Privacy policy

Effective Date: 19 June 2026

Welcome to Proov. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This policy explains what data we collect, why we collect it, and your rights regarding your information.

1. Data We Collect

When you register and use Proov, we collect:

  • Account Data: Name, email address, password.
  • Profile Data: University, program, field of study, interests, bio, location, languages, GitHub/LinkedIn URLs, portfolio links, and uploaded resumes.
  • Usage Data: Pages visited, interactions, duration, referring URLs, IP addresses, and user agent strings.
  • Submission Data: Files and code you submit as part of your project evaluations.

2. How We Use Your Data

We process your personal data under the following legal bases:

  • Contractual Necessity: To provide our services, manage your account, and evaluate your project submissions.
  • Legitimate Interest: To secure the platform (e.g., using Cloudflare Turnstile), prevent fraud, and analyze system performance.
  • Consent: To track detailed behavioral analytics, which we only perform if you explicitly accept our cookies.

3. Data Storage and Sub-Processors

Your data is hosted within the European Union, in Microsoft Azure’s North Europe region. We use the following service providers (sub-processors) to run Proov:

  • Microsoft Azure: Our core cloud infrastructure, database, file storage, and system email.
  • Azure AI Services: Used to evaluate criteria-based project submissions. We disable data logging on these services, so your submissions are never used to train AI models.
  • Cloudflare: Website security, performance routing, and bot protection.

4. Sharing with Sponsoring Companies

Proov projects are set by sponsoring companies. When you take part in a company’s project and rank among the strongest candidates, your shortlisted profile is shared with that company so they can assess your work and consider you for hiring. What we share is limited to your name, your profile details, your verified score, and your scorecard.

Integrity checks we run during evaluation (for example, flags for possible plagiarism or AI-generated work) are used internally only. They are never shared with sponsoring companies. We do not sell your personal data to anyone.

5. Data Retention

We keep your personal data only for as long as needed for the purposes in this policy. When you delete your account from your settings, we erase your personal data and the files you uploaded with your submissions. To keep certificates you have already earned verifiable, the underlying evaluation and certificate records are kept in pseudonymized form: they no longer identify you, but the verified result stands. We aim to remove your data from active systems and backups within 30 days.

6. Your GDPR Rights

Under the GDPR, you have the right to:

  • Right to Access & Portability: Export a copy of your personal data as a machine-readable JSON file at any time from Settings → Your data.
  • Right to Rectification: Edit your profile information from your dashboard.
  • Right to Erasure: Delete your account and your personal data from Settings → Danger zone. This erases your profile data and uploaded files; records needed to keep issued certificates verifiable are retained in pseudonymized form (the "Right to be Forgotten").

For questions, data access requests, or privacy concerns, please email us at [email protected].