Legal
Privacy Policy
Agreely ("we", "us", or "our") operates the Agreely platform — an AI-powered proposal generation service for freelancers and consultants, accessible at app.agreely.work and this website. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.
By using Agreely you agree to the practices described in this Policy. If you do not agree, please do not use our services.
1. Data We Collect
1.1 Account & Profile Data
When you register for an account we collect your name, email address, and a password (stored as a secure hash via Supabase Auth). Through your profile settings you may also provide:
- Phone number (used for OTP verification and optional notifications)
- Company name and business address
- Tax / VAT identification number
- Avatar image and digital signature (drawn in-app, stored as an image)
- Industry, location, and language preference
- Display email (may differ from your login email)
Providing profile data beyond name and email is optional; however some features (e.g., digital signature on proposals) require it.
1.2 Client Data You Upload
Agreely lets you store information about your own clients — names, companies, email addresses, phone numbers, websites, and contextual notes. You are the data controller for this data. We process it only on your behalf as a data processor. You are responsible for having a lawful basis to store and use your clients' personal information.
1.3 Proposal & Project Data
We store the proposals you create, including project descriptions, scope, deliverables, pricing, milestones, and any content generated by AI based on your input. Proposals may contain personal or commercially sensitive information you choose to include.
1.4 Payment Method Labels
You may add payment method details (e.g., bank account labels, PayPal address, Wise handle) to display on proposals. We do not process card payments or store full card numbers. These details are display-only labels used in your proposals.
1.5 E-Signature Data
When your clients sign a proposal they provide a phone number for OTP verification and a drawn signature. We store the hashed OTP, a phone number, a verification timestamp, and the signature image. This data constitutes the signing record for that proposal.
1.6 Usage & Analytics Data
We collect analytics to improve our product:
- Product analytics: We use PostHog to track how you interact with the app (page views, feature usage, session data). PostHog may set cookies or use local storage.
- Proposal analytics: When a client opens your shared proposal link we record event type (opened, section viewed, link shared, accepted, forwarded), a hashed IP address, which section was viewed, and time spent. We hash IPs before storage; raw IPs are never retained.
1.7 Technical Data
Like most web services, we automatically receive browser type, device type, operating system, referring URLs, and pages visited. This data is used for security, diagnostics, and aggregate analytics.
2. How We Use Your Data
- Service delivery: Creating and managing your proposals, client records, and account.
- AI processing: When you provide a project brief or request AI-generated content, the content is sent to our AI services (see Section 4) to generate proposal text, perform gap analysis, and suggest improvements.
- Communication: Sending OTP codes for proposal signing via WhatsApp or SMS; sending transactional emails (account verification, notifications).
- Analytics & product improvement: Understanding how the product is used to fix bugs and build new features.
- Billing: Managing your subscription and plan usage.
- Legal compliance: Retaining records we are required to keep by law.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the Agreely service you signed up for.
- Legitimate interests: Analytics, security, fraud prevention, and product improvement, where our interests do not override your rights.
- Legal obligation: Where we are required by law to retain or disclose data.
- Consent: Where we rely on consent (e.g., optional marketing communications), you may withdraw it at any time.
4. Third-Party Service Providers
We share data with third-party processors only as necessary to operate the service. Our current sub-processors are:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, database, and file storage | Account data, all stored content |
| OpenAI (GPT-4o-mini) | AI proposal generation and gap analysis | Project brief content, proposal text |
| Google (Gemini API) | AI proposal generation (fallback) | Project brief content, proposal text |
| Twilio / WhatsApp / Fonnte | OTP delivery for proposal signing | Client phone numbers |
| PostHog | Product analytics | Usage events, device/browser data |
We do not sell your personal data to any third party.
5. AI-Generated Content & Third-Party AI
When you use AI features, the content of your project brief — which may include details about your clients and projects — is transmitted to OpenAI and/or Google for processing. These providers process data under their own privacy policies and data processing agreements with us. We encourage you not to include highly sensitive personal data (e.g., government ID numbers, financial account details) in your briefs unless necessary.
6. Data Retention
- Account data: Retained for as long as your account is active plus a reasonable period after deletion to handle disputes and legal obligations.
- Proposals & client data: Retained for as long as your account is active. You may delete proposals and clients at any time.
- Proposal analytics: Aggregated analytics data is retained indefinitely; event-level data is retained for 24 months.
- E-signature records: Retained for 7 years to support potential legal disputes about signed agreements.
- Backups: Database backups may retain data for up to 90 days after deletion.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request we correct inaccurate data.
- Deletion: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
- Portability: Receive your data in a machine-readable format.
- Restriction: Request we restrict processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority.
8. Cookies & Tracking Technologies
We use cookies and similar technologies for:
- Strictly necessary cookies: Authentication session management.
- Analytics cookies: PostHog uses cookies or local storage to track product usage. You may opt out by contacting us or adjusting your browser settings.
We do not use advertising or third-party tracking cookies. A full cookie consent mechanism is coming — until then, by using Agreely you acknowledge the analytics cookies described above.
9. Data Security
We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords, hashed IP addresses in analytics, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take reasonable precautions.
10. Children's Privacy
Agreely is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.
11. International Data Transfers
Your data may be processed in countries outside your own, including the United States, where our sub-processors (OpenAI, Supabase, PostHog) operate. Where required, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses under GDPR).
12. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the app before the changes take effect. The "Last updated" date at the top of this page indicates when the Policy was last revised. Continued use of Agreely after changes are posted constitutes acceptance.
13. Contact Us
For questions, requests, or concerns about this Privacy Policy:
Agreely
Email: [email protected]