1.Who we are
Propolyx, Inc. (“Propolyx,” “we,” “our”) is a generative knowledge platform for enterprise bid and proposal teams. We were founded in Enugu, Nigeria, and operate globally.
This policy describes how we collect, use, and protect personal information when you visit propolyx.com or use the Propolyx product. If you have questions, email privacy@propolyx.com.
2.What we collect
Account information. When you sign up, we collect your work email, name, and the tenant identifier your administrator assigns. Authentication is handled by Amazon Cognito.
Customer content. The documents you upload, the responses Propolyx generates, and the metadata associated with them (status, citations, confidence). This content remains your property and is processed only to provide the service.
Usage data. Pages visited, features used, RFP processing times, and aggregated performance metrics. We use this to operate and improve the product.
Cookies. Strictly necessary (session, theme preference) and analytics (Vercel Analytics with IP truncation). No third-party advertising cookies.
3.How we use your data
We process personal data to: provide the Propolyx service, secure your account, communicate about the product, comply with legal obligations, and improve the product through aggregated, de-identified analysis.
We never train shared models on customer data. Customer content is processed only within the tenant boundary and is not used to train shared foundation models or shared retrieval indexes.
4.Sharing and subprocessors
We share data only with the subprocessors listed in our Trust Center, each of which is contractually bound to protect the data on the same terms. We do not sell personal data.
We may disclose data in response to lawful requests by public authorities, including to meet national security or law-enforcement requirements. We will notify affected customers unless prohibited by law.
5.Data retention
Customer content is retained for the duration of the subscription plus 30 days for backup integrity, after which it is permanently deleted. Audit logs are retained for 90 days by default and up to 7 years on Enterprise plans.
You can request deletion of your personal data at any time by emailing privacy@propolyx.com. We will action verifiable requests within 30 days.
6.Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict its processing. GDPR rights apply to EU data subjects; PIPEDA rights apply to Canadian data subjects; the CCPA applies to California residents.
To exercise any of these rights, email privacy@propolyx.com from the address on your Propolyx account. We may ask for additional verification before actioning a request.
7.International transfers
Propolyx's default region is the United States (AWS us-east-1). EU and Canadian residency are available on Enterprise plans. When we transfer data internationally, we rely on Standard Contractual Clauses (EU) and equivalent safeguards.
8.Security
Detailed security controls are documented at /security. Customer-managed KMS keys, tenant-isolated S3 prefixes, and scoped IAM are defaults — not enterprise upsells.
9.Changes to this policy
We will notify customers at least 30 days in advance of any material changes to this policy via email and an in-product notice. The current effective date is shown above.