Legal

Privacy Policy

How we collect, use, store, and protect your information when you use ProposalMatrix.

Last updated: February 2026

Information We Collect

  • Account information: name, email address, company name, and billing details when you sign up or subscribe.
  • Usage data: how you use the platform, including feature usage, session duration, and interaction patterns to improve the service.
  • Uploaded documents: RFPs, SOWs, past performance narratives, resumes, technical documents, and other files you upload to your workspace.
  • Proposal content: sections, compliance matrices, evidence links, and AI-generated drafts created within your pursuits.

How We Use Your Information

  • Provide the service: operate ProposalMatrix, process your documents, run AI-assisted drafting, and deliver the features you use.
  • Improve the service: analyze aggregated, anonymized usage patterns to enhance performance, fix bugs, and develop new features.
  • Communicate: send transactional emails (account, billing, security), product updates, and respond to support requests.
  • Compliance: meet legal obligations, enforce our terms, and protect against fraud or abuse.

Data Storage and Security

  • Infrastructure: ProposalMatrix runs on Amazon Web Services (AWS) in US-based regions.
  • Encryption: all data is encrypted in transit (TLS 1.3) and at rest (AES-256). Documents are stored in S3 with server-side encryption (SSE-KMS).
  • Network isolation: database and application services run within a private VPC with no direct public internet exposure.
  • Access controls: strict IAM policies, least-privilege access, and audit logging for all data operations.

Third-Party Services

  • AWS Textract: used for document parsing and text extraction from uploaded PDFs and Word files.
  • AWS Bedrock: used for AI-powered requirement extraction and proposal draft generation.
  • AI training: we do not use your content, documents, or proposal data to train AI models. Customer data is processed solely to deliver the service and is not used for model training.
  • Subprocessors: we maintain a list of subprocessors and will notify customers of material changes.

Data Retention

  • Active accounts: we retain your data for as long as your account is active and you use the service.
  • Account deletion: upon request, we delete your account and associated data within 30 days, except where retention is required by law.
  • Backups: backup copies may persist for up to 90 days before being purged.

Your Rights

  • Access: you may request a copy of the personal data we hold about you.
  • Deletion: you may request deletion of your account and associated data.
  • Portability: you may request an export of your data in a machine-readable format.
  • Correction: you may update your account information at any time in settings.
  • Opt-out: you may opt out of marketing communications while still receiving transactional emails.

Contact for Privacy Inquiries

For questions about this privacy policy or to exercise your data rights, contact us at support@proposalmatrix.com. We will respond within 30 days.