What Data We May Collect, and How & Why We Use It
| TYPE OF USER | WHAT DATA WE MAY COLLECT | HOW AND WHY WE USE IT |
|---|---|---|
| VISITOR | 1. Your location; 2. How you behave on https://propelpro.ai (what pages you land on, how much time you spend, etc.); 3. The device you use to access the website and its details (model, operating system, browser, etc.); 4. Cookies and similar tracking/analytics data (we use Google Analytics for this purpose); 5. Your name and e-mail, if voluntarily provided through a "Book a Demo" request or contact form. | We use this information to analyse and identify your behaviour and enhance the interactions you have with our website. Where you contact us voluntarily (e.g., via a demo request or contact form), we use the details provided solely to respond to your enquiry and follow up regarding the Platform. If you give us your consent, we may also send you newsletters or e-mails about PropelPro. |
| CUSTOMER | 1. The name and e-mail of your representative(s) who sign up for, or engage us in relation to, PropelPro on your behalf; 2. Billing, invoicing and (where applicable) payment information to facilitate provision of, and payment for, the Platform. | We collect this data to help you onboard for, and to facilitate provision of, the Platform, including contracting and invoicing, and to enable you to make payments for the Platform. Where we use a third-party service provider to manage payment processing, that provider is not permitted to store, retain, or use your information except for the sole purpose of processing payments on our behalf. If you give us your consent, we may also send you newsletters or e-mails about PropelPro. |
| USER | 1. Your name, e-mail, and role/designation; 2. Authentication data, where you sign in via single sign-on (e.g., Microsoft Entra External ID); 3. How you behave within the Platform and the features you use (e.g., PropelScout, PropelRead, PropelFlow, PropelWrite); 4. The device you use to access the Platform and its details (model, operating system, browser, etc.); 5. Cookies and similar tracking/analytics data. | We collect this data in order to facilitate provision of the Platform to you, including authenticating your access and personalising your experience. We will occasionally send you e-mails regarding changes or updates to the Platform. If you report an issue, we may, with appropriate safeguards, access relevant logs or session information for a limited period to help us address the issue. If you give us your consent, we may also send you newsletters or e-mails about PropelPro. |
| CUSTOMER CONTENT | Documents and records uploaded by a Customer or its Users to the Platform for the purposes of bid/tender management, including (without limitation) tender and RFP documents, proposal drafts and supporting materials, and personnel records such as CVs/résumés, certifications, and experience profiles of the Customer's employees, subcontractors, or referees, which may contain personal data of individuals other than the User. | We process Customer Content solely to provide the Platform's features to the Customer, including AI-assisted tender discovery (PropelScout), document analysis (PropelRead), task coordination (PropelFlow), and proposal drafting (PropelWrite). In relation to Customer Content, Dimensionless Technologies acts as a data processor / service provider, processing such data strictly on the instructions of, and for the purposes specified by, the Customer. |
FOR THE AVOIDANCE OF ANY DOUBT, WE SHOULD CLARIFY THAT IN THE EVENT WE ANONYMISE AND AGGREGATE INFORMATION COLLECTED FROM YOU, WE WILL BE ENTITLED TO USE SUCH ANONYMISED DATA FREELY, WITHOUT ANY RESTRICTIONS OTHER THAN THOSE SET OUT UNDER APPLICABLE LAW.
Where such data is not being used by us to render the Platform to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time by writing to us at privacy@dimensionless.ai.
Information Transferred via Google APIs
Where you choose to connect a Google service (such as Gmail or Google Drive) to PropelPro as part of the Platform's integrations, PropelPro's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements set out therein.
Use of Artificial Intelligence
PropelPro uses artificial intelligence (AI), including machine learning and large language models, to power features such as automated tender discovery, RFP/document analysis, risk and compliance flagging, and AI-assisted proposal drafting. All AI-driven data processing, including processing of Customer Content, is performed with a strong commitment to safeguarding privacy. We implement strict access controls, encryption, and regular audits to prevent unauthorised access to, or misuse of, your information. Our AI systems are used only on data necessary to deliver the relevant feature, and we adhere to industry best practices to anonymise and aggregate data wherever possible to protect identities.
We do not use Customer Data or Customer Content to train any underlying AI or foundation models, whether operated by us or by our technology and infrastructure providers, beyond the agreed-upon scope of the Platform. Any personal data processed by our AI systems is handled in compliance with applicable data protection laws, including the GDPR and India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), where applicable.
Your Rights & Preferences as a Data Subject
Subject to the GDPR and applicable law's limitations, the rights afforded to you as a data subject are:
- RIGHT TO BE INFORMED: You have a right to be informed about the manner in which your personal data is collected or used, which we have endeavoured to do by way of this Policy.
- RIGHT OF ACCESS: You have a right to access the personal data you have provided by requesting that we provide it to you.
- RIGHT TO RECTIFICATION: You have a right to request that we amend or update your personal data if it is inaccurate or incomplete.
- RIGHT TO ERASURE: You have a right to request that we delete your personal data.
- RIGHT TO RESTRICT: You have a right to request that we temporarily or permanently stop processing all or some of your personal data.
- RIGHT TO OBJECT: You have a right, at any time, to object to our processing of your personal data under certain circumstances. You have an absolute right to object to our processing of your personal data for direct marketing purposes.
- RIGHT TO DATA PORTABILITY: You have a right to request that we provide you with a copy of your personal data in electronic format, which you can transmit to another third party's product or service.
- RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING: You have a right not to be subject to a decision based solely on automated decision-making, including profiling.
In case you want to exercise any of the rights set out above, you can contact our Grievance Officer, whose details are set out in the "Grievance Officer" section below.
If you are an individual whose personal data appears within Customer Content (for example, as the subject of a CV uploaded by a Customer), please note that the relevant Customer is the controller of that data, and you should direct requests relating to such data to that Customer in the first instance. Dimensionless Technologies will assist the Customer in responding to such requests as required by applicable law and our agreement with the Customer.
Grounds for Processing
The data provided by you as a Visitor, or when you sign up as a Customer/User or register for the Platform, will be processed by us for the purpose of rendering the Platform to you, or in order to take steps prior to rendering the Platform, at your request. Where such data is not being used by us to render the Platform to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time by writing to us at privacy@dimensionless.ai.
Additionally, we may process your data to serve our legitimate interests. Accordingly, the grounds on which we engage in processing are as follows:
| NATURE OF DATA | GROUNDS |
|---|---|
| Visitor Data | Consent; Legitimate Interest |
| Account/Customer Registration Data | Compliance with applicable laws; Performance of a Contract; Legitimate Interest |
| Service Usage Data | Performance of a Contract; Legitimate Interest |
| Customer Content | Performance of a Contract (processed on the Customer's instructions); Legitimate Interest |
| Data for Marketing our Services | Consent; Legitimate Interest |
If you believe we have used your personal data in violation of the rights set out above, or that we have not responded to your objections, you may lodge a complaint with your local supervisory authority.
Additionally, please note:
- If you are a Customer/User using PropelPro to collect data about an EU data subject from third parties, it shall be your sole obligation to inform such data subject about the source of such data.
- Special Categories of Personal Data: We do not collect any Special Categories of Personal Data as part of operating PropelPro for our own purposes. However, because PropelPro is an end-to-end bid management platform, Customer Content (such as tender documents, proposals, and personnel records including CVs/résumés) uploaded by a Customer or its Users may incidentally contain Special Categories of Personal Data relating to individuals other than the User. In relation to such Customer Content, Dimensionless Technologies acts solely as a data processor, processing the data strictly on the instructions of, and for the purposes specified by, the Customer. The Customer remains the data controller in respect of Customer Content and is solely responsible for ensuring that it has the necessary legal basis, consents, and notices in place for any personal data, including any Special Categories of Personal Data, contained within Customer Content uploaded to the Platform.
- The term "Special Categories of Personal Data" shall have the meaning ascribed to it under the GDPR and shall include, without limitation, data pertaining to a data subject's race, ethnic origin, genetics, political affiliations, biometrics, health, or sexual orientation.
Your Rights Under the California Consumer Privacy Act (CCPA)
To the extent the CCPA applies to our processing of your personal information, PropelPro recognises the following privacy rights for California consumers:
- The right to know about the personal information a business collects about them and how it is used and shared.
- The right to be informed about the manner in which any of your personal data is collected or used, which we have endeavoured to do by way of this Policy.
- The right to request deletion of personal information collected from you.
- PropelPro gives you the right to request that we delete your personal data.
- The right to opt out of the sale of your personal information.
- The right to non-discrimination for exercising your CCPA rights.
PropelPro does not sell the personal data of any of its users, customers, or leads, and assures no discrimination against consumers exercising their privacy rights under the CCPA. PropelPro will not ask you to waive any of your privacy rights as a California consumer.
In case you want to exercise the rights set out above, you can contact our Grievance Officer, whose details are set out in the "Grievance Officer" section below.
Your Rights Under Indian Data Protection Laws
PropelPro adheres to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and, where applicable, India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), to ensure your data is secure. Here is how we comply:
| Right | Description |
|---|---|
| The right to be informed and give consent | Before PropelPro collects any of your personal data, we will clearly explain what information we need, why we need it, and how we will use it. We will only collect your personal data with your consent, where required. |
| The right to access your data | You have the right to request access to the personal information PropelPro holds about you, including the ability to review and verify its accuracy and completeness. |
| The right to correct mistakes | If you find any errors or missing information in the data PropelPro holds about you, you have the right to request corrections. We will take reasonable steps to update your information promptly upon verification of your request. |
| The right to withdraw consent | You can withdraw your consent for PropelPro to process your personal data at any time. Once you withdraw consent, we will stop using your data for the purpose originally agreed upon, unless there is a legal reason for continued processing (such as a court order or a contractual obligation). |
Please contact our Grievance Officer, whose details are presented below, if you would like to exercise the rights listed above.
Retention of Personal Information
We will store any personal data we collect from you for as long as it is necessary to facilitate your use of the Platform and for ancillary legitimate and essential business purposes – these include, without limitation, improving the Platform, attending to technical issues, and dealing with disputes.
We may need to retain your personal data even if you seek deletion of it, if it is needed to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are a Customer, please be advised that: (i) you will need to inform any individuals whose data is contained within Customer Content about how such data is stored and dealt with, in compliance with applicable laws including the GDPR and the DPDP Act; and (ii) after you terminate your usage of the Platform, we may, unless legally prohibited, delete all data and Customer Content provided or collected by you from our servers.
Tools Used by Our Customers
PropelPro integrates with a number of third-party productivity, CRM, and storage tools at the Customer's discretion, including Gmail, Google Drive, Microsoft SharePoint, Microsoft Teams, Slack, HubSpot, Zoho, and Salesforce. If you, as a Customer, choose to enable any such integration, you agree and acknowledge that it is your sole obligation to inform your stakeholders about any data you collect by using such technologies and the policies by which such collection is bound.
Transfer of Information
In order for us to facilitate our operations, we may transfer and store the data we collect and process in accordance with this Policy, including Customer Content, to servers located within India and, where required for disaster recovery, business continuity, or as specified in your service agreement, to other regions.
Further, in the ordinary course of business, we may employ other companies and people to assist us in providing certain components of the Platform in compliance with the provisions of this Policy. To do so, we may need to share your data with them.
Where applicable – if the entities to which these transfers are made are not situated in countries deemed "adequate" by the European Commission, we shall enter into appropriate Data Protection Addendums with the transferee parties that comprehensively protect your data. We shall also put in place industry-standard technical and organizational measures (including robust data handling policies) to ensure that such transfers are completed in accordance with applicable laws. Your rights and protections will, under no circumstances, be diluted by any such transfer.
Our Data Protection Addendum, which forms part of the applicable service agreement between Dimensionless Technologies and PropelPro Customers and sets out the terms on which we Process Customer Personal Data (including Customer Content) as a processor/service provider, is available at https://propelpro.ai/dpa.
Some examples of where we may sub-contract processing activities to third parties include data analytics (such as Google Analytics), cloud infrastructure and hosting, and processing payments.
Data Residency and Tenant Isolation
PropelPro is built on a multi-tenant architecture hosted on Microsoft Azure. Each Customer's data, including Customer Content, is logically segregated within tenant-isolated storage and databases, such that no Customer has access to another Customer's data. Data is encrypted both at rest and in transit.
Depending on the Customer's contractual arrangements, Customer data may be hosted in Azure data centres located in India (Central India / South India) or other regions (such as UAE North), to meet applicable data residency requirements. For Customers requiring a private deployment, the Platform can be configured to operate from a dedicated Azure environment and region of the Customer's choosing, in accordance with the applicable service agreement.
Compelled Disclosure
In addition to the purposes set out in this Policy, we may disclose any data we collected or processed from you if it is required:
- under applicable law or to respond to a legal process, such as a search warrant, court order, or subpoena;
- to protect our safety, your safety, or the safety of others, or in the legitimate interest of any party in the context of national security, law enforcement, litigation, criminal investigation, or to prevent death or imminent bodily harm;
- if required in connection with legal proceedings brought against Dimensionless Technologies, its officers, employees, affiliates, customers, or vendors; or
- to establish, exercise, protect, defend, and enforce our legal rights.
Security of Your Personal Information
We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your data from unauthorized access, use, loss, destruction, or disclosure. When we collect particularly sensitive data, it is encrypted using industry-standard cryptographic techniques, including but not limited to SSL, TLS, and AES.
We adhere to the SOC 2 Type II framework (covering Security, Availability, and Confidentiality) and the ISO/IEC 27001 standard, an internationally recognized framework for Information Security Management Systems (ISMS). Our commitment to SOC 2 and ISO 27001 ensures that we follow rigorous security practices and maintain high standards for information security.
In compliance with the SPDI Rules, we adhere to the following reasonable security practices and procedures to protect your personal data:
| Measure | Description |
|---|---|
| Access Control | We ensure that access to personal data is granted only to authorized personnel on a need-to-know basis and that such access is logged and monitored. |
| Data Encryption | Sensitive personal data, including Customer Content, is encrypted both in transit and at rest using strong encryption methods. |
| Network Security | We employ secure network architecture, including firewalls and intrusion detection systems, to prevent unauthorized access. |
| Regular Audits | We conduct regular security audits and assessments to identify potential vulnerabilities and ensure compliance with our security policies. |
| Incident Management | We have established protocols for managing and responding to security incidents, including data breaches, to mitigate any potential impact on your personal data. |
| Employee Training | We conduct regular training programs for our employees to ensure they are aware of and comply with our security policies and procedures. |
| Third-Party Compliance | We ensure that any third-party service providers who handle personal data on our behalf adhere to equivalent security standards and practices. |
| Physical and Environmental Security | We have implemented robust physical security controls to protect our facilities from unauthorized access, damage, and interference. |
| Business Continuity Management | We have developed and tested business continuity plans to ensure the availability of critical information and systems in the event of a disruption. |
| Risk Assessment and Treatment | We conduct regular risk assessments to identify potential security threats and vulnerabilities, and implement appropriate risk treatment plans to mitigate identified risks. |
| Audit and Compliance | We conduct regular internal and external audits, including our SOC 2 Type II examination and ISO 27001 surveillance audits, to ensure compliance with these standards and to continuously improve our ISMS. |
Children's Privacy
PropelPro is not directed to, and we do not knowingly collect personal data from, individuals under the age of 18. If you are under the age of 18, please do not use the Platform or provide any personal data to us. If we become aware that we have inadvertently collected personal data from a person under the age of 18 without appropriate consent, we will take steps to delete such information as soon as reasonably possible.
Governing Law and Jurisdiction
This Policy, and any disputes or claims arising out of or in connection with it (including its subject matter, formation, or interpretation), shall be governed by and construed in accordance with the laws of India. The courts at Mumbai, Maharashtra shall have exclusive jurisdiction over any such disputes or claims.
Grievance Officer
The name and contact details of our Grievance Officer, who you may contact if you have any concerns, complaints, or feedback pertaining to this Policy, are as follows:
| NAME & DESIGNATION: | Kushagra Singhania, Chief Operating Officer, Dimensionless Technologies Private Limited |
| ADDRESS: | Dimensionless Technologies Private Limited, CIBA, Agnel Technical Complex, 6th Floor, Sector 9A, Vashi, Navi Mumbai, Maharashtra – 400703, India |
| EMAIL: | privacy@dimensionless.ai |