Last Updated: March 27, 2026
Legal
At ProposalForge, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. It applies to all users of forgeproposals.com and related services.
This Privacy Policy applies to personal information processed by ProposalForge("we," "us," or "our") in connection with theProposalForge platform — an AI-powered proposal and invoice generation service for contractors and tradespeople — accessible at forgeproposals.com.
This policy covers information collected from:
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Service.
When you register and use the Service, you provide:
When you use the Service, we automatically collect:
When you generate a proposal using our AI feature, the information you enter into the proposal form — including contractor details, client name, project scope, and line items — is transmitted to Anthropic's Claude API for processing. This data is sent over an encrypted connection. Please see Section 6 for details on how Anthropic handles this data.
We use the information we collect for the following purposes:
Service Delivery
To create and maintain your account, generate AI-powered proposals, create invoices, send documents to clients via email, process digital signatures, and generate PDF files.
Billing & Subscription Management
To process payments through Stripe, manage your subscription tier, enforce plan limits, and send billing receipts.
Email Communications
To deliver proposals and invoices to your clients, send automated reminders (if proposals are unread or unsigned), and send you transactional notifications about your account. We do not send marketing emails without your explicit opt-in.
Fraud Prevention & Security
To detect and prevent fraudulent account creation (via device fingerprinting), enforce rate limits, and protect the integrity of the Service.
Product Improvement
To understand aggregate usage patterns using anonymized analytics data (Plausible), diagnose technical issues, and improve Service features.
Affiliate Program
To track referrals, attribute sign-ups to affiliate codes, calculate commissions, and process affiliate payouts.
Legal Compliance
To comply with applicable laws, respond to legal requests, and enforce our Terms of Service.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases under the General Data Protection Regulation (GDPR):
| Processing Activity | Legal Basis |
|---|---|
| Account creation & management | Contract performance (Art. 6(1)(b)) |
| Delivering proposals & invoices | Contract performance (Art. 6(1)(b)) |
| Billing via Stripe | Contract performance (Art. 6(1)(b)) |
| Fraud prevention & rate limiting | Legitimate interest (Art. 6(1)(f)) |
| Automated reminder emails | Legitimate interest (Art. 6(1)(f)) |
| Affiliate program tracking | Legitimate interest (Art. 6(1)(f)) |
| Anonymized usage analytics | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails | Consent (Art. 6(1)(a)) |
| Review & testimonial display | Consent (Art. 6(1)(a)) |
| Legal obligations (tax, compliance) | Legal obligation (Art. 6(1)(c)) |
We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account & profile data | Duration of account + 90 days after deletion request |
| Proposals & invoices | Duration of account + 90 days after deletion request |
| Client email addresses | Retained within proposals/invoices per above |
| Billing records (Stripe IDs) | As required by applicable tax law (typically 7 years) |
| Rate limit data (Upstash Redis) | Automatically expires within 1 hour (sliding window) |
| Device fingerprint data | Until account deletion or 2 years of account inactivity |
| Session tokens | Expire per NextAuth session configuration (typically 30 days) |
| Anonymized analytics events | Aggregated; no personal data retained by Plausible |
To request account deletion, email privacy@forgeproposals.com with the subject line "Account Deletion Request." We will process your request within thirty (30) days.
After an account deletion request is processed, we will delete or anonymize personal data within 90 days, except where retention is required by law (e.g., financial records) or necessary to resolve disputes or enforce agreements.
We implement technical and organizational measures to protect your personal information:
Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law. EU/EEA users will be notified within 72 hours of our becoming aware of a breach affecting their rights and freedoms, as required by GDPR.
ProposalForge is based in the United States. If you access the Service from outside the United States, your personal data will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.
Our primary service providers (Anthropic, Stripe, Resend, Google, Upstash, Neon) are U.S.-based companies. Where these transfers involve personal data of EEA/UK residents, we rely on:
For details on how we process data on your behalf, see our Data Processing Agreement. You may request a copy of the applicable transfer safeguards by contacting us at privacy@forgeproposals.com.
If you are located in the EEA or UK, you have the following rights under GDPR:
Right of Access
Request a copy of the personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data (“right to be forgotten”)
Right to Data Portability
Receive your data in a machine-readable format
Right to Object
Object to processing based on legitimate interest (including automated reminders)
Right to Restrict Processing
Request that we limit how we use your data in certain circumstances
Right to Withdraw Consent
Withdraw any previously given consent (e.g., for marketing or review display) at any time
You also have the right to lodge a complaint with your local supervisory authority. In the EU, find your authority at edpb.europa.eu.
California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know
Know what personal information we collect, use, share, or sell (we do not sell)
Right to Delete
Request deletion of your personal information
Right to Correct
Request correction of inaccurate personal information we hold about you
Right to Opt-Out of Sale/Sharing
We do not sell or share personal data for advertising purposes
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights
To exercise any of the above rights, contact us at privacy@forgeproposals.com with "Privacy Request" in the subject line. Please include your account email address so we can verify your identity.
We will respond to verified requests within thirty (30) calendar days. For complex requests, we may extend this period by an additional 60 days with prior notice.
The Service is intended for use by adults who are contractors, tradespeople, or business owners. We do not knowingly collect personal information from individuals under the age of 16.
If you believe we have inadvertently collected information from a minor, please contact us at privacy@forgeproposals.com and we will promptly delete such information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes, we will:
Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:
If you are located in the EU or UK and have concerns about how we handle your data, you may also contact your local data protection authority (see Section 10.1 for links).
© 2026 ProposalForge. Built for the trades.