Privacy Policy

Information you provide directly:

• Account Information: Email address and name when you create an account or sign up for a waitlist
• Payment Information: Processed securely by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles PCI-DSS compliance.
• Communications: Any emails, support requests, or feedback you send us

Information collected automatically:

• Usage Data: Pages visited, features used, search queries within our dashboard, time spent on pages
• Device Information: Browser type, operating system, screen resolution, and device type
• Log Data: IP address, access times, referring URLs, and server logs
• UTM Parameters: Campaign source, medium, and content tags from inbound links for marketing attribution

We use the information we collect to:

• Provide, operate, maintain, and improve our services
• Process transactions, manage subscriptions, and send billing-related communications
• Send you technical notices, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage trends to improve user experience
• Detect, prevent, and address fraud, abuse, or technical issues
• Send product updates and monthly release notes (you can unsubscribe at any time)

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide you with the services you subscribed to (account management, content access, billing)
• Legitimate Interest: Analytics, fraud prevention, and service improvement where your rights do not override our interests
• Consent: Marketing emails and non-essential cookies. You can withdraw consent at any time.
• Legal Obligation: When required by applicable law (tax records, legal requests)

We do not sell, trade, or rent your personal information. We share data only with the following categories of service providers who process it on our behalf:

• Stripe (payment processing, San Francisco, USA): Handles all payment transactions. Subject to Stripe's privacy policy.
• Google Analytics (analytics, USA): Collects anonymized usage data to help us understand how visitors interact with our site. IP anonymization is enabled.
• Hetzner (hosting, Nuremberg, Germany): Our servers are hosted in the EU. Hetzner is GDPR-compliant.
• Affonso (affiliate tracking): Tracks referral attributions for our affiliate program using first-party cookies.

We may also disclose information when required by law, court order, or governmental authority, or when necessary to protect our rights, safety, or property.

We use the following types of cookies:

• Strictly Necessary: Authentication cookies to keep you logged in and CSRF protection tokens. These cannot be disabled.
• Analytics: Google Analytics cookies to measure site usage (pageviews, session duration, traffic sources). These use anonymized IP addresses.
• Affiliate Tracking: First-party cookies from Affonso to attribute referral conversions to affiliate partners. Default duration: 60 days.
• UTM Tracking: We store UTM parameters from your first visit in a session cookie to attribute marketing campaigns.

You can control cookies through your browser settings. Disabling non-essential cookies will not affect core functionality but may limit analytics accuracy.

We implement industry-standard security measures to protect your personal information:

• All data transmitted between your browser and our servers uses HTTPS/TLS encryption
• Passwords are hashed using bcrypt with per-user salts (never stored in plaintext)
• Database access is restricted to authenticated application connections only
• Server access is limited to SSH key authentication through a private Tailscale network
• Automated backups run every 6 hours to encrypted offsite storage

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until you delete your account or request deletion
• Payment records: Retained for 7 years as required by tax and accounting regulations
• Analytics data: Retained for 14 months in Google Analytics (standard retention period)
• Server logs: Retained for 90 days, then automatically purged

After account deletion, we remove your personal data within 30 days, except where retention is required by law.

All users have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data ("right to be forgotten")
• Export your data in a portable format
• Withdraw consent for marketing communications at any time

Additional rights under GDPR (EEA/UK residents):

• Right to restrict processing of your data
• Right to object to processing based on legitimate interest
• Right to data portability between services
• Right to lodge a complaint with your local data protection authority

Additional rights under CCPA (California residents):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us and by extension our service providers
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, contact us at support@proventools.net. We will respond within 30 days (or sooner where required by law).

Our primary servers are located in Nuremberg, Germany (EU). Some of our service providers (Stripe, Google) process data in the United States under Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission. By using our service, you acknowledge that your data may be transferred to and processed in these locations.

ProvenTools is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. For significant changes, we may also send a notification to your registered email address. Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: support@proventools.net
• Company: Elysium Technology FZ-LLC
• Jurisdiction: RAKEZ, United Arab Emirates