Privacy Policy

Last updated: November 22, 2025

Who we are

DevSquare OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia. Contact: nico@blitzproposals.com.

What we do

Blitz is a proposal tool for freelancers/design studios to create, share, and track proposals.

Data We Collect

Account

email, password (hashed by Supabase), auth cookies/tokens; if you use Google sign-in, basic Google profile info.

Workspace/organization

org name, description, logo image (stored at a public URL), website and social links you enter.

Proposals

client name, service title, scope items, milestones/timeline, FAQs/terms, start/end dates, pricing/currency, status, and an optional payment-method flag. Proposals may be shared via public token links.

Technical/usage

IP address, device/browser info, timestamps, and page/app usage from Supabase logs, Vercel Analytics, and Vercel Speed Insights (first-party, aggregated/low-precision).

Files

organization logos uploaded to Supabase Storage (bucket "avatars") with public URLs.

How We Use Data

  • Operate the service: authenticate accounts, render proposals, manage shareable links, and track status changes.
  • Improve and secure: performance monitoring, debugging, fraud/abuse prevention.
  • Communicate: service and security notices.

Sharing

Service providers (processors): Supabase (database, auth, storage), Vercel (hosting/analytics), Google (OAuth if you choose it). They process data on our behalf.

Proposal share links: Anyone with a valid public token can view that proposal (and accept/reject) without signing in—share carefully.

We do not sell personal data.

Cookies/Tracking

  • Essential Supabase auth cookies to keep you signed in.
  • Vercel Analytics/Speed Insights use first-party cookies or similar for aggregated usage and performance.

Legal Bases (GDPR/UK GDPR)

  • Contract: to provide the app (accounts, proposals).
  • Legitimate interests: security, fraud prevention, service improvement, analytics.
  • Consent: when required for optional cookies/Google OAuth.

Your Rights

Access, correct, delete your data; object to or restrict certain processing; request export (data portability); withdraw consent where applicable. To exercise rights, contact nico@blitzproposals.com.

You may delete proposals/organization details in-app; request full account deletion via email.

Data Retention

  • Active accounts: retained until you delete data or close your account.
  • Backups/logs: retained for a limited period for security/operations (30–90 days) then deleted or anonymized.

Security

Transport encryption (HTTPS); access controls in Supabase; hashed passwords. Logo files are intentionally public URLs—avoid uploading sensitive images.

Children

Not directed to children under 16 (or higher age where required). We do not knowingly collect children's data.

International Transfers

Data is hosted on us-west-1. Where data moves across borders, we rely on appropriate safeguards (e.g., SCCs).

Changes

We'll update this policy when practices change. We'll post the new effective date and, where required, notify you.

Contact

Privacy requests: nico@blitzproposals.com.

If unresolved, EU/UK users may contact their data protection authority. For CCPA/CPRA, you may request access/deletion via the contact above.