← Back to home

Privacy

proposalonce uses passwordless, magic-link authentication and processes only the minimum data required to create, send, and track your proposals.

Data controller

proposalonce is operated by Black Sheep Digital Ltd, a company registered in England and Wales (Company No. 16989285), with registered address at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For data-related enquiries, contact hello@blacksheepdigital.co.

Data we process

  • Email address — used to issue magic-link sign-in tokens and associate purchases and saved proposals with your account.
  • Proposal content you create — including titles, sections, line items, pricing, optionals, recipient name and email, and your closing notes.
  • Sender profile — your name, optional company name, and (optionally) an uploaded logo and brand color, rendered on outgoing proposals.
  • Recipient interaction events — open, view, accept, and decline events, with timestamp and IP address used for the IP-stamped audit trail attached to each decision.
  • Payment metadata (transaction ID, plan, amount, status) returned by Stripe. We never see or store your card details.
  • Minimal technical logs for security, reliability, and abuse prevention.

How we use it

We use your data to render proposal pages at unique URLs, deliver notification emails (sent / accepted / declined), record the IP-stamped audit trail, manage your remaining credits, and deliver service emails such as magic-link sign-in.

We do not build behavioural profiles, do not use your data for marketing, and do not sell or share data for advertising.

How sign-in works

proposalonce uses passwordless, magic-link authentication. We never store passwords. When you sign in, we send a single-use, time-limited link to your email. Clicking the link establishes a session.

Email addresses are used solely to deliver these access links and essential service notifications.

Recipient pages

Each proposal lives at a unique, unguessable URL of the form proposalonce.com/p/<slug>. Pages are not indexed by search engines. When a recipient opens, accepts, or declines a proposal, we record the event, timestamp, and IP address so you have a verifiable audit trail.

Hosting

Our backend infrastructure is provided by Lovable Cloud and hosted in the European Union. Application traffic is served via a global CDN with EU-region origin.

Cookies and analytics

We do not use advertising cookies.

We do not use third-party tracking analytics. Any cookies used are strictly necessary for sign-in and service functionality.

Sharing

We share data only with the infrastructure providers required to operate the service: hosting (Lovable Cloud, EU), email delivery, and payment processing (Stripe). We do not sell personal data.

Retention

Proposals and associated events are retained for as long as your account exists, so you maintain a complete record of past deals. You can delete or archive individual proposals from your dashboard.

Technical logs are retained for a short period and then discarded.

Security

All connections use HTTPS encryption. Your data is stored in row-level-secured tables, accessible only to your authenticated session.

Your rights

You may request deletion of all data associated with your account by contacting us. Because we hold only the minimum necessary data, the amount of personal data associated with any individual is small.

Contact

Questions about privacy or data handling? Contact us at hello@blacksheepdigital.co. See also our Terms and Imprint.

Effective: May 23, 2026