• Site
Sign Up Sign In

Privacy Policy

Effective date: March 22, 2026

1. Responsible body

Mitja Martini
Helmkrautstr. 32
13503 Berlin, Germany
hello@proposalforge.de

2. Data we collect

2.1 Account data

When you create an account, we store:

  • Email address (required, used as login identifier)
  • Username, first and last name (optional)
  • Password (stored as a salted hash, never in plain text)
  • Profile picture (optional)
  • Account creation date and last login timestamp

Legal basis: GDPR Art. 6(1)(b) — performance of a contract.

2.2 Business profile data

  • Company name, address, phone, email
  • VAT ID (USt-IdNr.), tax number (Steuernummer)
  • Bank details (IBAN, BIC, bank name)
  • Kleinunternehmer status (§19 UStG)

Stored solely to display on your proposals and PDFs. Not shared with third parties.

2.3 Client and proposal data

  • Client name, company, email, address, country, VAT ID
  • Proposal title, content, amounts, status, dates
  • Uploaded documents (cover pages, standard terms PDFs)
  • AI generation prompts and results

This is your data. We process it exclusively to provide the service.

2.4 Credit and transaction data

  • Credit balance and transaction history
  • Polar.sh order references (order IDs only — payment details stored by Polar.sh)

2.5 Server logs

IP address, browser, referring URL, pages visited. Retained for 30 days.

Legal basis: GDPR Art. 6(1)(f) — legitimate interest.

3. AI processing

We use OpenRouter (API gateway) and NVIDIA (model inference). When you click 'Generate with AI':

Sent:

  • Your project brief
  • Client name and company (opt-in via checkbox)
  • Standard terms content (if selected)

Not sent:

  • Your account email, password, business profile, bank details
  • Client addresses, emails, VAT IDs, financial data
  • Uploaded documents

You can opt out of sending client name by unchecking the checkbox in the generation form.

Per OpenRouter's terms, prompts are not used for model training. OpenRouter Privacy Policy

4. Payment processing

Payments processed by Polar.sh (merchant of record). We only see order reference IDs. Polar Privacy Policy

5. Email communication

Transactional emails (verification, password reset, notifications) sent via Mailjet. Your email address is shared with Mailjet for this purpose.

6. Web analytics

Self-hosted Umami — no cookies, no cross-site tracking, no personal data collected.

7. Hosting

Hosted by Hetzner Online GmbH in Germany. All data stored within the EU.

8. Data security

TLS encryption, one-way password hashing, authenticated file serving, restricted production access.

9. Data retention

  • Account, business, client, proposal data: until you request deletion
  • Credit/transaction data: 10 years (German tax law)
  • Server logs: 30 days
  • AI generation requests: lifetime of your account

10. Your rights under GDPR

Access, rectification, erasure, restriction, data portability, objection, withdraw consent.

Contact: hello@proposalforge.de. Response within one month.

11. Supervisory authority

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de

12. Changes to this policy

We may update this policy. The effective date at the top indicates the latest version.