Proveria

Legal

Privacy policy

How Proveria handles personal and operational data. The platform’s structural property — no raw files and no document content ever cross the wire — closes most of the questions this kind of policy normally has to answer. We’re specific about what’s left.

Last updated: May 12, 2026

1. Scope

This Privacy Policy applies to the Proveria platform — the desktop app, the web portal, and the Proveria-operated service behind them at proveria.com — and to the marketing website. It covers Proveria-operated accounts, private workspaces, and managed deployments; it does not describe customer-hosted infrastructure.

2. Categories of data we process

  • Attestation metadata — Merkle root hash, protocol version, file and passage counts, timestamp, signer device-key fingerprint, retention policy, access mode.
  • Verification metadata — verifier identity, submitted file and passage hashes only, match or no-match result, proof payload, receipt, timestamp.
  • Account & billing data — admin contact name, work email, organization, payment method, invoice history.
  • Operational telemetry — request logs, error reports, service performance metrics with redaction applied to any protocol payload.

3. What we do not process

We do not receive, store, or transmit raw files, raw document content, or any reconstructable plaintext. The desktop app hashes and processes materials locally; only cryptographic metadata is submitted to the platform. The only thing crossing the network is hashes, metadata, and the receipt payload. This is structural, not policy.

4. Why we process it

  • Operate the Proveria platform.
  • Manage the customer relationship and meet tax/accounting obligations.
  • Detect outages, improve reliability, respond to security incidents.

5. Retention

  • Attestation + verification metadata: per-attestation config (30 days minimum to indefinite, tier-dependent).
  • Account + billing: life of the customer relationship + tax/accounting period (typically seven years).
  • Operational telemetry: 90 days unless an active incident requires longer.

6. Subprocessors and international transfers

Public list on the trust page. Customers notified at least 30 days before a new subprocessor goes live. International transfers covered by SCCs (EU 2021/914), the UK IDTA, or equivalent.

7. Your rights

Access, correction, deletion, portability, objection. Requests are processed manually until the formal data subject rights workflow ships, with response times aligned to GDPR. Please contact us and mark the message as a privacy request.

8. Security

Encryption at rest (AES-256-GCM), encryption in transit (TLS 1.3; connections refused below a TLS 1.2 floor), producer-side device signing with Ed25519, and role-gated staff access. Full posture on the security page.

9. Changes to this policy

Material changes announced by email to customer admin contacts at least 30 days before they take effect.

10. Contact

For privacy or trust matters, please contact us and mark the message accordingly.