← Back to ProposalBolt

Privacy Policy

Last updated: April 2026

1. Information We Collect

Data Type	Purpose	Retention
Account Data (name, email, phone)	Authentication, communication	Until account deletion
Organization Data (company name, GST number, address)	Proposal generation, tax calculations	Until account deletion
Proposal Content (client details, project info, pricing)	Core service delivery	30 days after account deletion
Usage Analytics (proposal views, opens, IP addresses)	Service improvement, proposal tracking	12 months
Payment Data	Subscription billing	Processed by Razorpay (PCI-DSS compliant)

2. How We Use Your Data

• Service Delivery: To generate proposals, calculate taxes, and manage your account.
• AI Processing: Your project briefs are sent to Anthropic's Claude API for proposal generation. We use ephemeral processing — your data is not stored by the AI provider beyond the request.
• Proposal Tracking: When your clients view shared proposals, we track view events (time, IP, user agent) to provide you with analytics.
• Communication: To send transactional emails (password resets, proposal delivery) and product updates.
• Improvement: Anonymized, aggregated usage patterns to improve the Service.

3. Data Sharing

We do not sell your data. We share data only with:

• Anthropic (Claude AI): Project briefs for AI generation. Governed by Anthropic's data processing terms.
• Razorpay: Payment processing. We never store card details.
• Email Provider: For transactional emails via SMTP.
• Legal Requirements: If required by Indian law or court order.

4. Data Storage & Security

• All data is stored on servers located in India.
• Passwords are hashed using bcrypt (cost factor 12).
• Authentication uses JWT tokens with configurable expiry.
• All API traffic is encrypted via HTTPS/TLS.
• Input sanitization prevents XSS and injection attacks.
• Rate limiting protects against brute-force attacks.

5. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:

• Access: Request a copy of your personal data.
• Correction: Update inaccurate data through your settings.
• Erasure: Delete your account and all associated data.
• Portability: Export your proposals in PDF format.
• Grievance: File complaints about data processing.

6. Cookies

We use minimal cookies:

• Authentication Token: Stored in localStorage (not cookies) for session management.
• Essential Cookies: Required for the Service to function.
• We do not use third-party tracking cookies.

7. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

8. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users within 72 hours via email and take immediate steps to mitigate the impact.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email. Continued use of the Service constitutes acceptance.

10. Contact & Grievance Officer

For privacy-related queries or to exercise your rights:

• Email: privacy@ProposalBolt.in
• Grievance Officer: Available as required under DPDPA.

By using ProposalBolt, you acknowledge that you have read and understood this Privacy Policy.