Propel Logo
Book a Demo

Privacy Policy

Version: 09/03/2026

At Propel, we take data privacy and security seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information and Client Data when you use the Propel platform and related services. It should be read alongside our Terms of Service.

1. Data Roles

For the purposes of the EU General Data Protection Regulation (GDPR) and applicable data protection laws, Client acts as Data Controller and Propel acts as Data Processor with respect to Client Data.

2. What Data We Process

Propel processes the following categories of data:

  • Client Data: All data, content, and information submitted or generated by Client through use of the Services, including learning stories, project reports, and user-generated content.
  • Account Data: Information provided during registration, such as name, email address, and organisational affiliation.
  • Usage Data: Technical data about how you interact with the platform, used to improve service performance and functionality.

3. How We Use Your Data

Propel processes Client Data solely to:

  • Deliver and operate the Services.
  • Improve the Platform's functionality, using anonymised data only.
  • Comply with legal obligations.

Propel will not sell, rent, or share Client Data with third parties for marketing or commercial purposes.

4. Legal Basis for Processing

Propel processes personal data on the following legal bases under Article 6 of the GDPR:

  • Performance of a contract: The primary basis for processing is the performance of the service agreement between Propel and the Client. Processing is necessary to provide access to the Platform and deliver the Services.
  • Legal obligation: Where processing is required to comply with applicable laws and regulations, including data protection law.
  • Legitimate interests: For processing activities such as platform security, fraud prevention, and service improvement using anonymised data, where these interests are not overridden by the rights of individuals.

5. Client Responsibilities

As Data Controller, Client is responsible for:

  • Ensuring the accuracy and legality of Client Data submitted to the Platform.
  • Obtaining any necessary consents from individuals whose data is included in Client Data.
  • Compliance with applicable data protection laws and internal policies.

6. Data Security

Propel employs appropriate organisational and technical measures to safeguard Client Data, including:

  • Encryption of data in transit and at rest.
  • Access controls limiting data access to authorised personnel.
  • Regular security audits and reviews.

7. Hosting and Data Location

The Platform is hosted on secure, EU-based cloud infrastructure. All Client Data is stored within the European Economic Area (EEA). Where subcontractors or hosting providers (such as AWS) are used, they are bound by equivalent confidentiality and data protection obligations.

8. Third-Party Analytics

Propel uses Mixpanel, a product analytics platform, to analyse how users interact with the Propel platform. This helps us understand usage patterns, improve the product, and measure client satisfaction.

The following principles govern our use of Mixpanel:

  • Activity data only: Mixpanel captures user activity and behavioural data, such as which features are used and how users navigate the platform. It does not have access to the content of Client Data, including learning stories, documents, or any programme-related information.
  • Purpose: Analytics data is used internally for product development and to assess client satisfaction. It is not shared publicly or with third parties for commercial purposes.
  • Aggregation: Where insights derived from usage data are referenced externally, they are presented only in highly aggregated and anonymised form, such that no individual user or organisation can be identified.
  • Legal basis: This processing is conducted on the basis of Propel's legitimate interests in improving its platform and services.

Mixpanel acts as a data processor on behalf of Propel and is bound by appropriate data processing terms. For more information on Mixpanel's privacy practices, please refer to Mixpanel's privacy policy at mixpanel.com.

9. Data Processing Agreement

The Parties may execute a Data Processing Addendum to further detail the respective data protection obligations, in accordance with Article 28 of the GDPR.

10. Breach Notification

Propel shall notify Client without undue delay upon becoming aware of any personal data breach affecting Client Data, in accordance with applicable legal requirements.

11. GDPR Compliance

Propel complies with the EU General Data Protection Regulation (GDPR) and all applicable data protection laws. Users have the right to access, rectify, erase, restrict, or port their personal data. To exercise these rights, please contact us at support@propelapp.org.

12. Data Retention

Propel retains Client Data for the duration of the Subscription Term and for any period required by law thereafter. Upon termination of the agreement, Client Data will be deleted or returned to Client in accordance with the terms agreed between the Parties.

13. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website and, where material, communicated directly to affected users or clients. Continued use of the Services following any update constitutes acceptance of the revised Policy.

14. Contact Information

If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@propelapp.org.