We do not store your full credit card details.
  • User Content: We process the research documents, text, and data you upload to the Service ("User Content") to provide you with our AI-powered proposal generation assistance.
  • Communications: If you contact us directly, we may receive additional information about you, such as the contents of your message.

B. Information We Collect Automatically:

  • Usage Data: We collect information about how you interact with our Service, such as features used, pages visited, and time spent on the Service.
  • Log and Device Data: Like most websites, we automatically collect log information, including your IP address, browser type, operating system, and device information.
  • Cookies: We use cookies and similar tracking technologies to operate and personalize our Service.

3. How We Use Your Information and Our Lawful Basis

We use your information for specific purposes and only where we have a lawful basis to do so under GDPR:

  • To Provide and Maintain the Service: We use your Account Information and User Content to operate our Service, generate your requested proposals, and manage your account. Lawful basis: performance of a contract.
  • To Communicate with You: We use your contact information to send you service-related updates, security alerts, and support messages. Lawful basis: performance of a contract; legitimate interest.
  • For Billing and Account Management: We use your information to process payments and manage your purchases and credits. Lawful basis: performance of a contract.
  • To Improve Our Service: We may use anonymized and aggregated Usage Data to analyze trends and improve the Service's functionality. Lawful basis: legitimate interest.
  • For Marketing: With your explicit consent, we may send you emails about new products or special offers. You can withdraw your consent at any time. Lawful basis: consent.

4. Your Research Documents and Our AI Model: Our Confidentiality Pledge

Your trust is paramount. We treat your User Content with the strictest confidentiality.

PURPOSE-LIMITED AND SECURE PROCESSING:

We process your User Content to operate, provide, and secure the Service you request. Access to this data is tightly controlled under the principle of least privilege, with encryption in transit and at rest.

NO THIRD-PARTY MODEL TRAINING:

We do not permit third parties to use your User Content to train their AI models. Our processors are bound by agreements that prohibit use of your data for their independent purposes.

CONFIDENTIALITY:

We treat your User Content as confidential and implement administrative, technical, and physical safeguards to protect it from unauthorized access or disclosure.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers (Processors): We may share information with third-party vendors who act solely as our processors (e.g., cloud hosting/infrastructure, payment processing via Stripe, email delivery). We have Data Processing Agreements (DPAs) with these providers that require them to protect your data, process it only on our instructions, and prohibit them from using it for their own purposes, including training their AI models.
  • Legal Compliance: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement robust technical and organizational measures to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS) and at rest (AES-256), and strict access controls. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Information: We retain your account information for as long as your account is active or as needed to comply with our legal obligations.
  • User Content: We retain your User Content on our servers to allow you to access and edit it. You can delete your User Content at any time from your account. Upon account deletion, all associated User Content will be permanently deleted from our active systems.

8. Your Data Protection Rights (GDPR)

As a user in the EU, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. You also have the right to lodge a complaint with a supervisory authority, such as the Spanish Data Protection Agency (AEPD).

9. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy, such as by implementing the European Commission's Standard Contractual Clauses for transfers of personal information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: [email protected]