Privacy Policy

Last updated: May 16, 2026

1. What Data We Collect

When you use Proveo, we collect the following information:

  • Account information: email address, name, phone number, business name, and preferred language (en/es/fr) provided during signup.
  • Photos: before and after images you upload to create comparisons.
  • Photo metadata: when available, the EXIF data embedded in photos (timestamp, device model, camera settings), an approximate GPS coordinate from the capture device, and a SHA-256 content hash computed server-side. This metadata is what powers the Verified Authentic badge — see §14.
  • Geolocation: when you grant browser permission, approximate latitude/longitude for a new comparison (non-blocking, 5-second timeout — declined or timed-out requests proceed without coordinates). You may also optionally save a service-area coordinate on your profile.
  • Location text: optional location descriptions you add to comparisons.
  • Payment information: billing details processed securely by Stripe. We do not store your credit card number. Business-tier users who onboard to Stripe Connect provide bank/payout details directly to Stripe — see §15.
  • Quote, agreement, and invoice data: line items, prices, customer contact info, acknowledgment timestamps, and Stripe payment references.
  • Workspace and team data: if you invite collaborators, we store their email, assigned role (owner / editor / viewer), invite status, and attribution records linking actions to the member who performed them.
  • Usage and product-analytics data: comparison view counts, feature events (signup, comparison, share, upgrade), NPS/feedback submissions, referral codes, and review-request delivery status.
  • Account activity: login events (timestamp, IP address, user-agent), push-notification subscriptions (VAPID endpoint), and consent/version records for Terms and Privacy acceptance.
  • Lead data: name, phone, email, and messages submitted by visitors through your portfolio, comparison pages, or embeddable widget.

2. How We Use Your Data

  • To provide and operate the Proveo platform, including generating comparison images, quotes, agreements, invoices, and payments.
  • To power AI features such as auto-detection of before/after photos, photo enhancement, caption generation, and voice transcription — generated in your preferred language.
  • To send transactional emails including lead notifications, review requests, agreement and invoice links, and account-related communications.
  • To display your comparisons on your public portfolio page or embeddable widget (if enabled by you).
  • To process subscription payments and, on the Business tier, to route payouts from your customers to your bank account via Stripe Connect.
  • To track product analytics such as comparison views, lead conversions, and feature usage, and to compute payback / retention metrics at the aggregate level.
  • To maintain audit trails required for multi-seat workspaces, security investigations, and dispute resolution.

3. Product Analytics

Proveo tracks product usage events — such as comparisons created, features used, and signups — to understand how the platform is used. We do not track the content of your photos, messages, or personal communications. Analytics data is not shared with third-party advertising services.

4. Lead Data Sharing

When a consumer submits a quote request through a portfolio page, comparison page, or embeddable widget, their name, phone number, email, and message are shared with the contractor they contacted. This data is stored in Proveo's database and visible to the contractor through their dashboard. Contractors are responsible for how they use and protect this information in accordance with applicable laws.

5. Third-Party Services

We share data with the following third-party services as necessary to operate Proveo:

  • Supabase: database hosting, user authentication, and file storage.
  • Stripe (Payments): subscription billing. Stripe receives your billing information and is PCI DSS compliant.
  • Stripe Connect (Business tier): payout infrastructure for invoices paid to you. Contractors who enable payments complete Stripe's own onboarding (identity, bank account, tax info) directly with Stripe under Stripe's Connected Account Agreement.
  • Cloudinary: image processing, composite generation, and CDN delivery of composites.
  • OpenAI: before/after detection, photo enhancement hints, caption generation, and voice transcription (Whisper).
  • Anthropic: Claude API used for select agreement-drafting and assistant features where enabled.
  • Resend: transactional email delivery for lead notifications, quote/agreement links, and review requests.
  • Vercel: application hosting and edge network delivery.
  • Web Push (browser push services): delivery of opt-in push notifications via VAPID keys. We never share your email or phone with push providers.
  • Sentry: error monitoring and performance tracking (non-personal diagnostic data only).

6. Third-Party Processing

Lead notification emails are sent via Resend. Push notifications are delivered via web push when you opt in. Payment processing and payouts are handled by Stripe and Stripe Connect. Your photos are processed by Cloudinary to generate comparison images. AI features are powered by OpenAI and Anthropic. Anonymous traffic analytics are collected by Vercel Analytics, and ad-conversion events are sent to Google Ads.

7. Photo Data

Photos you upload are stored in cloud storage (Supabase Storage) and are used to generate comparison images via Cloudinary. If you enable your public portfolio, your comparisons will be publicly accessible at your portfolio URL and via any embed widget you publish. You can delete individual comparisons or your entire account at any time.

8. Email & Notification Preferences

Proveo sends product notifications (lead alerts, review requests, quote/agreement/invoice updates) and marketing emails. Both can be managed in your Settings or via unsubscribe links. Push notifications require opt-in on each device and can be revoked in your browser or from Settings. Billing and legal notices are always sent and cannot be opted out of.

9. Cookies

Proveo uses essential cookies only: Supabase session cookies and the `proveo-locale` preference cookie. We do not use third-party tracking or advertising cookies.

10. Data Retention

Your data is stored as long as your account is active. Deleted comparisons and accounts are permanently removed. Backups may retain data for up to 30 days. Financial records required by law (invoices, Stripe transactions) are retained for the minimum period required by applicable tax and accounting rules.

11. Data Export & Account Deletion

You can download all your data from the Settings page. You can delete your account and all associated data at any time. Deletion is immediate and irreversible. Workspace owners who delete their account also delete the data of the workspaces they own; invited members retain their own personal accounts.

12. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

  • Right to access: request a copy of your personal data.
  • Right to rectification: correct inaccurate data via Settings or contact us.
  • Right to erasure: delete your account and all data from Settings.
  • Right to data portability: export your data in JSON format.
  • Right to object: object to processing of your data for specific purposes.

To exercise these rights, contact us at hello@proveohq.com.

13. Security

We use industry-standard security: TLS/SSL encryption, Supabase Auth, Postgres Row Level Security on every tenant table, rate limiting on authentication and AI routes, and PCI-compliant payments via Stripe. No method of transmission is 100% secure.

Analytics, Advertising and Tracking

We use a narrow set of analytics and advertising tools to understand how Proveo is used and to measure the effectiveness of our marketing. Specifically:

  • Vercel Analytics: anonymous pageview counts, top pages, referrer category, country, browser and device family. No cookies are set and no cross-site identifiers are used. Page paths that contain identifiers (such as /p/[slug]) are recorded as the slug only.
  • Vercel Speed Insights (if enabled): aggregate Core Web Vitals (LCP, INP, CLS) sampled from real users. No personal data is collected.
  • Our own product-analytics events: when you take key actions in the app (sign up, create a comparison, upgrade, share), we record the event name, timestamp and your account id in our database. This data never leaves Proveo and is used only for funnel diagnostics and aggregate dashboards.
  • Google Ads (gtag.js): we run a conversion tag for our advertising campaigns. Google Consent Mode v2 is configured to default-deny ad_storage, analytics_storage, ad_user_data and ad_personalization on first load. The tag will not set tracking cookies or share identifiers with Google until you click "Accept" on our cookie banner. If you click "Reject" or never interact with the banner, Consent Mode sends a single anonymous, cookieless conversion ping ("conversion modelling") rather than tracking you. We do not enable Google Signals or cross-device tracking, and we do not share your email, phone or photos with Google.
  • Sentry: stack traces and error context for diagnosing crashes. Personal data is scrubbed before transmission.

Honoring Global Privacy Control (GPC) and Universal Opt-Out

If your browser sends the Global Privacy Control signal, or if you are subject to a state privacy law that recognises a universal opt-out mechanism (California, Colorado, Connecticut, Texas, Oregon and others), we treat that signal as a valid opt-out of any sale or sharing of personal information for cross-context behavioural advertising. We do not sell personal information. To opt out of Google Ads conversion measurement specifically, you can install the Google Analytics Opt-out Browser Add-on, use your browser's tracking-protection setting, or contact us at hello@proveohq.com.

If your browser sent a GPC signal to this page, we have received and applied it. Because Proveo does not sell personal information or use it for cross-context behavioural advertising beyond conversion measurement, no further action is required on our part — but we record the signal so that we honour it for any future processing.

AI Transparency

Proveo uses artificial-intelligence features that operate on content you submit. In line with Article 50 of the EU AI Act (Regulation (EU) 2024/1689), applicable from 2 August 2026, we disclose the following:

  • You are interacting with AI systems when you use auto-detect, photo enhancement, caption generation, or voice transcription features. AI suggestions are not decisions — you can always edit, reject, or remove them before publication.
  • The composite images we generate are AI-modified outputs. We label composites internally and, where the technology is available, embed a machine-readable marker (such as C2PA Content Credentials or a watermark) identifying the image as AI-modified.
  • If a composite or AI-enhanced photo could be mistaken for an authentic, unmodified photograph of work performed, you (the publisher) are required to disclose to your audience that the image is AI-assisted. We provide UI tools to add this disclosure.
  • We do not use your photos, voice clips, prompts, or other content to train AI models. Our AI vendors (OpenAI, Anthropic, Cloudinary) process API inputs under terms that prohibit training on customer data.
  • Staff who deploy AI features inside Proveo receive AI-literacy training, as required by Article 4 of the EU AI Act (in force from 2 February 2025).

Sensitive Personal Information

Under California's CPRA (Cal. Civ. Code §1798.140(ae)) and similar laws in Colorado, Connecticut, Virginia, and other US states, certain categories of data are treated as sensitive — including precise geolocation, biometric identifiers, health, race, religion, sex life, government ID numbers, login credentials, and the contents of private communications. We do not intentionally collect sensitive personal information. Specifically: we collect approximate (city-level) geolocation only — never precise GPS for marketing — and we do not generate, store, or attempt to match face templates or other biometric identifiers from your photos. We do not use sensitive information for any purpose other than what you instruct us to do, and we will not sell or share it.

Data Retention Schedule

We retain personal data only as long as needed for the purposes set out in this policy or as required by law. Indicative retention periods:

  • Account profile and business data: until you delete the account, plus 30 days.
  • Photos, comparisons, and composites: until you delete them or your account is deleted, plus 30 days.
  • Lead form submissions and quote requests: 3 years from receipt (matches the typical statute of limitations for service-business claims), or until you delete them.
  • Login events and audit logs: 12 months.
  • Payment, invoicing, and Stripe Connect records: 7 years (tax and anti-fraud requirement).
  • Analytics events (anonymous): up to 25 months in aggregate form.
  • Database backups: rolling 35-day window, after which deleted data is unrecoverable.

Non-Consensual Intimate Imagery (NCII)

Under the US Take It Down Act (Pub. L. 119-12, signed May 19, 2025; compliance deadline May 19, 2026), we provide a notice-and-takedown mechanism for non-consensual intimate imagery, including AI-generated deepfakes. Valid notices submitted to ncii@proveohq.com are processed and the content removed within 48 hours. See also our Acceptable Use Policy.

14. Photo Metadata & Verified Authentic

The Verified Authentic badge shown on a comparison attests that three capture signals were present and consistent at the time you uploaded the photos. To compute it, we process and store:

  • EXIF metadata extracted from each photo (capture timestamp, device model, camera orientation, and similar fields the device embedded).
  • An approximate GPS coordinate captured via your browser's geolocation API at the moment of capture, when you grant permission (accuracy depends on your device).
  • A SHA-256 cryptographic hash of each photo's bytes, computed server-side so later edits or swaps can be detected.
  • A derived proof-state record that indicates whether the signals aligned. We do not publish raw EXIF or precise GPS — public portfolio pages show only the presence of the Verified Authentic badge, not the underlying coordinates.

15. Stripe Connect & Payouts (Business tier)

Business-tier users who enable payments onboard to Stripe Connect. Stripe — not Proveo — collects and stores the data required for that onboarding, including:

  • Identity information (legal name, date of birth, address) required by Stripe's KYC program.
  • Bank account details used to receive payouts from your customers' invoice payments.
  • Tax identification (SSN, EIN, or equivalent) where required by Stripe's Connected Account Agreement.
  • Proveo receives from Stripe only the connected-account identifier, account status, payout summary data, and invoice payment records — we do not receive your bank number or full tax ID.
  • Payouts are scheduled and sent by Stripe directly to your bank account on Stripe's payout schedule. Proveo takes 0% of your revenue; Stripe's own processing fees apply.

16. Teams & Workspace Access

If you invite collaborators to your workspace, we store the data required to manage multi-seat access:

  • The invitee's email and the role you assign (owner, editor, or viewer).
  • The invite's status (pending / accepted / revoked) and any join-link timestamps.
  • A member attribution record on every write (comparisons, quotes, agreements, invoices) so the workspace owner can see which member performed each action.
  • Workspace-level Row Level Security enforces that members only see data belonging to workspaces they have been invited to. Revoking a member's access immediately revokes their ability to read or write workspace data.

17. Security Events & Audit Logs

We keep a limited audit log of security-relevant events — account sign-ins (timestamp, approximate IP, user-agent), Stripe webhook deliveries, and sensitive workspace mutations — to detect abuse, investigate disputes, and meet obligations to Stripe and Supabase. Audit records are retained for a rolling 12-month window unless required to be held longer for a legal, financial, or security reason, and are accessible to you for your own account from the Settings → Account Activity page.

18. Changes to This Policy

We may update this policy from time to time. Continued use of Proveo after changes constitutes acceptance. Material changes (new categories of data, new third-party processors) will be announced in-product before they take effect.

19. Contact Us

If you have questions about this privacy policy, contact us at hello@proveohq.com.