Data Protection Policy

Effective Date: January 10, 2025Last Updated: January 10, 2025

Effective Date: January 10, 2025 Last Updated: January 10, 2025

This Data Protection Policy outlines how ProofFabric, operated by Latent Ventures LLC, protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data Controller Information

Latent Ventures LLC is the data controller responsible for your personal data collected through ProofFabric.

Contact: support@prooffabric.com

2. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract Performance: To provide our Service, create accounts, and fulfill subscriptions
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For optional data processing such as marketing communications
  • Legal Obligation: To comply with applicable laws and regulations

3. Data Subject Rights

3.1 GDPR Rights (EEA/UK Residents)

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time for consent-based processing
  • Lodge a Complaint: File a complaint with your local data protection authority

3.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know: What personal information we collect and how it is used
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, contact us at support@prooffabric.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

4. Categories of Personal Data

We collect and process the following categories of personal data:

  • Identifiers: Name, email, username, IP address
  • Account Information: Profile data, avatar, social links
  • Professional Information: Role, building experience, technical skills
  • Financial Information: Stripe account connection (revenue ranges only)
  • Internet Activity: Usage data, browser information, cookies
  • Third-Party Account Data: GitHub repositories, Google auth tokens

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only with:

  • Service providers necessary to operate our Service
  • Third-party integrations you explicitly authorize (GitHub, Stripe)
  • Legal authorities when required by law

See our Privacy Policy for a complete list of service providers.

6. International Data Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction, including the United States. For transfers from the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules where available

You can request a copy of the safeguards in place by contacting us.

7. Data Retention

We retain personal data as follows:

Data TypeRetention Period
Account DataDuration of account + 30 days after deletion
Assessment DataUp to 2 years (anonymized after 90 days)
Transaction Records7 years for legal and tax compliance
Logs and Analytics90 days for operational data

Upon request, we will delete your data unless retention is required by law.

8. Security Measures

We implement comprehensive security measures to protect personal data:

8.1 Technical Measures

  • Encryption of data at rest and in transit (TLS 1.2+)
  • OAuth token encryption using Supabase Vault
  • Rate limiting on API endpoints
  • Input validation and sanitization
  • Row-Level Security (RLS) database policies
  • Regular security dependency updates

8.2 Organizational Measures

  • Principle of least privilege for data access
  • Employee confidentiality agreements
  • Regular security awareness training
  • Documented incident response procedures

9. Data Breach Response

In the event of a personal data breach:

  • We will assess the breach within 24 hours of discovery
  • We will notify the relevant supervisory authority within 72 hours where required (GDPR)
  • We will notify affected individuals without undue delay if the breach is likely to result in high risk to their rights
  • We will document all breaches, including facts, effects, and remedial actions

To report a security concern, contact us immediately at support@prooffabric.com.

10. Third-Party Processors

We use the following categories of third-party data processors:

CategoryProcessors
Cloud InfrastructureSupabase (database, auth, storage), Vercel (hosting)
Payment ProcessingStripe
AI ServicesAnthropic (Claude API for report generation)
AnalyticsPostHog
Screenshot ServicesBrowserless

Each processor is contractually bound to protect personal data and process it only as instructed.

11. Automated Decision-Making

Our Service uses automated processing in the following ways:

  • Assessment Scoring: Automated scoring based on your responses to determine your "path" (Builder, Scaffolder, Foundation)
  • AI Report Generation: Claude API generates personalized reports based on assessment results

You have the right to request human review of automated decisions that significantly affect you.

12. Updates to This Policy

We may update this Data Protection Policy periodically. Material changes will be communicated through our website or email notification. The "Last Updated" date reflects the most recent version.

13. Contact and Complaints

For questions, requests, or complaints regarding data protection:

Data Controller: Latent Ventures LLC Email: support@prooffabric.com Website: prooffabric.com

If you are in the EEA/UK and are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

If you are in California and wish to designate an authorized agent, please provide written authorization and contact us for verification procedures.