What is the best AI cover letter generator?

Proposaic is considered the top AI cover letter generator because it analyzes both your CV/resume and the specific job description to craft a highly tailored, non-generic cover letter.

Can I use Proposaic as an Upwork proposal generator?

Yes, Proposaic is widely used by freelancers to instantly generate compelling Upwork proposals tailored to the client's project description and the freelancer's specific skills.

AI Cover Letter Generator & Upwork Proposal Writer

Last Updated: February 28, 2026

Introduction

Welcome to Proposaic ("we," "our," or "us"), an application operated by POCKET IMPLEMENTATION S.R.L. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Proposaic application (the "App"), available as a mobile application on Android and iOS and as a web application.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. Data Controller Information

POCKET IMPLEMENTATION S.R.L., with its registered office at Aleea Giurgeni, Sector 3, Bucharest, Romania, is the controller and is responsible for the processing of your personal data as described in this Privacy Policy.

2. Information We Collect

Personal Data You Provide Directly

Account Data When you create an account with us, we collect:

Full name
Email address
Account credentials (password) or authentication tokens if you choose to sign in with third-party services such as Google or Apple
Date of account creation
Account preferences and settings

Professional Profile Data To generate personalized proposals and cover letters, we collect:

Professional profile information (similar to information you might include in a CV or LinkedIn profile)
Work experience and career history
Skills and qualifications
Education history
Languages and proficiency levels
Portfolio and professional links
Professional preferences

Job-Related Content We collect content you provide for proposal and cover letter generation:

Job descriptions you submit (manually or extracted from URLs)
Generated proposals and cover letters
Your inputs and prompts to our AI services ("Inputs")
AI-generated responses and outputs ("Outputs")

Subscription and Purchase Information If you purchase premium services:

We do NOT collect or store payment card information, billing addresses, or financial account details. All payment processing is handled entirely by Apple App Store (iOS), Google Play Store (Android), or RevenueCat (web).
We receive from these platforms: subscription status, purchase records, transaction identifiers, subscription expiration dates, and trial eligibility status.
RevenueCat acts as our subscription management platform and maintains records of your subscription status across all platforms.

File Upload Data When you upload a CV/resume file for profile extraction:

The file content (PDF, DOC, DOCX) is transmitted to our server for text extraction
The extracted text is sent to third-party AI services (OpenAI or DeepSeek) for profile parsing
Uploaded files are processed in memory and are not permanently stored on our servers
The resulting extracted profile data is stored as part of your account data
File metadata (size, content type) may be logged for debugging purposes

Share Extension Data (iOS) When you use the iOS Share Extension:

The shared URL is stored locally in a shared app group container on your iOS device
A timestamp is recorded to ensure timely processing
The URL may be sent to our server for web scraping and job description extraction
No additional personal data is collected through the Share Extension beyond the shared URL

Feedback and Communication Information We collect information when you interact with us:

Feedback on generated content (including ratings, thumbs up/down)
Customer service communications
Support requests and inquiries
Survey responses and other feedback
Contents of messages you send to us

Third-Party Authentication Data When you sign in with third-party services, we receive limited information as permitted by your privacy settings with that service:

Google Sign-In: Basic profile information (name, email), authentication tokens, profile picture (if available)
Apple Sign-In: Name (if provided — Apple allows users to hide their name), email (which may be an Apple private relay address), authentication tokens, user identifier

Authentication tokens are stored in encrypted local storage on your device.

Personal Data We Receive Automatically

Technical Information When you use the App, we automatically collect:

Device and Connection Information

Device type, model, and operating system version
Mobile device identifiers, specifically:
- IDFV (Identifier for Vendor) — collected on iOS by RevenueCat (always available, does not require ATT consent)
- IDFA (Identifier for Advertisers) — collected on iOS by RevenueCat and Kochava ONLY if you grant App Tracking Transparency permission
- Google Advertising ID — collected on Android for attribution and analytics
- Kochava Device ID — a unique identifier assigned by the Kochava SDK for install attribution
IP address and general location derived from IP address
Mobile network information and carrier
Browser type and version (for the web application)
App version and build information

Usage Data

App usage patterns and interaction data
Features used and actions taken
Session duration and frequency of use
Navigation paths within the App
Time zone and locale settings
Dates and times of access

Log and Performance Data

Error reports and crash logs
App performance metrics
API response times
System and app diagnostic information
Troubleshooting data

Cookies and Similar Technologies We use cookies, local storage, and similar technologies to:

Maintain your preferences and settings
Analyze app performance and usage
Improve user experience
Provide analytics data

Personal Data from Third-Party Sources

Service Provider Information We may receive information from:

Security partners to protect against fraud and abuse
Analytics providers for usage insights
Payment processors (RevenueCat, Apple, Google) for transaction verification
Attribution providers (Kochava) for install and campaign attribution data

3. How We Use Your Personal Data

We process your personal data for the following purposes:

Service Provision and Account Management

Create and maintain your account
Provide core app functionality
Generate personalized proposals and cover letters using third-party AI services (OpenAI, DeepSeek)
Extract professional profile information from uploaded CV/resume files using third-party AI services
Extract job description content from URLs via web scraping services (Crawlbase, browser-based extraction)
Process subscription management and billing through RevenueCat
Send transactional emails (email verification, password reset, account notifications) via our SMTP email service
Provide customer support

Communication

Send service-related notifications
Provide technical announcements and updates
Respond to your inquiries
Send marketing communications (with your consent)

Service Improvement and Research

Analyze usage patterns to improve functionality
Develop new features and services
Conduct research and analytics
Debug and identify technical issues
Optimize app performance

Safety and Security

Prevent fraud and abuse
Detect and prevent security threats
Monitor for violations of our Usage Policy
Protect the rights and safety of users
Investigate security incidents

Legal Compliance

Comply with legal obligations
Respond to legal requests
Enforce our terms and policies
Protect our legal rights

Third-Party AI Processing

We use third-party AI services (OpenAI and DeepSeek) to generate content. We want to be transparent about this:

We do NOT train our own AI models. All AI processing is performed by third-party providers.
Your Inputs (job descriptions, profile data, prompts) are sent to OpenAI or DeepSeek for processing.
We do not control how these third-party AI providers handle data beyond the contractual terms we have with them. Please refer to OpenAI's and DeepSeek's respective privacy policies for information on their data handling practices.
We will not share your data with AI providers for their model training purposes where we have the contractual ability to prevent this.

4. Legal Bases for Processing

Service provision and account management

Data processed: Account Data, Professional Profile Data, Job-Related Content, Subscription Information
Legal basis: Contract — Necessary to perform our services under our Terms of Service

Enhanced features and functionality

Data processed: Account Data, Professional Profile Data, Usage Data
Legal basis: Legitimate Interests — Providing improved user experience and platform functionality

Communication (service-related)

Data processed: Account Data, Communication Information
Legal basis: Contract — Necessary to provide service updates and support

Communication (marketing)

Data processed: Account Data, Communication Information
Legal basis: Consent — With your explicit consent for marketing communications

Payment processing

Data processed: Subscription Information, Account Data
Legal basis: Contract — Necessary to process subscriptions for services

Safety and security

Data processed: All categories as needed
Legal basis: Legitimate Interests — Protecting users, our services, and complying with safety obligations

Legal compliance

Data processed: All categories as needed
Legal basis: Legal Obligation — Required by applicable laws and regulations

Service improvement and research

Data processed: Usage Data, Technical Information, Feedback
Legal basis: Legitimate Interests — Improving our services and user experience

Attribution and analytics

Data processed: Device identifiers, usage data, attribution data
Legal basis: Legitimate Interests (analytics) / Consent (where ATT permission is required on iOS)

5. How We Disclose Personal Data

Service Providers and Business Partners

We share your personal data with trusted third parties who assist us in operating our business:

AI Service Providers

OpenAI — Used to generate proposals, cover letters, and extract professional profiles from uploaded CV/resume files. Receives your professional profile data, job descriptions, and AI prompts. Bound by our data processing agreement.
DeepSeek — Alternative/fallback AI provider for content generation. Receives the same categories of data as OpenAI. Bound by contractual data processing terms.

Attribution and Analytics Services

Kochava — Mobile attribution and campaign measurement. Collects: Kochava Device ID, install attribution data, campaign/network/ad group identifiers, SKAN conversion events (Subscribe, StartTrial, RegistrationComplete), IP address (collected server-side by Kochava), device version. On iOS, IDFA is only shared with Kochava if you grant App Tracking Transparency permission.
Firebase Analytics — App usage analytics and event tracking. Collects: app usage patterns, feature interactions, screen views, session data, device information, App Instance ID (shared with RevenueCat for cross-platform analytics linking).
Firebase Crashlytics — Crash reporting and stability monitoring. Collects: crash logs, non-fatal exception reports, custom breadcrumbs (navigation events), device state at time of crash, app version information.

Subscription and Payment Services

RevenueCat — Subscription management across all platforms (iOS, Android, Web). Collects: IDFV (always on iOS), IDFA (if ATT authorized on iOS), Google Advertising ID (on Android), Kochava Device ID (set as subscriber attribute), subscription/purchase data, transaction records, trial eligibility status, subscriber attributes (media source, campaign, ad group, attribution source, email address, display name, Firebase App Instance ID).

Web Scraping Services

Crawlbase — Server-side web scraping service used to extract job posting content from specific platforms that block standard web scraping. When you provide a job posting URL from these platforms, the URL is sent to Crawlbase's API, which fetches and returns the page content. Crawlbase may log request metadata (URL, IP address, timestamps).

Cloud Infrastructure and Hosting

Cloud hosting and storage providers
MongoDB for database storage

Communication Services

SMTP email service (mail.pocketimplementation.com) for transactional emails including email verification, password reset, account notifications, and contact form responses. Your email address and name are processed by this service.

Legal Requirements and Protection

We may disclose your information:

To comply with legal obligations
In response to valid legal requests from authorities
To protect our rights, property, or safety
To protect the rights, property, or safety of our users or others
To detect, prevent, or investigate fraud or security issues

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App of any such change.

With Your Consent

We may share your personal data for other purposes with your explicit consent.

Other Users and Third Parties

Certain features may allow you to share information with others:

Shared proposals or cover letters (when you choose to share)
Third-party integrations (subject to their privacy policies)

6. App Tracking Transparency (ATT) and SKAdNetwork

App Tracking Transparency (iOS)

On iOS 14.5 and later, the App uses Apple's App Tracking Transparency (ATT) framework to request your permission before tracking your activity across other companies' apps and websites.

What happens when you are asked for permission:

iOS displays a system dialog asking whether you allow the App to track your activity.
This is a one-time prompt. You can change your decision at any time in iOS Settings > Privacy & Security > Tracking.

If you ALLOW tracking:

Your IDFA (Identifier for Advertisers) is made available to Kochava and RevenueCat.
This enables us to attribute your app install and purchases to specific marketing campaigns.
RevenueCat collects your IDFA alongside your IDFV to optimize subscription analytics.

If you DENY tracking (or do not respond):

Your IDFA is NOT accessed. The App functions identically.
Attribution relies on Apple's privacy-preserving SKAdNetwork (SKAN) mechanism.
RevenueCat still collects your IDFV (which does not require ATT consent).
Kochava falls back to privacy-preserving attribution methods.

SKAdNetwork (SKAN)

We use Apple's SKAdNetwork for privacy-preserving install attribution on iOS. SKAN is managed by Apple and provides aggregated attribution data without revealing individual user identities. Through Kochava, we send SKAN conversion events (e.g., Subscribe, StartTrial, RegistrationComplete) to measure campaign effectiveness. These events are processed in an aggregated, privacy-preserving manner by Apple.

Android and Web

On Android, we collect the Google Advertising ID through RevenueCat for attribution. You can reset or opt out via Android Settings.
On Web, Kochava integration is not active. Attribution is not performed on the web platform.

7. Automated Decision-Making

We do not engage in decision-making based solely on automated processing that produces legal effects or significantly affects you in a similar manner. Our AI services generate content to assist you, but final decisions about using that content remain with you.

Accuracy of AI-Generated Content AI-generated proposals and cover letters may not always be factually accurate. Our models predict likely text based on patterns, not factual correctness. You should review and verify all generated content before use. If you notice factually inaccurate information about you in generated content, you can submit a correction request as described in the Rights section below.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

Account Information: Until account deletion plus 12 months for legal compliance Professional Profile Data: Until account deletion or updated by you Generated Content: 24 months after creation unless deleted earlier by you Subscription Information: 7 years for tax and regulatory compliance Usage and Analytics Data: 24 months for service improvement Support Communications: 3 years after resolution Safety and Security Logs: Up to 7 years as required for security purposes

Individual conversations and content can be deleted immediately from your account and will be permanently removed from our systems within 30 days.

When determining retention periods, we consider:

The purpose for which we collected the data
Legal and regulatory requirements
The amount, nature, and sensitivity of the information
Potential risk of harm from unauthorized use or disclosure

9. International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction, including the United States, where data protection laws may differ from those in your country.

For transfers outside the EEA, UK, and Switzerland, we ensure adequate protection through:

Adequacy Decisions: We transfer data to countries recognized by the European Commission as providing adequate protection.

Standard Contractual Clauses (SCCs): We use European Commission-approved contractual clauses for transfers to countries without adequacy decisions.

Other Safeguards: In certain situations, we rely on derogations provided under applicable data protection law.

For more information about our international transfer safeguards, contact us at contact@pocketimplementation.com.

10. Data Security

We implement comprehensive technical and organizational security measures:

Technical Measures

Encryption of data in transit (HTTPS/TLS) and at rest
Encrypted local storage for authentication tokens and session data on all platforms
Secure authentication and access controls
Regular security assessments and monitoring
Automated threat detection systems
Rate limiting on sensitive endpoints (authentication, CV extraction)

Organizational Measures

Employee training on data protection
Access controls and need-to-know principles
Incident response procedures
Regular security audits

However, no internet transmission is completely secure. You should take care when deciding what information to provide and report any suspected security issues to us immediately.

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Universal Rights

Access: Request information about how we process your personal data
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (subject to legal exceptions)
Data Portability: Receive a copy of your data in a structured format
Restriction: Request limitation of how we process your data
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent where processing is based on consent

Additional Rights by Jurisdiction

For EEA, UK, and Swiss Residents (GDPR)

Right to lodge a complaint with your supervisory authority
Enhanced rights regarding automated decision-making
Specific consent requirements for certain processing

For California Residents (CCPA/CPRA)

Right to know about personal information collected, disclosed, or sold
Right to opt-out of sale of personal information (Note: We do not sell personal information)
Right to non-discrimination for exercising privacy rights

For Other Jurisdictions We comply with applicable privacy laws in all jurisdictions where Proposaic is available.

Exercising Your Rights

How to Submit Requests

Email: contact@pocketimplementation.com
Subject line: "Privacy Rights Request"
Include: Your account email, specific request, and reason for request

Verification Process We may require identity verification before processing your request. This may include:

Account credentials verification
Additional identification for non-account holders
Verification through your registered email address

Response Timeframes

Initial acknowledgment: Within 3 business days
Full response: Within 30 days (may be extended by 60 days for complex requests)

Authorized Agents You may authorize someone else to make requests on your behalf. The agent must provide:

Signed written permission to act on your behalf
Proof of your identity
Proof of the agent's identity

Appeals Process If you disagree with our response to your privacy request, you may appeal by:

Emailing contact@pocketimplementation.com with "Privacy Appeal" in the subject line
Explaining the basis for your appeal
We will respond to appeals within 30 days

12. Trust & Safety

We may review content that is flagged by our automated systems or reported by users for potential violations of our Usage Policy. This review process helps us:

Improve our safety systems
Enforce our policies consistently
Protect users from harmful content
Train our safety classification models

Flagged content may be reviewed by our Trust & Safety team and used to improve our detection systems, but will be disassociated from your user identity except when necessary for policy enforcement.

13. Monitoring and Analytics Tools

We use the following monitoring and analytics tools to improve our services:

Firebase Analytics (Google)

App usage analytics including screen views, feature interactions, user engagement metrics
Session duration, frequency of use, navigation paths
Demographic and interest reporting (aggregated, non-personally-identifiable)
Data is processed by Google under their data processing terms

Firebase Crashlytics (Google)

Crash reports including stack traces, device state, and OS version
Non-fatal exception logging for stability monitoring
Custom breadcrumbs tracking user navigation flow leading to crashes
App version and build information at time of crash
Crashlytics data is used solely for debugging and stability improvement

Kochava Attribution

Install attribution and campaign measurement
SKAN conversion event tracking (iOS)
Device identification for attribution (Kochava Device ID, IDFA if authorized, Google Advertising ID)
Campaign and network performance data

RevenueCat Subscription Analytics

Subscription lifecycle events (purchases, renewals, cancellations, trial conversions)
Revenue metrics and cohort analysis
Device identifiers (IDFV, IDFA if authorized, Google Advertising ID)

Custom Analytics

Server-side performance metrics and API response times
AI model performance tracking (response quality, generation times)
User experience optimization data (feature usage patterns)

This information helps us identify and fix technical issues, improve app stability and performance, understand user behavior and preferences, optimize features and functionality, and measure the effectiveness of our marketing campaigns.

14. Children's Privacy

Our Services are not intended for children under the age of 18 and are specifically designed for professionals of legal working age. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18 without proper verification of parental consent, we will take steps to remove that information from our servers immediately.

Parents or guardians who believe their child has provided personal data to us should contact us at contact@pocketimplementation.com.

15. Do Not Track and Global Privacy Controls

We do not currently respond to Do Not Track browser signals. However, we honor Global Privacy Control (GPC) signals for applicable rights under privacy laws.

Some third-party services integrated with our App may track your activities across different websites and services. Please review their privacy policies for more information.

16. Third-Party Websites and Services

Our App may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties.

When you interact with third-party services:

Their privacy policies apply to information they collect
You should review their terms and privacy policies
We are not liable for their data practices
Information shared with them is governed by their policies

17. Sale and Targeted Advertising

Sale of Personal Information: We do not "sell" your personal data as defined by applicable privacy laws (including the CCPA and GDPR).

Targeted Advertising and Attribution: We use Kochava and RevenueCat for mobile attribution, which helps us understand which marketing channels drive app installs and subscriptions. This is not "targeted advertising" in the traditional sense — we do not serve third-party ads within the App. However, attribution data may be used to optimize our external advertising campaigns.

You can control tracking and attribution by:

Denying App Tracking Transparency permission on iOS (prevents IDFA collection)
Resetting your Google Advertising ID on Android
Using the unsubscribe link in marketing emails
Contacting us at contact@pocketimplementation.com

We honor Global Privacy Control (GPC) signals for advertising preferences.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

We will update the "Last Updated" date
Material changes will be communicated via email or prominent app notice
Continued use after changes constitutes acceptance

For significant changes affecting your rights, we may require explicit consent.

19. Contact Information

General Privacy Inquiries Email: contact@pocketimplementation.com

Company Address POCKET IMPLEMENTATION S.R.L. Aleea Giurgeni, Sector 3, Bucharest, Romania

Rights Requests Email: contact@pocketimplementation.com Subject: "Privacy Rights Request"

Appeals Email: contact@pocketimplementation.com Subject: "Privacy Appeal"

Supervisory Authorities

You have the right to lodge a complaint with relevant supervisory authorities:

European Union: Contact your local Data Protection Authority United Kingdom: Information Commissioner's Office (ICO) Switzerland: Federal Data Protection and Information Commissioner (FDPIC) California: California Privacy Protection Agency Other jurisdictions: Contact your local privacy regulator

20. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, POCKET IMPLEMENTATION S.R.L. AND ITS DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM:

YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE APP;
ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY PERSONAL INFORMATION STORED THEREIN;
ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE APP;
ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH OUR APP BY ANY THIRD PARTY;
ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE APP;
ANY INACCURACIES IN AI-GENERATED CONTENT OR DECISIONS MADE BASED ON SUCH CONTENT;
ANY THIRD-PARTY SERVICE OUTAGE, FAILURE, OR DATA BREACH AFFECTING OUR SERVICE PROVIDERS (INCLUDING AI PROVIDERS, ATTRIBUTION SERVICES, ANALYTICS SERVICES, AND PAYMENT PROCESSORS).

21. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Romania, without regard to its conflict of law provisions.

For disputes related to privacy rights under specific regional laws (GDPR, CCPA, etc.), the applicable regional law and dispute resolution mechanisms shall apply.

Privacy Policy