Privacy Policy

Last Updated: October 24, 2025

Introduction

Welcome to Proposaic ("we," "our," or "us"), a mobile application operated by POCKET IMPLEMENTATION S.R.L. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Proposaic mobile application (the "App") available on Android and iOS platforms.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. Data Controller Information

POCKET IMPLEMENTATION S.R.L., with its registered office at Aleea Giurgeni, Sector 3, Bucharest, Romania, is the controller and is responsible for the processing of your personal data as described in this Privacy Policy.

2. Information We Collect

Personal Data You Provide Directly

Account Data When you create an account with us, we collect:

• Full name
• Email address
• Account credentials (password) or authentication tokens if you choose to sign in with third-party services like Google
• Date of account creation
• Account preferences and settings

Professional Profile Data To generate personalized proposals and cover letters, we collect:

• Professional profile information (similar to information you might include in a CV or LinkedIn profile)
• Work experience and career history
• Skills and qualifications
• Professional preferences

Job-Related Content We collect content you provide for proposal and cover letter generation:

• Job descriptions you submit
• Generated proposals and cover letters
• Your inputs and prompts to our AI services ("Inputs")
• AI-generated responses and outputs ("Outputs")

Payment Information If you purchase premium services, we collect:

• Payment card information
• Billing address
• Transaction history
• Purchase records

Feedback and Communication Information We collect information when you interact with us:

• Feedback on generated content (including ratings, thumbs up/down)
• Customer service communications
• Support requests and inquiries
• Survey responses and other feedback
• Contents of messages you send to us

Third-Party Authentication Data When you sign in with third-party services (e.g., Google), we receive limited information as permitted by your privacy settings with that service, including:

• Basic profile information (name, email)
• Authentication tokens
• Profile picture (if available)

Personal Data We Receive Automatically

Technical Information When you use the App, we automatically collect:

Device and Connection Information

• Device type, model, and operating system version
• Mobile device unique identifiers (UDID, advertising ID)
• IP address and general location derived from IP address
• Mobile network information and carrier
• Browser type and version (for web-based features)
• App version and build information

Usage Data

• App usage patterns and interaction data
• Features used and actions taken
• Session duration and frequency of use
• Navigation paths within the App
• Time zone and locale settings
• Dates and times of access

Log and Performance Data

• Error reports and crash logs
• App performance metrics
• API response times
• System and app diagnostic information
• Troubleshooting data

Cookies and Similar Technologies We use cookies, local storage, and similar technologies to:

• Maintain your preferences and settings
• Analyze app performance and usage
• Improve user experience
• Provide analytics data

Personal Data from Third-Party Sources

Service Provider Information We may receive information from:

• Security partners to protect against fraud and abuse
• Analytics providers for usage insights
• Payment processors for transaction verification
• Customer service platforms

AI Model Training Data We obtain personal data from publicly available sources and commercial datasets to train our AI models. For more information about how we collect and use personal data to develop our language models, please contact us directly.

3. How We Use Your Personal Data

We process your personal data for the following purposes:

Service Provision and Account Management

• Create and maintain your account
• Provide core app functionality
• Generate personalized proposals and cover letters
• Process payments for premium services
• Provide customer support

Communication

• Send service-related notifications
• Provide technical announcements and updates
• Respond to your inquiries
• Send marketing communications (with your consent)

Service Improvement and Research

• Analyze usage patterns to improve functionality
• Develop new features and services
• Conduct research and analytics
• Debug and identify technical issues
• Optimize app performance

Safety and Security

• Prevent fraud and abuse
• Detect and prevent security threats
• Monitor for violations of our Usage Policy
• Protect the rights and safety of users
• Investigate security incidents

Legal Compliance

• Comply with legal obligations
• Respond to legal requests
• Enforce our terms and policies
• Protect our legal rights

AI Model Training

We will not use your Inputs or Outputs to train our models, except in the following limited circumstances:

1. Your conversations are flagged for Trust & Safety review (we may use them to improve our ability to detect policy violations)
2. You explicitly report content to us through feedback mechanisms
3. You explicitly opt in to the use of your data for training purposes

4. Legal Bases for Processing

Service provision and account management

• Data processed: Account Data, Professional Profile Data, Job-Related Content, Payment Information
• Legal basis: Contract - Necessary to perform our services under our Terms of Service

Enhanced features and functionality

• Data processed: Account Data, Professional Profile Data, Usage Data
• Legal basis: Legitimate Interests - Providing improved user experience and platform functionality

Communication (service-related)

• Data processed: Account Data, Communication Information
• Legal basis: Contract - Necessary to provide service updates and support

Communication (marketing)

• Data processed: Account Data, Communication Information
• Legal basis: Consent - With your explicit consent for marketing communications

Payment processing

• Data processed: Payment Information, Account Data
• Legal basis: Contract - Necessary to process payments for services

Safety and security

• Data processed: All categories as needed
• Legal basis: Legitimate Interests - Protecting users, our services, and complying with safety obligations

Legal compliance

• Data processed: All categories as needed
• Legal basis: Legal Obligation - Required by applicable laws and regulations

Service improvement and research

• Data processed: Usage Data, Technical Information, Feedback
• Legal basis: Legitimate Interests - Improving our services and user experience

AI model training

• Data processed: Feedback, Flagged Content
• Legal basis: Legitimate Interests (safety) / Consent (when explicitly provided)

5. How We Disclose Personal Data

Service Providers and Business Partners

We share your personal data with trusted third parties who assist us in operating our business:

AI Model Providers

• OpenAI, Anthropic, DeepSeek, and other AI service providers
• Used to generate proposals and cover letters
• Bound by contractual obligations to protect your data

Technical Service Providers

• Cloud hosting and storage providers
• Analytics and monitoring services
• Customer support platforms
• Email communication services
• Payment processors

Security and Compliance Partners

• Fraud detection services
• Security monitoring providers
• Legal and compliance advisors

Legal Requirements and Protection

We may disclose your information:

• To comply with legal obligations
• In response to valid legal requests from authorities
• To protect our rights, property, or safety
• To protect the rights, property, or safety of our users or others
• To detect, prevent, or investigate fraud or security issues

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App of any such change.

Business Account Administrators

If you use Proposaic through a business or organizational account:

• Account administrators may access and control your account
• Administrators may view your usage data and generated content
• We may share account information with your organization

With Your Consent

We may share your personal data for other purposes with your explicit consent.

Other Users and Third Parties

Certain features may allow you to share information with others:

• Shared proposals or cover letters (when you choose to share)
• Third-party integrations (subject to their privacy policies)

6. Automated Decision-Making

We do not engage in decision-making based solely on automated processing that produces legal effects or significantly affects you in a similar manner. Our AI services generate content to assist you, but final decisions about using that content remain with you.

Accuracy of AI-Generated Content AI-generated proposals and cover letters may not always be factually accurate. Our models predict likely text based on patterns, not factual correctness. You should review and verify all generated content before use. If you notice factually inaccurate information about you in generated content, you can submit a correction request as described in the Rights section below.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

Account Information: Until account deletion plus 12 months for legal compliance Professional Profile Data: Until account deletion or updated by you Generated Content: 24 months after creation unless deleted earlier by you Payment Information: 7 years for tax and regulatory compliance Usage and Analytics Data: 24 months for service improvement Support Communications: 3 years after resolution Safety and Security Logs: Up to 7 years as required for security purposes

Individual conversations and content can be deleted immediately from your account and will be permanently removed from our systems within 30 days.

When determining retention periods, we consider:

• The purpose for which we collected the data
• Legal and regulatory requirements
• The amount, nature, and sensitivity of the information
• Potential risk of harm from unauthorized use or disclosure

8. International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction, including the United States, where data protection laws may differ from those in your country.

For transfers outside the EEA, UK, and Switzerland, we ensure adequate protection through:

Adequacy Decisions: We transfer data to countries recognized by the European Commission as providing adequate protection.

Standard Contractual Clauses (SCCs): We use European Commission-approved contractual clauses for transfers to countries without adequacy decisions.

Other Safeguards: In certain situations, we rely on derogations provided under applicable data protection law.

For more information about our international transfer safeguards, contact us at contact@pocketimplementation.com.

9. Data Security

We implement comprehensive technical and organizational security measures:

Technical Measures

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Automated threat detection systems

Organizational Measures

• Employee training on data protection
• Access controls and need-to-know principles
• Incident response procedures
• Regular security audits

However, no internet transmission is completely secure. You should take care when deciding what information to provide and report any suspected security issues to us immediately.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Universal Rights

• Access: Request information about how we process your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal exceptions)
• Data Portability: Receive a copy of your data in a structured format
• Restriction: Request limitation of how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

Additional Rights by Jurisdiction

For EEA, UK, and Swiss Residents (GDPR)

• Right to lodge a complaint with your supervisory authority
• Enhanced rights regarding automated decision-making
• Specific consent requirements for certain processing

For California Residents (CCPA/CPRA)

• Right to know about personal information collected, disclosed, or sold
• Right to opt-out of sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising privacy rights

For Other Jurisdictions We comply with applicable privacy laws in all jurisdictions where Proposaic is available.

Exercising Your Rights

How to Submit Requests

• Email: contact@pocketimplementation.com
• Subject line: "Privacy Rights Request"
• Include: Your account email, specific request, and reason for request

Verification Process We may require identity verification before processing your request. This may include:

• Account credentials verification
• Additional identification for non-account holders
• Verification through your registered email address

Response Timeframes

• Initial acknowledgment: Within 3 business days
• Full response: Within 30 days (may be extended by 60 days for complex requests)

Authorized Agents You may authorize someone else to make requests on your behalf. The agent must provide:

• Signed written permission to act on your behalf
• Proof of your identity
• Proof of the agent's identity

Appeals Process If you disagree with our response to your privacy request, you may appeal by:

• Emailing contact@pocketimplementation.com with "Privacy Appeal" in the subject line
• Explaining the basis for your appeal
• We will respond to appeals within 30 days

11. Trust & Safety

We may review content that is flagged by our automated systems or reported by users for potential violations of our Usage Policy. This review process helps us:

• Improve our safety systems
• Enforce our policies consistently
• Protect users from harmful content
• Train our safety classification models

Flagged content may be reviewed by our Trust & Safety team and used to improve our detection systems, but will be disassociated from your user identity except when necessary for policy enforcement.

12. Monitoring and Analytics Tools

We use various monitoring and analytics tools to improve our services:

Firebase and Google Analytics

• App performance monitoring
• Crash reporting and debugging
• User engagement analytics
• Feature usage statistics

Custom Analytics

• Service performance metrics
• AI model performance tracking
• User experience optimization data

This information helps us:

• Identify and fix technical issues
• Improve app stability and performance
• Understand user behavior and preferences
• Optimize features and functionality

We do not use this data to personally identify you, and it is processed in accordance with our service providers' privacy policies.

13. Children's Privacy

Our Services are not intended for children under the age of 18 and are specifically designed for professionals of legal working age. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18 without proper verification of parental consent, we will take steps to remove that information from our servers immediately.

Parents or guardians who believe their child has provided personal data to us should contact us at contact@pocketimplementation.com.

14. Do Not Track and Global Privacy Controls

We do not currently respond to Do Not Track browser signals. However, we honor Global Privacy Control (GPC) signals for applicable rights under privacy laws.

Some third-party services integrated with our App may track your activities across different websites and services. Please review their privacy policies for more information.

15. Third-Party Websites and Services

Our App may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties.

When you interact with third-party services:

• Their privacy policies apply to information they collect
• You should review their terms and privacy policies
• We are not liable for their data practices
• Information shared with them is governed by their policies

16. Sale and Targeted Advertising

Sale of Personal Information: We do not "sell" your personal data as defined by applicable privacy laws.

Targeted Advertising: We may use your information for targeted advertising to promote our products and services. You can opt out of this processing by:

• Adjusting your account preferences
• Using the unsubscribe link in marketing emails
• Contacting us at contact@pocketimplementation.com

We honor Global Privacy Control signals for advertising preferences.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date
• Material changes will be communicated via email or prominent app notice
• Continued use after changes constitutes acceptance

For significant changes affecting your rights, we may require explicit consent.

18. Contact Information

General Privacy Inquiries Email: contact@pocketimplementation.com

Company Address POCKET IMPLEMENTATION S.R.L. Aleea Giurgeni, Sector 3, Bucharest, Romania

Rights Requests Email: contact@pocketimplementation.com Subject: "Privacy Rights Request"

Appeals Email: contact@pocketimplementation.com Subject: "Privacy Appeal"

Supervisory Authorities

You have the right to lodge a complaint with relevant supervisory authorities:

European Union: Contact your local Data Protection Authority United Kingdom: Information Commissioner's Office (ICO) Switzerland: Federal Data Protection and Information Commissioner (FDPIC) California: California Privacy Protection Agency Other jurisdictions: Contact your local privacy regulator

19. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, POCKET IMPLEMENTATION S.R.L. AND ITS DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM:

1. YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE APP;
2. ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY PERSONAL INFORMATION STORED THEREIN;
3. ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE APP;
4. ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH OUR APP BY ANY THIRD PARTY;
5. ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE APP;
6. ANY INACCURACIES IN AI-GENERATED CONTENT OR DECISIONS MADE BASED ON SUCH CONTENT.

20. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Romania, without regard to its conflict of law provisions.

For disputes related to privacy rights under specific regional laws (GDPR, CCPA, etc.), the applicable regional law and dispute resolution mechanisms shall apply.