Privacy Policy

Effective Date: December 29, 2025

Last Updated: December 29, 2025

Privacy at a Glance

  • We collect: Account info, usage data, and documents you upload for processing
  • We use data for: Providing our AI-powered proposal analysis service
  • AI Processing: Your documents are processed by OpenAI and Google AI services
  • We don't sell: Your personal information is never sold to third parties
  • Your rights: You can access, correct, delete, or export your data at any time
  • Security: We use encryption, access controls, and industry-standard security measures

Table of Contents

  1. Introduction and Scope
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. AI and Machine Learning Processing
  6. How We Share Your Information
  7. Third-Party Services and Integrations
  8. Data Security
  9. Data Retention
  10. Your Privacy Rights
  11. California Privacy Rights (CCPA/CPRA)
  12. European Privacy Rights (GDPR)
  13. Cookies and Tracking Technologies
  14. Government Contracting Considerations
  15. International Data Transfers
  16. Children's Privacy
  17. Data Breach Notification
  18. Changes to This Policy
  19. Contact Us

1. Introduction and Scope

1.1 About This Policy

Technuf LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Proposal Connect (the "Service"), our cloud-based proposal management and analysis platform.

This Policy applies to all users of our Service, including individuals, businesses, and government contractors who access our platform through our website at https://proposalconnect.io, our mobile applications, or any other means.

1.2 Your Consent

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must discontinue use of the Service immediately.

1.3 Data Controller Information

For the purposes of applicable data protection laws, Technuf LLC is the data controller responsible for your personal information. Our contact information is provided at the end of this Policy.

1.4 Definitions

  • "Personal Information" means any information that identifies, relates to, describes, or could reasonably be linked to you or your household.
  • "Processing" means any operation performed on personal information, including collection, use, storage, disclosure, and deletion.
  • "Service Provider" means a third party that processes personal information on our behalf.
  • "Your Content" means any documents, files, text, or other materials you upload to or create within the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information

  • Full name and display name
  • Email address (primary and secondary)
  • Password (stored in encrypted form)
  • Profile photograph (optional)
  • Phone number (optional)
  • Authentication credentials from third-party providers (Google OAuth)

Organization and Professional Information

  • Company or organization name
  • Job title and department
  • Business address
  • Business phone number
  • DUNS number, CAGE code, or other business identifiers (for government contractors)
  • NAICS codes and capability information

Payment and Billing Information

  • Billing name and address
  • Credit card or payment method information (processed and stored by our payment processor, Stripe)
  • Tax identification numbers (when required for invoicing)
  • Purchase history and subscription details

Communications

  • Customer support inquiries and correspondence
  • Feedback, surveys, and testimonials you provide
  • Email communications and preferences

2.2 Content You Upload

Our Service allows you to upload and process various documents for proposal analysis. This includes:

  • Request for Proposal (RFP) documents and attachments
  • Request for Quote (RFQ) and Request for Information (RFI) documents
  • Solicitation documents from SAM.gov, GovWin, and other sources
  • Statement of Work (SOW) and Performance Work Statement (PWS) documents
  • Proposal drafts, outlines, and final submissions
  • Past performance narratives and case studies
  • Capability statements and corporate qualifications
  • Resumes and personnel qualifications
  • Technical approaches and management plans
  • Pricing volumes and cost proposals
  • Knowledge base documents for AI training

Important: You are responsible for ensuring you have the right to upload any documents to our Service. Do not upload classified information, export-controlled data (ITAR/EAR), or documents you do not have authorization to share.

2.3 Information Collected Automatically

Device and Browser Information

  • IP address and approximate location (city/region level)
  • Browser type, version, and language preferences
  • Operating system and device type
  • Device identifiers and hardware settings
  • Screen resolution and display settings
  • Time zone and locale settings

Usage Information

  • Pages and features accessed within the Service
  • Time spent on pages and features
  • Click patterns and navigation paths
  • Search queries and filters used
  • Features used and actions taken
  • Error logs and performance data
  • Date and time of access
  • Referring URLs and exit pages

AI Usage Information

  • AI features used and frequency of use
  • Token consumption and API usage metrics
  • AI model selection preferences
  • AI response quality feedback (thumbs up/down)

2.4 Information from Third Parties

  • Authentication Providers: When you sign in using Google OAuth, we receive your name, email, and profile picture from Google.
  • Payment Processors: We receive transaction confirmations and billing status from Stripe.
  • Analytics Providers: We may receive aggregated analytics data about Service usage.
  • GovWin/Deltek: When you connect your GovWin account, we may receive opportunity data you choose to import.

3. How We Use Your Information

3.1 To Provide and Improve the Service

  • Create, maintain, and secure your account
  • Process and analyze your uploaded documents using AI
  • Generate compliance checklists, section outlines, and proposal content
  • Provide search and organization features for your documents
  • Enable collaboration features with your team members
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Monitor and improve Service performance and reliability
  • Develop new features and functionality

3.2 To Communicate With You

  • Send transactional emails (account verification, password resets, billing receipts)
  • Send service announcements and updates
  • Send security alerts and notifications
  • Respond to your support requests and feedback
  • Send marketing communications (with your consent, which you can withdraw at any time)

3.3 For Security and Legal Purposes

  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations and respond to lawful requests
  • Protect the rights, property, and safety of our users and the public
  • Maintain audit logs for security and compliance purposes

3.4 For Analytics and Research

  • Analyze usage patterns to improve user experience
  • Conduct research and analysis to improve AI capabilities
  • Generate aggregated, anonymized statistics about Service usage
  • Test new features and functionality

5. AI and Machine Learning Processing

5.1 How We Use AI

Our Service uses artificial intelligence and machine learning to analyze your documents and provide insights. This includes:

  • Extracting and analyzing requirements from RFP documents
  • Generating compliance matrices and checklists
  • Suggesting proposal section content and outlines
  • Analyzing win probability (Go/No-Go decisions)
  • Providing intelligent search across your documents
  • Generating summaries and executive briefings

5.2 Third-Party AI Providers

We use the following third-party AI services to power our features:

OpenAI (GPT-4, GPT-4 Turbo)

  • Used for document analysis, content generation, and natural language processing
  • Your data is processed according to OpenAI's Enterprise Privacy Policy
  • OpenAI does not use your data to train their models (Enterprise/API tier)
  • Data is encrypted in transit and at rest
  • OpenAI is SOC 2 Type 2 certified

Google Cloud AI (Gemini)

  • Used for document analysis and alternative AI processing
  • Your data is processed according to Google Cloud's Data Processing Terms
  • Google does not use your data to train their models (Cloud API tier)
  • Data is encrypted in transit and at rest
  • Google Cloud is SOC 1/2/3, ISO 27001, and FedRAMP certified

5.3 AI Data Handling Practices

  • No Model Training: Your documents are NOT used to train AI models. We use enterprise API tiers that explicitly exclude customer data from model training.
  • Temporary Processing: AI providers process your data in real-time and do not retain it beyond what is necessary for the API call (typically 30 days for abuse monitoring, then deleted).
  • Encryption: All data transmitted to AI providers is encrypted using TLS 1.2 or higher.
  • Access Logging: We log all AI API calls for security and usage tracking purposes.

5.4 AI Limitations and Your Responsibilities

  • AI outputs may contain errors. Always review and verify AI-generated content before use.
  • AI is not a substitute for professional judgment. Have qualified personnel review all proposals before submission.
  • Do not upload classified or export-controlled information. Our AI processing is not authorized for CUI, classified, ITAR, or EAR-controlled data.
  • You are responsible for compliance. Ensure your use of AI-generated content complies with solicitation requirements and applicable regulations.

6. How We Share Your Information

6.1 With Your Organization

If you are part of an organization account, your information may be shared with:

  • Account administrators who manage your organization's subscription
  • Team members with whom you collaborate on proposals
  • Other users you explicitly grant access to your documents

6.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Cloud Infrastructure: Supabase, AWS, and Vercel for hosting and data storage
  • AI Processing: OpenAI and Google Cloud for AI-powered features
  • Payment Processing: Stripe for subscription billing
  • Email Services: For transactional and marketing emails
  • Analytics: For understanding Service usage and performance
  • Customer Support: For managing support tickets and communications

All service providers are contractually required to protect your information and use it only for the purposes we specify.

6.3 For Legal Purposes

We may disclose your information when we believe disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Enforce our Terms of Service and other agreements
  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

6.4 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

6.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Third-Party Services and Integrations

The following third-party services are integral to our platform:

Supabase (Database & Authentication)

Stores account data, documents, and handles user authentication. SOC 2 Type 2 certified. Data encrypted at rest using AES-256.

Stripe (Payment Processing)

Processes subscription payments. PCI DSS Level 1 certified. We do not store full credit card numbers on our servers.

Google OAuth

Optional single sign-on authentication. We receive only your email, name, and profile picture. We do not access your Google Drive, Gmail, or other Google services.

GovWin/Deltek (Optional Integration)

Optional integration for importing opportunity data. Only connects when you explicitly authorize and provide credentials.

8. Data Security

8.1 Security Measures

We implement comprehensive security measures to protect your information:

Encryption

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption
  • Database connections are encrypted
  • Backup data is encrypted

Access Controls

  • Role-based access control (RBAC) for all team features
  • Strong password requirements and secure password hashing (bcrypt)
  • Optional two-factor authentication (2FA) via Google OAuth
  • Session management with secure, HTTP-only cookies
  • Automatic session timeout after inactivity

Infrastructure Security

  • Hosted on SOC 2 Type 2 certified infrastructure
  • Regular security patching and updates
  • DDoS protection and web application firewall (WAF)
  • Network isolation and segmentation
  • Regular penetration testing and vulnerability scanning

Monitoring and Logging

  • 24/7 infrastructure monitoring
  • Security event logging and alerting
  • Audit trails for sensitive operations
  • Intrusion detection systems

8.2 Your Security Responsibilities

  • Use a strong, unique password for your account
  • Do not share your login credentials with others
  • Log out of shared or public computers
  • Report any suspicious activity to [email protected]
  • Keep your browser and operating system updated

Note: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your information. In the event of a security breach, we will notify you in accordance with applicable laws.

9. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this Policy:

Data TypeRetention Period
Account InformationWhile account is active + 30 days after deletion request
Uploaded DocumentsUntil you delete them or account termination
AI Analysis ResultsUntil you delete them or account termination
Usage Logs12 months
Security/Audit Logs24 months
Payment Records7 years (legal requirement)
Support Tickets3 years after resolution
Marketing PreferencesUntil you unsubscribe or account termination

After the retention period expires, your data is permanently deleted or anonymized. Some data may be retained longer if required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

10. Your Privacy Rights

You have the following rights regarding your personal information:

1

Right to Access

Request a copy of the personal information we hold about you.

2

Right to Correction

Request correction of inaccurate or incomplete information.

3

Right to Deletion

Request deletion of your personal information (subject to legal retention requirements).

4

Right to Data Portability

Request your data in a structured, machine-readable format.

5

Right to Opt-Out

Unsubscribe from marketing communications at any time.

6

Right to Restrict Processing

Request limitation of how we process your data in certain circumstances.

7

Right to Withdraw Consent

Withdraw consent for any consent-based processing at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or use the settings within your account.

We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

11.1 Your California Rights

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You can request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Limit Use of Sensitive Personal Information: You can request that we limit our use of sensitive personal information.

11.2 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, account name)
  • Commercial information (transaction history, subscription details)
  • Internet/electronic activity (usage data, browsing history within Service)
  • Professional/employment information (company, job title)
  • Inferences drawn from the above categories

11.3 Do Not Sell or Share

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

11.4 How to Submit a Request

To submit a request, please email us at [email protected] with "California Privacy Request" in the subject line. You may also designate an authorized agent to submit requests on your behalf.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Your GDPR Rights

  • Right of Access (Article 15): You can request a copy of your personal data.
  • Right to Rectification (Article 16): You can request correction of inaccurate data.
  • Right to Erasure (Article 17): You can request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing (Article 18): You can request limitation of processing in certain circumstances.
  • Right to Data Portability (Article 20): You can request your data in a machine-readable format.
  • Right to Object (Article 21): You can object to processing based on legitimate interests or for direct marketing.
  • Rights Related to Automated Decision-Making (Article 22): You have rights related to automated decisions, including profiling.

12.2 Data Protection Officer

For GDPR-related inquiries, please contact us at [email protected].

12.3 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe we have violated your privacy rights.

13. Cookies and Tracking Technologies

13.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies to provide and improve our Service.

13.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the Service to function and cannot be disabled.

  • Authentication and session management
  • Security features (CSRF protection)
  • Load balancing and server routing
  • User preferences (language, theme)

Analytics Cookies (Optional)

These cookies help us understand how users interact with our Service.

  • Page views and navigation patterns
  • Feature usage statistics
  • Error tracking and performance monitoring

Preference Cookies (Optional)

These cookies remember your settings and preferences.

  • Display preferences (dark mode, layout)
  • Recently viewed items
  • Customization settings

13.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored on your device
  • Delete all or specific cookies
  • Block cookies from all or specific websites
  • Block third-party cookies
  • Receive notifications when cookies are set

Note: Blocking essential cookies will prevent you from using the Service.

14. Government Contracting Considerations

Many of our users are government contractors. We understand the unique privacy and security requirements in this sector:

14.1 What We DO Handle

  • Publicly available solicitation documents from SAM.gov, GovWin, and other public sources
  • Your company's unclassified proposal materials
  • Past performance narratives (unclassified)
  • Capability statements and marketing materials
  • Technical approaches (unclassified)

14.2 What We DO NOT Handle

Do NOT upload the following types of information to our Service:

  • Classified information (any level)
  • Controlled Unclassified Information (CUI) that requires specific handling
  • ITAR-controlled technical data
  • EAR-controlled technology
  • Information requiring NIST 800-171 compliance (we are not CMMC certified)
  • Source selection sensitive information
  • Proprietary government information (unless publicly released)

14.3 Your Responsibility

You are solely responsible for ensuring that any documents you upload to our Service comply with applicable laws, regulations, and contractual obligations. You must have proper authorization to share any documents with our Service.

15. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country's laws.

15.1 Where We Process Data

  • United States: Our primary servers and operations are in the United States
  • European Union: Some data may be processed by our service providers in the EU
  • Other Locations: Our AI providers may process data in various locations

15.2 Transfer Safeguards

When we transfer data internationally, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all service providers
  • Verification that recipients maintain adequate security measures
  • Encryption of data in transit and at rest

16. Children's Privacy

Our Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us at [email protected].

17. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Investigate promptly: We will immediately investigate the breach and take steps to contain it
  • Notify affected users: We will notify you via email within 72 hours of becoming aware of a breach (or as required by applicable law)
  • Notify authorities: We will report the breach to relevant supervisory authorities as required by law
  • Provide information: We will tell you what happened, what information was affected, and what steps we are taking
  • Offer assistance: We will provide guidance on steps you can take to protect yourself

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • Minor changes: We will update the "Last Updated" date at the top of this Policy
  • Material changes: We will notify you by email and/or through a prominent notice on our Service before the changes take effect
  • Your continued use: Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy

We encourage you to review this Policy periodically to stay informed about how we protect your information.

19. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your information, please contact us:

Technuf LLC

6290 Montrose Rd, Rockville, MD 20852

General Support

[email protected]

Privacy Inquiries

[email protected]

We will respond to your inquiry within 30 days (or sooner as required by applicable law).

Terms of Service Unsubscribe Home

© 2026 Technuf LLC. All rights reserved.