Privacy Policy
Last updated: May 20, 2025
ProposalLift (“we,” “our,” or “us”) operates the ProposalLift website at proposallift.com and the ProposalLift Chrome extension (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address and a hashed password (or OAuth tokens if you sign in with Google). We do not store plain-text passwords.
1.2 Organization & Profile Data
You may provide personas (freelancer bio, tone, skills), proposal templates, and custom hooks. This content is stored in our database and used solely to generate proposals on your behalf.
1.3 Portfolio Projects
If you upload portfolio items, we store them and compute vector embeddings (numeric representations) so the AI can find the most relevant examples for each proposal. Raw project text and embeddings are stored in our database.
1.4 Data Extracted by the Chrome Extension
When you use the Chrome extension on an Upwork proposal page, it reads the following information visible on that page and sends it to the ProposalLift backend to generate a draft:
- Job title
- Job description
- Required skills
- Budget or hourly rate
- Experience level
- Screening question text (only when you enable the “Include screening answers” option)
This data is used only to generate your proposal draft. It is not stored permanently on our servers after the generation request completes.
1.5 Usage & Technical Data
We collect standard server logs (IP address, request timestamps, HTTP status codes) for security monitoring and debugging. We do not use third-party analytics trackers on the extension or the dashboard.
1.6 Billing Information
Payments are processed by Stripe. We do not store full credit card numbers. Stripe shares with us only a payment method token, the last four digits of your card, and subscription status. Stripe's privacy policy governs how Stripe handles your payment data.
2. How We Use Your Information
- Proposal generation. Job data extracted by the extension, along with your selected persona and template, is sent to an AI provider (Anthropic or OpenAI, depending on the model you choose) to generate a proposal draft. The AI provider processes this data under its own privacy policy and does not retain it for model training via our API integration.
- Service operation. Account data, personas, templates, and portfolio items are used to operate and improve the Service for you.
- Billing and subscriptions. Billing data is used to process payments and manage your subscription.
- Security and abuse prevention. Server logs and rate-limiting data are used to detect and prevent unauthorized access.
- Communications. We may send transactional emails (password reset, billing receipts) via Resend. We do not send marketing email without your explicit consent.
3. AI Processing Disclosure
To generate proposal drafts, we forward job data and your persona content to one of the following AI providers via their API:
- Anthropic (Claude models) — see anthropic.com/privacy
- OpenAI (GPT models) — see openai.com/policies/privacy-policy
Both providers' API terms prohibit using API inputs to train their models without your consent. We do not use your data for AI model training.
4. Chrome Extension — Additional Disclosures
4.1 Permissions Used
- storage — stores your session tokens and preferences locally on your device (
chrome.storage.local/sync). Tokens are never synced across devices. - windows — opens the sign-in popup window.
4.2 Host Permissions
The extension connects only to proposallift.com (the ProposalLift API) and *.supabase.co (authentication). It does not communicate with any other domain.
4.3 Content Script Scope
The content script is injected only on Upwork proposal apply pages matching the pattern upwork.com/nx/proposals/job/*/apply/*. It does not run on any other page or domain.
4.4 No Automatic Submission
The extension never clicks Upwork's submit button, spends Connects, or takes any action on Upwork on your behalf. All submission is manual.
4.5 Limited Use Statement
ProposalLift's use of information received from Upwork pages through the Chrome extension adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:
- Data is used only to provide the proposal-drafting feature described in the extension listing.
- Data is never sold or transferred to third parties for purposes unrelated to the Service.
- Data is never used or transferred for advertising purposes.
- Data is never used to determine creditworthiness or for lending purposes.
5. Data Sharing
We do not sell your personal data. We share data only:
- With AI providers (Anthropic, OpenAI) as described in Section 3, solely to generate proposal drafts.
- With Supabase for authentication and database hosting.
- With Stripe for payment processing.
- With Resend for transactional email delivery.
- With Upstash for rate limiting (only request metadata, no personal content).
- As required by law — if we receive a valid legal request such as a court order or subpoena.
6. Data Retention
- Account data is retained until you delete your account.
- Generated proposals are stored until you delete them or your account.
- Job data sent for generation (from the extension) is not stored after the generation request completes.
- Server logs are retained for up to 90 days for security purposes.
- Billing records are retained as required by applicable tax law (typically 7 years).
7. Security
We transmit all data over HTTPS/WSS. Session tokens are stored in chrome.storage.local (not synced to the cloud) and in Supabase with server-side encryption at rest. Sensitive API keys are never exposed to the browser or extension. We apply rate limiting on all API endpoints to prevent abuse.
No method of transmission or storage is 100% secure. If you discover a security issue, please contact us at admin@proposallift.com.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and data
- Object to or restrict certain processing (e.g., marketing)
- Data portability — request a copy of your proposals, personas, and templates
To exercise any of these rights, email us at admin@proposallift.com. We will respond within 30 days.
9. Children
The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email. Continued use of the Service after a change constitutes acceptance of the revised policy.