Prove7
Legal · Prove7

Privacy Policy

Effective date: June 13, 2026  ·  Last updated: June 13, 2026  ·  Version: 1.0

This Privacy Policy explains how Prove7, Inc. ("Prove7," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit our websites, engage with our sales and marketing, attend our events, or use our products and services (collectively, the "Services").

Controller vs. processor. This Policy describes how Prove7 handles personal information for which we are the controller — primarily website visitors, prospects, event attendees, and the administrative users of our customers. When our enterprise customers use the Services to process data within their own environments and agent workflows ("Customer Data"), Prove7 acts as a processor / service provider on the customer's behalf and under their instructions. Our handling of Customer Data is governed by the agreement and Data Processing Addendum ("DPA") with that customer, not by this Policy. If you are an individual whose data appears in Customer Data, please direct privacy requests to the relevant customer (the controller).

On this page

  1. Information we collect
  2. Where we collect it from
  3. How we use information
  4. Legal bases (GDPR/UK)
  5. How we share information
  6. Cookies & analytics
  7. International data transfers
  8. Security
  9. Data retention
  10. Your privacy rights
  11. Children
  12. Changes & contact

1Information we collect

The categories of personal information we collect depend on how you interact with us:

Business & contact informationName, job title, employer, business email, business phone, and similar details you provide when you request a demo, contact us, sign up for an account, attend an event, or download materials.
Account & authentication dataUsernames, role/permission assignments, and authentication credentials or single-sign-on identifiers for administrative users of the Services.
Technical & usage dataIP address, device and browser information, pages viewed, referring URLs, approximate location derived from IP, and product telemetry about how authorized users navigate the Services.
CommunicationsThe content of messages, support tickets, and survey or feedback responses you send us.
Marketing & event dataPreferences, interactions with our emails and campaigns, and information you share at events or webinars.
Cookies & similar dataIdentifiers and analytics data collected through cookies and similar technologies — see Section 6.

We do not seek to collect special categories of data (e.g., health, biometric, or precise geolocation) through our marketing and website activities, and we ask that you not submit such data to us in those contexts. Information contained within Customer Data processed through the Services is handled under the applicable customer agreement and DPA, not this Policy.

2Where we collect it from

3How we use information

We use personal information to:

We may create aggregated or de-identified data that does not identify you and use it for any lawful business purpose.

4Legal bases (GDPR / UK GDPR)

Where the EU or UK GDPR applies, we rely on one or more of the following legal bases: (a) consent (e.g., certain marketing and non-essential cookies); (b) contract (to provide a Service or take pre-contract steps you request); (c) legitimate interests (e.g., to run, secure, and promote our business, balanced against your rights); and (d) legal obligation (e.g., recordkeeping and tax). Where we rely on consent, you may withdraw it at any time without affecting prior processing.

5How we share information

We do not sell personal information for money. We share personal information with:

Some of our use of advertising and analytics cookies may be considered "sharing" for cross-context behavioral advertising under certain U.S. state laws. You can exercise choices as described in Sections 6 and 10.

6Cookies & analytics

We and our providers use cookies, local storage, and similar technologies to operate our websites, remember preferences, measure traffic, and (where permitted) support marketing. Essential cookies are necessary for the site to function; other cookies are used only with your consent where required. You can manage cookies through our cookie controls (where available) and your browser settings, and you can use opt-out preference signals such as Global Privacy Control (GPC) where supported.

7International data transfers

Prove7 is headquartered in the United States and may process personal information in the U.S. and other countries where we or our providers operate. Where we transfer personal information across borders, we use appropriate safeguards required by applicable law — such as the European Commission's Standard Contractual Clauses (and the UK Addendum) — and/or rely on a recognized transfer framework. You may request more information about these safeguards using the contact details below.

8Security

We maintain administrative, technical, and organizational measures designed to protect personal information against unauthorized access, use, alteration, disclosure, or destruction, appropriate to the risk. No method of transmission or storage is perfectly secure, and you are responsible for safeguarding your account credentials. Information about our security program and certifications may be available through our Trust Center.

9Data retention

We retain personal information for as long as needed to fulfill the purposes described in this Policy, and for a reasonable period afterward to comply with legal, audit, tax, and contractual obligations or to resolve disputes. Retention periods vary by data type and context. We may retain aggregated or de-identified data indefinitely.

10Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information; to object to or restrict certain processing; to opt out of targeted advertising, the "sale" or "sharing" of personal information, and certain profiling; and to withdraw consent. We will not discriminate against you for exercising these rights.

To exercise a right, email privacy@prove7.ai with your request and the email address we should use to verify and respond. We may need to verify your identity before acting. You may use an authorized agent where permitted by law. If you are unsatisfied with our response, you may have the right to complain to your local data protection authority.

If your information appears in Customer Data, the relevant Prove7 customer is the controller — please direct your request to that customer, and we will assist them as their processor.

11Children

Our Services and websites are intended for businesses and are not directed to children. We do not knowingly collect personal information from individuals under 16. If you believe a child has provided us personal information, please contact us so we can delete it.

12Changes & contact

We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice where appropriate. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

Contact us. Prove7, Inc. — Attn: Privacy
Privacy requests & questions: privacy@prove7.ai
General legal: legal@prove7.ai

See also our Acceptable Use Policy and Terms of Service.