ProManualProManual← Back

Privacy Policy

Effective date: May 26, 2026

ProManual(“ProManual,” “we,” “us,” or “our”) provides AI-powered document intelligence software for HVAC and MEP mechanical contractors. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By creating an account or using ProManual, you agree to this Privacy Policy. If you are using ProManual on behalf of an employer or other organization, you represent that you have authority to bind that organization to this policy.

1. Data We Collect

Account Information

When you register, we collect your name, email address, and a hashed (one-way encrypted) password. We never store your password in plaintext.

Uploaded Documents

ProManual processes documents you upload — PDFs, Excel files, and Word documents. How these are stored depends on your deployment:

  • Cloud (promanual.dev): Files are stored in Vercel Blob storage. They are encrypted in transit (HTTPS) and at rest by Vercel. ProManual staff do not access your document contents.
  • On-Premise (Docker deployment): Files are stored encrypted on your own server using AES-256-GCM encryption. ProManual has no access to your server, your files, or your data after initial installation. Your documents never leave your network.

Extracted Text

ProManual extracts plain text from your uploaded documents. This text is stored encrypted in our database and is used to power AI analysis features. Raw document files are never transmitted to AI providers — only the extracted plain text is sent.

AI Analysis Results

Annotations, comparison discrepancies, scope gaps, cost estimates, RFI entries, equipment schedules, vendor price history, and GC pattern observations you generate are stored in our database, encrypted at the field level.

Usage Metadata

We maintain an audit log of AI API calls that includes: timestamp, user ID, document ID, operation type, bytes transmitted, and a SHA-256 hash of the prompt. Full prompt text is never stored. This log is visible only to you at /admin/security and is used to maintain an audit trail of AI usage.

2. How We Use Your Data

  • To provide, operate, and improve the ProManual service
  • To authenticate your account and maintain session security
  • To perform AI-powered document analysis using the Anthropic API (extracted text only)
  • To store and display your annotations, comparisons, and analysis results
  • To send service-related emails (account confirmation, material changes to this policy)
  • To respond to your support requests

We do not sell your data. We do not use your document content for advertising. We do not share your data with third parties except as described in Section 3.

3. Third-Party Service Providers

We share data with the following processors only as necessary to provide the service:

Anthropic (AI Analysis)

When you run AI analysis, extracted plain text from your documents is sent to Anthropic’s API. Anthropic operates under a zero-data-retention policy: prompts and responses are not stored and are not used to train AI models. Raw document files are never transmitted. See Anthropic’s Privacy Policy.

Google (Sign-In)

If you sign in with Google, Google authenticates you and shares your name and email address with us. This is governed by Google’s Privacy Policy.

Vercel & Neon (Cloud Hosting — SaaS Only)

For accounts on promanual.dev, the application is hosted on Vercel and the database is hosted on Neon (PostgreSQL). These providers process data on our behalf under data processing agreements. This does not apply to on-premise Docker deployments, where all data stays on your own infrastructure.

We have no marketing, analytics, or tracking vendors. PostHog and all telemetry have been fully removed from the application.

4. On-Premise Deployments

For customers running ProManual on their own infrastructure via Docker, we have a strict no-access policy after installation:

  • All files are stored encrypted on your own server. ProManual never receives them.
  • AI calls transmit extracted text only. Your original documents never leave your network.
  • There is no telemetry, no phone-home mechanism, and no remote access in the container.
  • Your encryption key is generated by you at install time and never shared with ProManual.

In practice, ProManual cannot access on-premise customer data even if legally compelled — we simply do not have it.

5. Cookies

ProManual uses strictly necessary session cookies to keep you authenticated. We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required because we do not place any non-essential cookies.

6. Data Retention

  • Cloud accounts: Your data is retained until you delete it or request account deletion. Deleted data is removed within 30 days.
  • On-premise accounts: Retention is entirely under your control. You manage your own database and file storage.

7. Security

We implement industry-standard safeguards including AES-256-GCM encryption for sensitive data, HTTPS-only transport, hashed passwords (bcrypt, cost factor 12), and no plaintext storage of credentials. No security measure is perfect; please notify us immediately if you suspect unauthorized access to your account.

8. Your Rights

You have the right to:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data. We will complete the deletion within 30 days.
  • Portability: Request an export of your data in a machine-readable format.

To exercise any of these rights, email us at legal@promanual.dev.

9. Children’s Privacy

ProManual is intended for professional use by adults. We do not knowingly collect personal data from anyone under 18. If we learn we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the new policy takes effect. Continued use of ProManual after the effective date constitutes acceptance of the updated policy.

11. Contact

Questions, requests, or concerns about this Privacy Policy should be directed to:

ProManual
legal@promanual.dev

Terms of Service·promanual.dev