PropogenPropogenSign in

Legal

Privacy Policy

Effective date: June 3, 2026  ·  Last updated: June 3, 2026

Important notice: This Privacy Policy is provided for informational purposes and reflects our current data practices. It is not legal advice. Propogen strongly recommends that this policy be reviewed by a qualified legal professional before it is relied upon for regulatory compliance purposes, particularly for operations in the European Union, United Kingdom, California, or any other jurisdiction with specific data protection requirements.

1.Introduction

Welcome to Propogen ("Propogen", "we", "us", or "our"). Propogen is a software-as-a-service (SaaS) platform designed for agencies, freelancers, consultants, and service businesses. Our platform helps you manage clients, leads, proposals, contracts, invoices, projects, time tracking, forms, automations, team members, files, payments, AI assistance, and more — all in one place.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we retain it, and what rights you have over your data. It applies to all users of the Propogen platform, including workspace owners, team members, clients who access the client portal, and visitors to our website.

By using Propogen, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the platform.

How to read this policy: If you are an agency or business using Propogen to manage your clients, Section 13 (Workspace and Client Data) is especially important for understanding your role as a data controller. If you are a client or team member invited into a Propogen workspace, Sections 2–5 and Section 12 (Your Rights) are most relevant to you.

2.Information We Collect

We collect personal information in several categories depending on how you use the platform.

2.1 Account and Identity Information

When you register for Propogen, we collect your name, email address, password (stored in hashed form), and any profile details you choose to provide, such as a profile photo or job title.

2.2 Workspace and Organisation Information

When you create or join a workspace, we collect your workspace name, company name, logo, industry, and any other information you provide to configure your workspace or brand it for clients.

2.3 Team Member Information

Workspace administrators may invite team members by providing their name and email address. We collect the role, permissions, and activity of each team member within the platform, including login events, actions performed, and audit log entries.

2.4 Client and Lead Information

Through the Clients, Leads, and Portal modules, workspace users may enter and store information about their clients and leads, including names, email addresses, phone numbers, company names, website URLs, notes, tags, revenue estimates, health status, and any custom fields. This information is entered by workspace users and is considered customer-controlled data (see Section 13).

2.5 Project, Task, and Time-Tracking Data

We store information about projects, tasks, milestones, deadlines, assignees, statuses, time entries, billable rates, and task notes that you and your team create within the platform.

2.6 Proposal, Contract, Invoice, and Payment Data

We collect and store proposal content, pricing tables, contract terms, signature events (including timestamps and IP addresses of signatories), invoice line items, amounts, due dates, payment statuses, currency, and transaction references. Payment processing data (such as card numbers) is handled by our payment processor, Dodo Payments, and is not stored on Propogen's servers (see Section 7).

2.7 Form and Submission Data

When you build intake forms, questionnaires, or lead capture forms using the Forms module, we store the form structure and configuration. When individuals submit responses to your forms, we collect and store those responses on your behalf, including any personally identifiable information respondents provide.

2.8 Messages and Communication Data

We store messages sent through the platform's messaging and client portal communication features, including message content, timestamps, sender identity, and read status.

2.9 Files and Storage Data

Files you or your clients upload through the Storage, Projects, or Proposals modules are stored on our infrastructure. We store file metadata such as file name, size, type, uploader identity, and upload timestamp in addition to the file content itself.

2.10 Usage and Analytics Data

We collect information about how you use Propogen, including pages visited, features used, actions taken, session duration, error events, and feature adoption signals. This helps us improve the product and diagnose issues.

2.11 Device and Browser Information

We automatically collect technical information when you access the platform, including your IP address, browser type, browser version, operating system, device type, screen resolution, referring URL, and language preference.

2.12 Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to operate the platform and understand how it is used. See Section 8 for details.

2.13 Integration Data

If you connect third-party integrations (such as Slack, HubSpot, Google Workspace, QuickBooks, Calendly, Typeform, Zapier, or others), we receive data from those services in accordance with the permissions you grant. We may store access tokens, configuration settings, and data returned by the integration.

2.14 AI and Captain Interaction Data

When you use the Captain AI features within Propogen, we collect your prompts, the AI-generated responses, actions taken by Captain AI on your behalf, AI audit log entries, and feedback signals (such as whether you accepted or modified an AI output). See Section 5 for full details on AI data practices.

2.15 Billing and Subscription Data

We store your subscription plan, billing cycle, plan tier, subscription status, and billing-related event history (such as upgrades, downgrades, and cancellations). We do not store full payment card numbers.

2.16 Support and Communication Data

If you contact us for support, report a bug, or submit feedback, we collect the content of your communications, your contact details, and any information you share to help us resolve your issue.

3.How We Collect Information

3.1 Directly from You

We collect most data directly when you register an account, configure your workspace, create records, send proposals, complete forms, upload files, or contact us.

3.2 From Team Members You Invite

When workspace owners or administrators invite team members, those individuals provide their own information upon accepting an invitation and creating their account.

3.3 From Clients and Client Portal Users

Clients who are invited to a workspace portal may provide information such as their name, email, messages, and payment details when they access their portal, sign documents, or submit responses to forms created by your workspace.

3.4 From Forms and Submissions

When third parties (such as prospective clients or leads) respond to forms you have built and published using Propogen's Forms module, their responses are collected on your behalf and stored in your workspace.

3.5 From Integrations

When you authorise a third-party integration, that service may send data to Propogen via webhooks, APIs, or OAuth tokens. The data received depends on the permissions you grant and the integration's configuration.

3.6 From Usage and Telemetry

We automatically collect usage logs, event tracking data, and performance metrics as you use the platform. We use Vercel Analytics and Vercel Speed Insights for performance monitoring.

3.7 From Payment Providers

Our payment processor, Dodo Payments, may share subscription status, plan identifiers, invoice records, transaction references, and payment event notifications with us to keep your billing status in sync.

3.8 From Automation and Event Activity

Our Automations module generates event logs when automated actions are triggered, including trigger events, action outcomes, timestamps, and any data transformations performed. This information is stored as part of your workspace's automation history.

4.How We Use Your Information

We use the information we collect for the following purposes:

4.1 Providing the Service

To operate, maintain, and deliver the Propogen platform and all of its modules, including client management, proposals, contracts, invoices, projects, time tracking, forms, messages, automations, notifications, and the client portal.

4.2 Account and Workspace Management

To create and manage your account, authenticate your identity, manage role-based access controls within your workspace, and maintain team membership and permissions.

4.3 Supporting Your Client and Project Workflows

To enable you to manage clients, track leads, run projects, log time, and build reports — and to surface the right information at the right moment within your workflow.

4.4 Processing Proposals, Contracts, and Invoices

To generate, store, send, and track the status of proposals, contracts, and invoices, including recording signature events and maintaining audit trails required for legal and commercial purposes.

4.5 Processing Payments

To manage your subscription and billing, process payments through Dodo Payments, issue invoices, and maintain accurate records of financial transactions.

4.6 Running Automations and Notifications

To execute automated workflows you configure, send email and in-app notifications, trigger actions based on form submissions or events, and maintain automation run logs for your review.

4.7 AI Assistance

To power Captain AI features, including lead scoring, proposal drafting, summaries, Q&A about your workspace data, and AI-driven recommendations. See Section 5 for details on AI data practices.

4.8 Security, Fraud Prevention, and Compliance

To monitor for unauthorised access, detect abuse or fraud, enforce our Terms of Service, respond to legal requests, and comply with applicable laws and regulations.

4.9 Product Improvement and Research

To analyse usage patterns, identify bugs, conduct internal research, improve product features, and develop new capabilities. Where possible, we use aggregated or anonymised data for this purpose.

4.10 Customer Support and Troubleshooting

To respond to support requests, investigate reported issues, diagnose technical problems, and communicate with you about your account.

4.11 Communications

To send transactional emails (such as account verification, password resets, invoice notifications, and contract signature alerts), product update announcements, and, where you have consented, marketing communications about new features or plans. You may opt out of marketing emails at any time using the unsubscribe link in any marketing email.

4.12 Legal and Regulatory Obligations

To retain records as required by applicable tax, accounting, and data protection laws, and to respond to lawful requests from government authorities or courts of competent jurisdiction.

5.AI and Automated Processing

Propogen includes Captain AI, an AI assistant embedded across the platform. We are committed to being transparent about how AI works within our product.

5.1 What AI May Process

Captain AI may process data from your workspace to perform its functions, including client records, lead submissions, proposal content, project details, form responses, messages, and financial summaries. AI processing occurs in the context of your workspace and is subject to the same access controls as any other user action.

5.2 How AI Assists Users

AI features include (but are not limited to): scoring leads from form submissions, drafting proposals based on client briefs, summarising project statuses, answering questions about workspace data, generating email copy, and surfacing recommended actions. AI outputs are presented as suggestions — not as final outputs that take effect without your review.

5.3 Human Review Responsibility

Users remain fully responsible for reviewing, editing, and approving any content generated by Captain AI before it is used, sent, or acted upon. AI-generated proposals, contracts, messages, and other outputs should not be treated as final without human review. Propogen AI should not be used as the sole basis for legally binding decisions, financial decisions, or decisions that significantly affect individuals without appropriate human oversight.

5.4 AI Action Approval

Certain Captain AI actions (such as sending communications or making changes to records) require explicit user confirmation before they are executed. Propogen does not permit AI to take irreversible external actions without user approval.

5.5 AI Prompts, Outputs, and Logs

Your prompts submitted to Captain AI, the AI-generated responses, and a log of AI actions taken within your workspace may be stored as part of your workspace data. These logs may be used for audit trail purposes, support, and product improvement. We do not use your workspace's client data or AI conversations to train AI models without your explicit consent.

5.6 AI Sub-Processors

Captain AI relies on third-party large language model providers as sub-processors to generate responses. These providers process your prompts and the data context you submit in order to generate outputs. We select AI providers that offer data processing agreements with appropriate protections, including no training on submitted data. Current AI sub-processor details are available on request. See Section 6 for more on sub-processors generally.

5.7 Automated Decision-Making

Some Propogen features involve automated processing of your data to produce outputs that may influence decisions, such as lead fit scores. These scores are advisory in nature and are not used to make legally significant automated decisions about individuals. If you are subject to EU or UK GDPR and you believe an automated decision has materially affected you, please contact us using the details in Section 17.

6.How We Share Information

We do not sell your personal information. We share information only in the circumstances described below.

6.1 Service Providers and Sub-Processors

We engage third-party companies ("sub-processors") to provide infrastructure, analytics, AI services, email delivery, and other operational functions. These providers access personal data only to the extent necessary to perform their services and are bound by data processing agreements that restrict further use. Our sub-processors include, but may not be limited to:

We will update this list as our sub-processor arrangements change and maintain an up-to-date sub-processor list available on request.

6.2 Payment Providers

Payment data necessary to process your subscription or client payments is shared with Dodo Payments, our payment processor. Dodo Payments processes your payment data under their own privacy policy and applicable financial regulations. We encourage you to review Dodo Payments' privacy policy for details on how they handle your payment information.

6.3 User-Enabled Integrations

When you connect a third-party integration (such as Slack, HubSpot, Google Workspace, QuickBooks, or Zapier), you authorise data to be exchanged between Propogen and that service. You control which integrations are connected and can revoke access at any time through your workspace settings. We are not responsible for how third-party integration providers handle data once it is transmitted to them.

6.4 Workspace Members and Clients

Data within your workspace is visible to team members based on their assigned roles and permissions. Client portal data is visible to the relevant client. You, as the workspace owner or administrator, control which team members have access to which data within your workspace.

6.5 Legal Compliance and Protection

We may disclose personal information if required to do so by law, court order, or valid legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Propogen, our users, or the public.

6.6 Business Transfers

In the event of a merger, acquisition, sale of assets, or similar business transaction, personal information may be transferred as part of that transaction. We will notify affected users via email or a prominent notice on our website if such a transfer materially changes how your data is used, and you will have the opportunity to exercise applicable rights before any such change takes effect.

6.7 Aggregated and Anonymised Data

We may share aggregated, anonymised, or de-identified data — which cannot reasonably be used to identify any individual — for product improvement, benchmarking, or research purposes.

7.Payments and Billing

Propogen uses Dodo Payments as its payment processing provider. When you subscribe to a paid plan or when your clients make payments through the platform, payment data (such as card numbers, bank account details, and billing addresses) is collected and processed directly by Dodo Payments. Propogen does not store full card numbers or sensitive authentication data on its own servers.

Propogen may store the following billing-related information:

Your use of Dodo Payments is additionally subject to Dodo Payments' own Terms of Service and Privacy Policy. We recommend reviewing those documents to understand how your payment data is handled on their end.

8.Cookies and Tracking Technologies

8.1 What We Use

We use cookies, local storage, and similar client-side technologies to operate and improve the platform. Cookies are small text files stored on your device that help us remember your preferences and understand how the platform is used.

8.2 Types of Cookies We Use

8.3 Marketing Cookies

We do not currently use cookies for advertising targeting or retargeting. If we introduce marketing cookies in the future, we will update this policy and obtain appropriate consent before placing such cookies on your device.

8.4 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to refuse all cookies or alert you when a cookie is being placed. Note that disabling strictly necessary cookies will impair the platform's functionality. For analytics cookies, you may opt out through browser settings or by enabling Do Not Track signals where supported.

9.Data Retention

We retain personal information for as long as reasonably necessary to fulfil the purposes described in this policy, subject to the following guidelines:

9.1 Active Account Data

Data associated with your workspace — including client records, proposals, projects, invoices, and files — is retained for as long as your account remains active. You may delete specific records at any time through the platform.

9.2 After Account Deletion

When you delete your Propogen account or workspace, we will delete or anonymise your personal data within 90 days, except where we are required to retain it longer by law (for example, financial and tax records may need to be retained for up to 7 years in some jurisdictions).

9.3 Logs and Audit Logs

Usage logs, security logs, and audit log records may be retained for up to 12 months from the date they are created, after which they are deleted or anonymised unless required for ongoing security investigations or legal proceedings.

9.4 AI Interaction Logs

Captain AI prompt logs and action history are retained for up to 90 days by default and may be deleted earlier upon request. If you request deletion of AI logs, we will process that request within 30 days.

9.5 Billing Records

Subscription and billing records are retained for a minimum of 7 years from the date of the transaction to comply with financial, tax, and accounting obligations.

9.6 Backups

Data deleted by you may persist in encrypted backups for up to 30 days before being permanently purged from backup systems. Backup data is not accessible to users or used in any active processing during this period.

9.7 Deletion Requests

You may request deletion of your personal data at any time (see Section 12). We will acknowledge your request within 5 business days and complete the deletion within 30 days, subject to legal retention obligations.

10.Security

We implement technical and organisational measures designed to protect your personal information from unauthorised access, disclosure, alteration, or destruction.

No guarantee of absolute security: No method of data transmission or storage is completely secure. While we take reasonable steps to protect your data, we cannot guarantee that unauthorised third parties will never be able to defeat our security measures. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

10.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to you personally, we will also notify you directly as quickly as practicable. Notification will include a description of the nature of the breach, the categories and approximate number of individuals concerned, the likely consequences, and the measures taken or proposed to address the breach.

11.International Data Transfers

Propogen is operated from and its infrastructure is primarily located in regions served by our hosting providers (Vercel and Supabase). As a result, your personal data may be processed in countries outside your country of residence, including the United States, the European Union, or other jurisdictions where our sub-processors operate.

Where personal data is transferred from the European Economic Area (EEA) or the United Kingdom (UK) to countries not recognised as providing an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Addendum (UK IDTA), as applicable. Where we rely on SCCs or the UK IDTA for a transfer, we carry out a Transfer Impact Assessment to ensure the protections remain effective in practice.

Sub-processors may process data in multiple geographic regions. We maintain data processing agreements with our sub-processors that require them to implement equivalent protections for any transfers of your personal data.

12.Your Rights

Depending on where you are located, you may have the following rights with respect to your personal data. To exercise any of these rights, please contact us at privacy@propogen.com.

12.1 Rights for EEA and UK Users (GDPR and UK GDPR)

12.2 Rights for California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

To exercise your California rights, contact us at privacy@propogen.com. We will respond to verifiable requests within 45 days. We will not ask you for more information than is necessary to verify your identity and respond to your request.

12.3 Rights for All Users

We will respond to rights requests within 30 days. In complex cases or where we receive a large volume of requests, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reasons for the delay.

13.Workspace and Client Data

This section is particularly important for agencies, freelancers, and service businesses using Propogen to manage their own clients.

13.1 Propogen as a Data Processor

When workspace owners and team members enter data about their clients, leads, or contacts into Propogen, that data is considered "customer data" or "workspace data." For this type of data, the workspace owner (you) acts as the data controller — you determine the purposes and means of processing that data. Propogen acts as the data processor — we process that data only on your instructions and to deliver the service you have contracted for.

13.2 Your Obligations as a Data Controller

If you operate in a jurisdiction subject to GDPR, UK GDPR, or similar laws, you are responsible for ensuring that you have a lawful basis to enter your clients' and leads' personal data into Propogen, that you have made appropriate privacy disclosures to those individuals, and that you respond to data subject requests relating to data you control within your workspace.

13.3 Client Portal Users

Individuals who access a client portal created by a Propogen workspace are users whose data is primarily controlled by the workspace owner who invited them. Propogen processes their data as a processor on behalf of that workspace owner. Those individuals should direct any data rights requests to the agency or business that gave them portal access in the first instance. If they are unable to obtain resolution, they may contact Propogen directly at privacy@propogen.com.

13.4 Data Processing Agreement

Where required by applicable law (such as GDPR Article 28), Propogen is prepared to enter into a Data Processing Agreement (DPA) with workspace owners. To request a DPA, please contact us at privacy@propogen.com.

14.Third-Party Integrations

Propogen allows you to connect third-party services and tools to your workspace, including but not limited to Slack, HubSpot, Google Workspace, QuickBooks, Typeform, JotForm, Calendly, Notion, and Zapier.

15.Children's Privacy

Propogen is a professional platform intended for use by businesses and adults. We do not knowingly collect or solicit personal information from children under the age of 16 (or under the applicable age threshold in your jurisdiction — for example, 13 in the United States under COPPA). Our platform is not designed for or directed at children.

If you are a parent or guardian and believe that a child under the applicable age has provided personal information to Propogen without your consent, please contact us at privacy@propogen.com and we will take steps to delete that information promptly.

16.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or the features of the Propogen platform. When we make material changes, we will:

Your continued use of Propogen after a policy update constitutes your acceptance of the revised policy. If you do not agree with the changes, you may close your account before the effective date of the update.

We encourage you to review this page periodically to stay informed about how we protect your information. Prior versions of this policy are available upon request.

17.Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Propogen

Privacy enquiries: privacy@propogen.com

We aim to respond to all privacy-related enquiries within 5 business days and to resolve them within 30 days.

17.1 EU/EEA Users — Supervisory Authority

If you are located in the EEA and are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the data protection authority in your EU member state. A list of EEA data protection authorities is available at edpb.europa.eu.

17.2 UK Users — ICO

If you are located in the United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). More information is available at ico.org.uk.

17.3 California Users

California residents may also contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov if they have unresolved concerns about our handling of their personal information.

Disclaimer: This Privacy Policy is provided for general informational purposes only and does not constitute legal advice. The policies and practices described herein reflect our current understanding and intentions. Propogen strongly recommends that this document be reviewed by a qualified legal professional — particularly one with expertise in data protection law (GDPR, UK GDPR, CCPA/CPRA, and other applicable regulations) — before it is relied upon for compliance purposes or published to users. Data protection laws vary by jurisdiction and change frequently; this document may not reflect the most current legal requirements in all regions where Propogen operates.