← Back to Home

Privacy Policy

Last updated: 30 January 2026

1. Overview

This Privacy Policy explains how ProofGateway collects, uses, and protects personal data.

2. Data We Collect

We collect account information from users, including name and email address. Billing data is processed by third-party payment providers.

When testimonials are submitted, we collect the submitted content, the name provided (if any), optional role or company, and technical metadata such as IP address and timestamp.

3. Legal Basis for Processing (UK GDPR)

We process personal data lawfully. Our legal bases include:

  • Contract: Account creation, login, session management, billing, and delivery of the service you have contracted for.
  • Legitimate interests: Storing and displaying testimonials at your instruction, email notifications, abuse prevention, security logs, and service improvements.
  • Consent: Non-essential analytics (where used and not exempt).

4. How We Use Data

Data is used to operate the service, store and display testimonials as instructed, process payments, prevent abuse, and communicate service updates.

We do not sell personal data. Provision of your data is necessary to perform our contract with you; without it we cannot provide the service.

5. Data Roles

ProofGateway acts as a data controller for user account data and as a data processor for testimonial content.

6. Data Sharing & Processors

Data may be shared with: Supabase (database, EU/US), Stripe (payments, global), Resend (email, US), Cloudflare (CDN, global), and Sentry (error tracking). We share only what is necessary for each purpose.

7. International Transfers

Some processors are outside the UK. We use UK adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms as required by UK law.

8. Data Retention

Account data: retained while your account is active, plus up to 30 days after deletion. Testimonial data: until you delete it or close your workspace. Logs: typically up to 90 days.

9. Security

We use reasonable safeguards to protect personal data.

10. Your Rights (UK GDPR)

You have the right to:

  • Access your data (we will respond within one month)
  • Rectification of inaccurate data
  • Erasure (deletion) where applicable
  • Restriction of processing in certain cases
  • Data portability (export in a machine-readable format)
  • Object to processing based on legitimate interests
  • Withdraw consent where processing was based on consent
  • Lodge a complaint with the ICO: ico.org.uk

To exercise these rights, contact support@proofgateway.com. We will respond within one month.

11. Cookies

We use essential cookies for authentication and security only.

12. Children

ProofGateway is not intended for children under 16.

13. Changes

We may update this policy periodically.

14. Contact

For privacy-related questions, please contact us at support@proofgateway.com