Privacy Policy

1. Introduction

This Privacy Policy describes how Inbound Inc ("Company," "we," "us," or "our"), doing business as ProposalKit, collects, uses, shares, and protects information in connection with the ProposalKit WordPress plugin and the proposalkit.com marketing website (collectively, the "Service").

Inbound Inc is a Texas corporation located in Houston, TX. Our corporate website is inbound.inc.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Data Controller and Processor Roles

It is important to understand the distinction between our roles:

• For your account data and marketing site data: Inbound Inc acts as the data controller. We determine why and how this data is processed.
• For proposal and client data stored in your plugin: You are the data controller. ProposalKit acts as a tool (data processor) that you use to manage your own client relationships. Your proposal data is stored on your own WordPress server, and you are responsible for how you collect and use your clients' information.

3. Information the Plugin Collects

The ProposalKit plugin facilitates the collection and storage of the following data, all of which is stored in your own WordPress database on your own server:

3.1 Proposal and Estimate Content

• Proposal titles, descriptions, and body content
• Line items, pricing, service descriptions, and terms
• Template selections and customization settings
• Attached files and images you upload to proposals

3.2 Client Information

• Client name, email address, phone number, and company name
• Client mailing address (if provided)
• Communication history related to proposals

3.3 Electronic Signatures

• Signature image data (drawn signature)
• Signer name and email address
• Timestamp of signature
• IP address of the signer at the time of signing
• Browser and device information (user agent) of the signer

3.4 View Tracking Data

• IP address of proposal viewers
• Timestamps and duration of proposal views
• Number of times a proposal was opened
• Browser and device information of viewers
• Approximate geographic location derived from IP address

3.5 Payment Information

ProposalKit does not store credit card numbers, bank account details, or PayPal credentials. Payments are processed entirely by third-party payment processors (Stripe and/or PayPal). The plugin stores only:

• Transaction reference IDs
• Payment amount and status
• Payment method type (e.g., "credit card" or "PayPal")
• Timestamp of payment

4. Information the Marketing Site Collects

When you visit proposalkit.com, we may collect:

4.1 Automatically Collected Data

• IP address
• Browser type and version
• Operating system
• Referring URL
• Pages visited and time spent
• Device type (desktop, mobile, tablet)

4.2 Cookies

Our marketing site uses minimal cookies:

Cookie	Purpose	Duration
WordPress session cookies	Required for site functionality	Session
Analytics cookies	Understand site usage and improve the experience	Up to 2 years

You can control cookie preferences through your browser settings. Disabling cookies may affect site functionality.

4.3 Information You Provide

• Account registration details (name, email, password)
• Billing information provided during checkout (processed by Stripe/PayPal)
• Support inquiries and correspondence
• License key and associated site URL

5. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Process your subscription, deliver plugin updates, and verify your license.
• Process Payments: Facilitate subscription billing through Stripe and PayPal.
• Customer Support: Respond to your inquiries and troubleshoot issues.
• Improve the Service: Analyze usage patterns to improve features and user experience.
• Communications: Send transactional emails (purchase confirmations, license keys, renewal notices) and, with your consent, product updates and announcements.
• Security: Detect fraud, prevent abuse, and protect the integrity of the Service.
• Legal Compliance: Comply with applicable laws and respond to legal requests.

6. Third-Party Services

We integrate with or rely on the following third-party services. Each has its own privacy policy governing data processing:

6.1 Stripe

We use Stripe to process credit card and debit card payments. When you make a payment, your payment details are transmitted directly to Stripe and are subject to Stripe's Privacy Policy. We receive only transaction confirmations and reference IDs.

6.2 PayPal

We offer PayPal as an alternative payment method. Payment data is handled by PayPal and is subject to PayPal's Privacy Policy.

6.3 Anthropic (Claude AI)

Our AI Pro tier uses the Claude API by Anthropic to provide AI-powered proposal writing and content suggestions. When you use AI features:

• The proposal content you submit for AI processing is sent to Anthropic's servers.
• Anthropic processes this data to generate responses and may retain it in accordance with their usage policies.
• We send only the content you actively choose to submit for AI processing. No data is sent to Anthropic without a user-initiated action.
• AI features are opt-in and only available to AI Pro subscribers.

6.4 WP Engine (Hosting)

Our marketing site and demo environment are hosted on WP Engine. WP Engine may process server logs containing IP addresses and request data as part of hosting operations. See WP Engine's Privacy Policy.

7. License Server Communication

The ProposalKit plugin periodically communicates with our license server to verify your subscription status and check for updates. This communication transmits:

• Your license key
• Your site URL
• Plugin version number
• WordPress version
• PHP version

No proposal data, client data, personal content, or user-generated content is transmitted during license verification. The license server stores only the minimal data needed to validate your license and deliver updates.

8. Data Storage and Security

8.1 Self-Hosted Data

All proposal content, client information, signature data, and view tracking data is stored in your own WordPress database on your own hosting server. Inbound Inc does not have access to this data unless you explicitly share it with us (for example, during a support request).

You are responsible for:

• Securing your WordPress installation and database
• Maintaining regular backups
• Keeping WordPress, PHP, and all plugins up to date
• Implementing appropriate access controls
• Complying with applicable data protection laws regarding the client data you collect

8.2 Our Servers

Data stored on our servers (account information, license data, billing records) is protected with industry-standard security measures, including encryption in transit (TLS) and at rest, access controls, and regular security audits.

9. Data Retention

• Account data: Retained for as long as your account is active, plus 12 months after account closure for legal and billing purposes.
• Billing records: Retained for 7 years as required by tax and accounting regulations.
• Support correspondence: Retained for 3 years after the last interaction.
• License server logs: Retained for 90 days, then automatically deleted.
• Marketing site analytics: Aggregated and anonymized after 26 months.
• Plugin data (on your server): Retained until you delete it. Uninstalling the plugin provides an option to remove all plugin data from your database.

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data held by us:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing of your personal data for marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, submit a request through our support page. We will respond within 30 days.

Regarding your clients' data: Since proposal and client data is stored on your own server, you are the data controller for that information. You are responsible for responding to data subject requests from your own clients and for ensuring your use of ProposalKit complies with GDPR.

11. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: You may request details about the categories and specific pieces of personal information we collect about you.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out: You may opt out of the "sale" of personal information. We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, submit a request through our support page. We will verify your identity before processing your request.

12. International Data Transfers

Our servers and third-party service providers are located in the United States. If you are accessing the Service from outside the United States, your data may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We rely on standard contractual clauses and other appropriate safeguards for international transfers where required.

13. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. For significant changes, we will also notify registered users via email. We encourage you to review this policy periodically.

15. Contact Us

If you have questions or concerns about this Privacy Policy, our data practices, or wish to exercise your data rights, please contact us through our support page.

Inbound Inc
Houston, TX
Web: inbound.inc

For privacy-specific inquiries, please select "General Question" on the support form and include "Privacy" in your subject line so we can route your request appropriately.