Privacy Policy

Last updated: 28 December 2025

1. Introduction

ProvenAI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our certification service.

By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

When you apply for certification or contact us, we collect:

  • Company information (name, website, type, size, location)
  • Contact information (name, email, phone, role)
  • Technical details (AI services, technologies, team size)
  • Portfolio links and case studies
  • LinkedIn profiles of team members
  • Client testimonials and references
  • Additional information you choose to provide

2.2 Automatically Collected Information

We may automatically collect certain information about your device, including IP address, browser type, and usage patterns when you visit our website.

3. How We Use Your Information

We use the information we collect to:

  • Process and evaluate certification applications
  • Verify technical capabilities and business legitimacy
  • Communicate with you about your application and certification status
  • Maintain our directory of certified companies
  • Send you updates about our services (with your consent)
  • Improve our website and services
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Contractual necessity: To fulfill our certification service agreement
  • Legitimate interests: To verify companies and maintain certification standards
  • Consent: For marketing communications (you can withdraw at any time)
  • Legal obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service providers: Third-party services that help us operate (e.g., email services like Resend)
  • Public directory: If certified, your company name and basic information may appear in our public directory
  • Legal requirements: When required by law or to protect our rights

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our certification services
  • Maintain certification records (for active certifications)
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

If you withdraw your application or your certification expires, we may retain certain information for up to 7 years for legal and business record-keeping purposes.

7. Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent for marketing communications

To exercise these rights, please contact us at contact@provenai.org.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS)
  • Secure storage and access controls
  • Regular security assessments
  • Limited access to personal data on a need-to-know basis

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data in accordance with GDPR requirements.

10. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: contact@provenai.org