Privacy Policy
Last updated: June 22, 2026
This Privacy Policy explains how Proven (“Proven”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use tryproven.app and the related services, dashboards, public collection forms, and embeddable widgets (the “Service”). Read it alongside our Terms of Service.
1. Who we are & how to contact us
Proven is operated by ARK SERVICES, located at Radha Krishna Flat, 10th Floor, Lucknow, Uttar Pradesh 225003, India. This policy and your use of the Service are governed by the laws of India, except where mandatory local law gives you additional rights.
You can reach us about any privacy matter at privacy@tryproven.app.
For India (DPDP Act) residents, our Grievance Officer is Abdul Rahaman (privacy@tryproven.app).
2. Scope & our role
This policy covers personal information processed through the Service. Our legal role depends on the type of data, because the Service involves two relationships:
- Creators — course creators, coaches, and their teams who sign up for a workspace to collect, manage, and embed testimonials.
- End-customers — the individuals who submit testimonials to a Creator through a branded public collection form (for example, a Creator's students or clients).
We act as a data controller for the information whose purposes and means we determine: primarily Creator account data, billing and subscription data, and the usage, device, and log data generated by use of the Service. This policy is the primary notice for that processing.
We act as a data processor (or service provider) for the testimonial content and media that end-customers submit to a Creator — names, written testimonials, ratings, results and before to after metrics, custom-question answers, photos, proof images, and video. For that content the Creator is the controller and decides how it is used; we process it on the Creator's documented instructions to provide the Service.
If you are an end-customer and want to access, correct, or delete a testimonial you submitted, please contact the Creator you submitted it to, since they control that content. We will assist the Creator in responding where required. See Section 11.
3. Information we collect
Account information (we are the controller)
When a Creator creates an account we collect name, email address, and a securely hashed password managed through our authentication provider. If you sign in with Google, we receive basic profile information (such as name and email) via OAuth; we never receive your Google password.
Workspace, billing & subscription information (we are the controller)
We collect workspace settings and your subscription tier and billing status. We do not collect or store your card or payment-card data — payments are processed by Polar, which acts as the Merchant of Record and handles checkout and card data directly. We receive only the subscription and billing status needed to operate your account.
Testimonial content & media (we are the processor; the Creator is the controller)
Through a Creator's branded form, end-customers may submit a name and optional email, a written testimonial and star rating, a result or outcome with an optional before to after metric, answers to custom questions, photos and proof images, video recorded in the browser or uploaded, and consent confirmations captured at submission. Creators decide which fields to request and how this content is used.
Usage, device, log & cookie data (we are the controller)
To run, secure, and improve the Service we automatically collect technical data such as IP address, browser and device type, operating system, pages and features used, timestamps, referring pages, and diagnostic and error data. We also use cookies as described in Section 5.
4. How we use information & lawful bases
We use personal information for the purposes below. Where the EU/UK GDPR or similar laws apply, the relevant lawful basis is noted.
- Provide and operate the Service — manage accounts, host testimonials and media, render embeddable widgets, and deliver core features. Basis: performance of a contract.
- Billing and subscriptions — manage your plan and process payments through our payments provider. Basis: performance of a contract; legal obligation (tax and accounting).
- Service and security communications — send account, security, and notification emails (such as alerting a Creator to a new testimonial). Basis: contract; legitimate interests.
- Security, fraud, and abuse prevention — bot/CAPTCHA protection, rate limiting, and error monitoring. Basis: legitimate interests; legal obligation.
- Service improvement — understand usage to maintain and improve the Service. Basis: legitimate interests; consent where required for non-essential cookies.
- AI-assisted content — for eligible plans, generating draft case studies and social posts from a testimonial on the Creator's instruction. Basis: legitimate interests; the Creator's instructions for testimonial content.
- Legal compliance and enforcement — comply with legal obligations and enforce our terms. Basis: legal obligation; legitimate interests.
Where we rely on consent (for example certain cookies), you may withdraw it at any time without affecting prior processing. Where we rely on legitimate interests, we balance those interests against your rights and freedoms.
5. Cookies & similar technologies
We use essential, session-based cookies to authenticate you, keep you signed in, secure the Service, and remember basic preferences. These cannot be switched off because the Service will not function correctly without them.
Where we later enable analytics or performance measurement, and where the law requires it, we will request your consent before setting non-essential cookies and give you a way to manage your choices. You can also control cookies through your browser, though blocking essential cookies may prevent the Service from working.
6. Subprocessors
We use carefully selected third parties to deliver the Service. Each is bound by contract to protect personal information and process it only as instructed. Our current subprocessors are:
- NeonManaged PostgreSQL database hosting
- PolarPayments and subscription billing (Merchant of Record); processes checkout and card data
- Cloudflare R2File and image storage
- Cloudflare StreamVideo hosting and streaming
- Cloudflare TurnstileBot and abuse protection (CAPTCHA)
- ResendTransactional and notification email delivery
- Anthropic (Claude API)AI generation of case studies and social posts (Pro plans and above)
- SentryError monitoring and diagnostics
- UpstashRedis-based rate limiting and abuse protection
- GoogleOptional OAuth sign-in
- HostingerApplication hosting and infrastructure
We may engage additional or replacement subprocessors as the Service evolves and will update this list when we do. Product analytics (via PostHog) is planned but not currently active; we will update this policy before any such processing begins.
7. How we share information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under California law. We share information only as follows:
- With subprocessors who process data on our behalf for the purposes in Section 6, under appropriate contractual safeguards.
- With Creators — testimonial content submitted by an end-customer is made available to the relevant Creator, who controls it.
- For legal and compliance reasons, when we believe in good faith that disclosure is required by law or to protect the rights, safety, or property of Proven, our users, or the public.
- In a business transfer such as a merger, acquisition, financing, or sale of assets, subject to this policy or a successor policy with equivalent protections.
8. International data transfers
Proven and our subprocessors may process and store personal information in countries other than the one in which you live, including outside the European Economic Area, the United Kingdom, or India, which may have different data-protection laws.
When we transfer personal information across borders, we rely on appropriate safeguards required by applicable law, which may include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, or other lawful transfer mechanisms. You may request more information using the contact details in Section 1.
9. Data retention
We keep personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
- Account, workspace, and billing data is retained for the life of your account and for a reasonable period afterward as required for legal, tax, accounting, and security purposes.
- Testimonial content and media is retained on behalf of the relevant Creator and according to that Creator's instructions and settings.
- Usage, log, and diagnostic data is retained for a limited period for security and troubleshooting, then deleted or anonymized.
When you close your account we will delete or anonymize the personal information we control within a reasonable period, except where retention is required by law. Backups are purged on a rolling schedule.
10. Security
We take reasonable and appropriate technical and organizational measures to protect personal information, including encryption in transit (TLS/HTTPS), access controls and least-privilege access, hashing of account passwords (we never store passwords in plain text), bot and abuse protection, rate limiting, and error monitoring, and the use of reputable infrastructure providers with their own security programs.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal-data breach affecting your information, we will notify you and the relevant authorities where required by law.
11. Your rights
Subject to your location and applicable law, you have rights over your personal information. To exercise them, contact us at privacy@tryproven.app. We will respond within the timeframe required by law and may need to verify your identity first.
Important for end-customers: if your information was submitted to a Creator as part of a testimonial, that Creator is the controller of that content. Please direct requests about that testimonial to the relevant Creator; if you contact us, we will refer you and assist the Creator as required.
Europe (EU/EEA) and the United Kingdom — GDPR
- Access your personal information.
- Rectify inaccurate or incomplete information.
- Erase your information (right to be forgotten).
- Restrict processing in certain circumstances.
- Data portability in a structured, commonly used, machine-readable format.
- Object to processing based on legitimate interests or to direct marketing.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office).
California — CCPA / CPRA
- Know and access the categories and specific pieces of personal information we collect, the sources, the purposes, and the parties we disclose it to.
- Delete personal information we have collected, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information — we do not sell or share your personal information.
- Limit the use and disclosure of sensitive personal information where applicable.
- Non-discrimination for exercising your rights.
India — Digital Personal Data Protection Act, 2023
- Access a summary of your personal data and how it is processed.
- Correction, completion, and updating of your personal data.
- Erasure of your personal data, subject to legal retention requirements.
- Grievance redressal through our Grievance Officer before approaching the Data Protection Board of India.
- Nominate another individual to exercise your rights in the event of death or incapacity.
12. Children
The Service is not directed to children under 16 (or the higher minimum age required by your local law), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us at privacy@tryproven.app and we will take appropriate steps to delete it. Creators are responsible for not collecting testimonials from children in violation of applicable law.
13. Changes to this policy
We may update this policy to reflect changes to the Service, our subprocessors, or legal requirements. When we make material changes we will update the date above and, where required, provide additional notice. Your continued use of the Service after an update takes effect means you accept the revised policy.
14. Contact & how to exercise your rights
To ask a question, exercise a right, or raise a concern, email privacy@tryproven.app or write to ARK SERVICES, Radha Krishna Flat, 10th Floor, Lucknow, Uttar Pradesh 225003, India. India (DPDP) residents may contact our Grievance Officer at Abdul Rahaman (privacy@tryproven.app).
If you are an end-customer with a request about a testimonial you submitted, please contact the Creator you submitted it to. If you are not satisfied with our response, you may have the right to contact your local data-protection or privacy regulator.