Privacy Policy

Version: 2026-04-24 Effective date: 2026-04-24

Prosponsive, Inc. ("Prosponsive," "we," "us," or "our") operates the Prosponsive desktop application and the prosponsive.ai website (together, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what choices you have.

If you have any questions about this policy, contact us at privacy@prosponsive.ai.

1. Who we are

Prosponsive, Inc. is a Delaware corporation.

Registered agent:
Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States

For privacy inquiries, contact privacy@prosponsive.ai.

2. The short version

We keep as much as possible on your own machine. The Prosponsive desktop application runs locally; your conversations, tool invocations, and local data do not leave your computer unless you explicitly configure an integration that sends them elsewhere (for example, a hosted AI provider).
We use a small set of third-party services ("sub-processors") for authentication, app distribution, optional analytics, in-app feedback, and payment processing. Each is listed in §5.
When you configure an AI provider (Ollama for local LLM hosting and models, or hosted services like OpenAI, Anthropic, AWS Bedrock, Google, Groq, Mistral, and similar), conversation content is processed by that provider under that provider's own terms. Prosponsive is not the processor for that data. With a local provider like Ollama, the conversation never leaves your machine.
You can delete your account and we will delete or anonymize the personal information we hold about you, except for records we are required to keep (for example, acceptance records for this Privacy Policy itself — see §9).

3. Who this policy applies to

This policy covers our collection and handling of personal information from:

Users of the Prosponsive desktop application.
Visitors to prosponsive.ai.
People who contact us at privacy@prosponsive.ai or other published addresses.

The Service is intended for people aged 18 or older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

4. What we collect

4.1 Information you provide directly

Account information (via Clerk): When you create a Prosponsive account we collect your email address and your name. If you sign in with an OAuth provider (Google, Microsoft, GitHub), we additionally receive your profile image URL and an OAuth token from that provider. Clerk stores these on our behalf; see §5.1.
Feedback: When you submit in-app feedback, we collect the text you author plus environment context that helps us reproduce reported bugs: basic device and operating-system information (e.g., OS name and version, RAM, CPU cores), basic AI configuration (the provider and model you're currently using), and the Prosponsive app version. We also attach your Clerk user ID as the reporter so you can later list your own filed issues. Submitting feedback requires a signed-in Prosponsive account. Submissions are sent to our feedback service, which files them as issues in a private GitHub repository on your behalf — visible only to the Prosponsive team. Even so, please don't include information you wouldn't want a Prosponsive engineer to read.
Support correspondence: If you email privacy@prosponsive.ai or jb@prosponsive.ai we receive the contents of your message and your email address.
Billing information (via Stripe): When you start a paid subscription, Stripe collects your card details, billing address, and tax information directly. Your payment information never touches our servers — we receive only a payment method token, your subscription status, and transaction metadata. See §5.

4.2 Information we collect automatically

IP address, at the network edge: When you download the Prosponsive installer or auto-update package from Amazon CloudFront, AWS sees your IP address as part of normal network routing. We have disabled CloudFront access logging, so we do not retain IP addresses in any access logs we control.
Device and usage analytics (opt-in only): If you opt in to analytics, we use PostHog to record event data tied to a randomly generated UUID — we do not associate it with your account, your name, or your email, and we have disabled IP-based geolocation so PostHog does not persist coarse location data on our events. The events cover: feature-usage actions (e.g., conversation lifecycle and tool approvals — including the tool name but not its inputs or outputs, and the length of a message in characters but not its content); basic device and operating-system information; basic AI configuration (the provider and model you're currently using and your configured failover list); and the application's runtime state (app version, container runtime, session timing). For stuck or error events we additionally send a sanitized log tail — file paths, IP addresses, email addresses, and values that look like API keys are stripped before sending. You can opt out at any time in Settings; opting out stops any further events from being sent.
Acceptance records: When you accept this Privacy Policy or our Terms of Service, we record your user ID, the document you accepted, the version, the timestamp, and the application version. We also record a salted SHA-256 hash of your IP address (not the raw IP) and the user agent string. The hash is computed at our API gateway using a server-side pepper that is never logged. These records are append-only and are retained indefinitely for legal defensibility (see §9).

4.3 Information generated by your use of the app

Conversation content and tool invocations: These are stored locally on your machine in a PostgreSQL database that Prosponsive manages for you. This information stays on your machine unless you configure an integration that sends it elsewhere. Prosponsive does not collect, cache, proxy, or retain conversation content on any server that we control.

4.4 Information we do not collect

We do not collect the contents of your conversations, your tool outputs, your workflows, your local files, or your AI provider API keys. These stay on your computer.
We do not sell personal information, and we do not share it with advertising networks.
We do not use your data to train AI models. Ever.

5. Sub-processors (third parties that process data on our behalf)

We rely on the following service providers. All are based in the United States and all have their own privacy policies and security programs.

Sub-processor	What it does for us	What it receives	Location
Clerk	Authentication and identity management	Your email address, name, profile image, OAuth tokens	United States
Amazon Web Services (CloudFront, S3)	App distribution and auto-updates	Your IP address at the network edge (transient, AWS routing only — we do not retain IPs in any logs we control)	United States (us-east-1)
PostHog	Anonymous product analytics (opt-in)	A randomly generated UUID; feature-usage events; basic device and operating-system information; basic AI configuration; the application's runtime state; sanitized log tails for stuck/error events. IP geolocation is disabled.	United States
GitHub	Hosts our private feedback repository (Prosponsive team only); our feedback service files in-app submissions there as issues on your behalf	The text of your feedback; basic device and operating-system information; basic AI configuration; the Prosponsive app version; a reporter token tied to your Clerk user ID; submission timestamp	United States
Stripe	Payment processing for paid subscriptions	Your billing information and card details (collected and stored entirely by Stripe — never touch our servers); we receive only a payment method token, subscription status, and transaction metadata	United States

If you configure an external AI provider inside the app, conversation content and tool invocations you submit are sent to that provider by your copy of Prosponsive, under that provider's terms. Prosponsive does not route that traffic through any server we operate — the connection goes directly from your machine to the provider. Providers we currently support include:

Ollama (runs locally on your machine — nothing leaves)
OpenAI
Anthropic
AWS Bedrock
Google Gemini
Groq
Mistral

You are responsible for your relationship with the provider you choose, including any data-processing terms.

This list mirrors the "Sub-processors" section of our Security Architecture white paper so that what you read here and what we disclose to security reviewers are identical.

6. How we use your information

We use the information we collect to:

Authenticate you and let you sign in to the Service.
Deliver the Prosponsive application and its updates to your machine.
Count your usage of certain tools, where you have a paid or metered plan, so we can apply the correct entitlement.
Help you when you contact us for support.
Detect, investigate, and prevent abuse, fraud, or violations of our Terms of Service.
Improve the Service — but only using the anonymous, opt-in analytics data described above, or data you've given us directly as feedback.
Comply with our legal obligations.

We do not profile you, score you, make automated decisions about you, or feed your data into training sets.

7. Legal basis (for people in jurisdictions that require it)

We are a US-based company with US users as our primary audience. Where a legal-basis disclosure is relevant, we rely on:

Performance of a contract: We process the information necessary to provide the Service to you.
Legitimate interests: We process limited operational data (for example, hashed IP addresses on legal-acceptance records) to secure and deliver the Service.
Consent: We rely on your explicit consent for optional analytics, and for acceptance of this Privacy Policy and our Terms of Service.
Legal obligation: We process and retain some information when required by law.

8. Sharing your information

We share personal information only in these cases:

With sub-processors listed in §5, to the extent necessary for them to perform their function.
With law enforcement or in response to a valid legal request, where we are required to do so.
In a corporate transaction (merger, acquisition, sale of assets), in which case personal information may be transferred subject to this policy or a notice of change.

We do not sell your personal information. We do not share it for cross-context behavioral advertising.

9. How long we keep your information

Account information: For the life of your account. When you delete your account we delete or anonymize account information within 30 days.
CloudFront access logs: Disabled. We do not retain IP addresses in any access logs we control.
PostHog analytics (opt-in): Retained per PostHog's defaults; anonymous and not tied to your account.
Feedback submissions: Retained indefinitely as GitHub issues in our private feedback repository. You can ask us to delete a specific issue by contacting us, and we will do so unless there is a legitimate need to keep it (for example, the issue is tracking a live bug).
Acceptance records for this Privacy Policy and our Terms of Service: Retained indefinitely in append-only storage. These are the record that you agreed to the current version, and we may need them for legal defense years later.
Billing records (via Stripe): Retained per Stripe's defaults and per applicable tax/accounting law (typically 7 years for tax records). When you cancel your subscription we close the Stripe customer record but transaction history is preserved as required by law.
Conversation content: Stays on your machine. We never have it, so we cannot retain or delete it for you; you manage it yourself.

10. Your rights

Depending on where you live, you may have some or all of the following rights:

Access: Ask us what personal information we hold about you.
Correction: Ask us to correct inaccurate personal information.
Deletion: Ask us to delete your account and the personal information we hold about you, subject to the retention exceptions in §9.
Portability: Ask us to export your personal information in a machine-readable format.
Objection / restriction: Ask us to stop or limit how we process certain personal information.
Withdraw consent: Opt out of optional analytics at any time in Settings.

To exercise any of these rights, email privacy@prosponsive.ai. We respond within 30 days.

You have the right to complain to a data-protection authority if you believe we have mishandled your information.

11. Your California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights:

Right to know what personal information we collect, use, disclose, and share.
Right to delete personal information we hold about you, subject to exceptions.
Right to correct inaccurate personal information.
Right to opt out of sale or sharing. We do not sell personal information and we do not share it for cross-context behavioral advertising.
Right to limit use of sensitive personal information. We do not use or disclose sensitive personal information for purposes that would trigger this right.
Right to non-discrimination for exercising any of these rights.

Categories of personal information we have collected in the past 12 months:

Identifiers (email and name — collected on our behalf by Clerk; account ID; hashed IP address on legal-acceptance records)
Commercial information (subscription status, usage counts)
Internet or other electronic network activity information (anonymous app analytics, if you opted in)
Professional information (information you include in feedback submissions)

We have not sold or shared any of the above in the past 12 months.

To exercise any CCPA right, email privacy@prosponsive.ai with a description of your request. We may need to verify your identity before responding. You may designate an authorized agent to submit requests on your behalf. We respond within 45 days.

12. International transfers

Prosponsive and all of our sub-processors are based in the United States. If you use the Service from outside the United States, the information we collect about you will be transferred to, stored in, and processed in the United States. The United States may have different data-protection laws than your country. By using the Service you consent to this transfer.

13. Security

We protect personal information with a layered security program that includes encryption in transit (TLS), encryption at rest (AES-256-GCM for secrets), scoped and least-privilege access to production systems, code signing for the desktop application, and an architecture that keeps the overwhelming majority of user data on the user's own machine. Our Security Architecture white paper is available on request.

No system is perfectly secure. If we become aware of an incident that materially affects your personal information we will notify you without undue delay.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

Publish a new dated version at https://prosponsive.ai/privacy/<date>/, leaving the old version at its own dated URL forever so you can see what you previously agreed to.
Update the "current" version pointer.
Prompt you to review and accept the new version the next time you sign in to the desktop application.

Material changes require your affirmative acceptance before you can continue using the Service. Typo fixes and formatting changes do not.

Historical versions of this policy are all listed at https://prosponsive.ai/privacy/.

15. Contact us

Email: privacy@prosponsive.ai

Mailing address:
Prosponsive, Inc.
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States