Privacy Policy

1. Who We Are

This privacy policy covers both the Prov iOS app and the website at www.getprov.app.

The data controller responsible for processing your personal data is:

Abhishek Gawde
Berlin, Germany
E-Mail: abhishekgawde@proton.me

For our full legal notice, see the Impressum.

2. Overview

Prov is a local-first career achievement log for iOS. There are no user accounts, no email collection, and no sign-up process. Your wins are stored on your device. This policy explains what data is collected across the app and this website, the legal basis for each, and your rights under the GDPR.

3. Data Processed — iOS App

Win Text (AI Enrichment)

When you save a win and AI enrichment is enabled, the text you typed or dictated is sent over a TLS-encrypted connection to a Cloudflare Worker proxy, which forwards it to the Google Gemini API. The proxy does not persist your text after the request completes. The result — a polished achievement statement, extracted skills, and a pattern classification — is stored on your device only.

• Legal basis: Art. 6(1)(a) GDPR — your explicit consent, given in the in-app consent sheet before the first AI call. You can revoke consent at any time from Settings → Privacy.
• Retention: Not stored server-side. Stored on device until you delete the win or uninstall the app.

Voice Audio

If you use voice input, audio is processed entirely on your device using Apple's Speech framework. No audio leaves the device and nothing is stored after transcription.

• Legal basis: Not applicable — processed locally, no personal data leaves the device.

Device Identifier

A random UUID is generated on first launch and stored in the iOS Keychain. It is sent to the proxy server with each AI request for authentication and rate limiting. It is not linked to your Apple ID, name, email, or any other personal data.

• Legal basis: Art. 6(1)(f) GDPR — legitimate interest in preventing API abuse and enforcing fair-use limits.
• Retention: Stored in the Keychain until you uninstall the app. Not stored server-side beyond the duration of the request.

Subscription Status

In-app purchases are handled by Apple and subscription status is managed by RevenueCat. RevenueCat receives the same anonymous device UUID as an app user identifier. Prov does not receive your name, email, or payment details.

• Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of the subscription contract.
• Retention: Managed by RevenueCat per their privacy policy.

Support Correspondence

If you email us for support — the in-app Settings → Support → Contact support button opens a prefilled email — we receive your message, your email address (as provided by your email client), and optionally the anonymous Support ID, app version, iOS version, and device model diagnostics block you choose to include. We use this information only to resolve your issue and keep correspondence for a reasonable period while your request is open.

• Legal basis: Art. 6(1)(b) GDPR — performance of a contract (providing the service), or Art. 6(1)(f) GDPR — legitimate interest in assisting users with the app.
• Retention: Retained in the support inbox while the request is open, and for a reasonable period after resolution (up to 12 months) for follow-up. Deletable on request.

4. Data Processed — This Website

Vercel Web Analytics

This website uses Vercel Web Analytics, a privacy-friendly analytics tool. It collects aggregate page view counts, referrer URLs, browser and device type, and approximate country (derived from your IP address at request time). No cookies are set. No persistent identifiers are created. Your IP address is not stored. No data is shared with advertising networks.

• Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding aggregate website traffic to improve content. Because no cookies are used and no persistent identifiers are created, consent under TTDSG § 25 is not required.
• Retention: Aggregate statistics only; no individual-level data retained.
• Processor: Vercel Inc., 340 S Lemon Ave #4133, Walnut CA 91789, USA. Transfer mechanism: Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR.

5. Third-Party Services and International Transfers

The following third parties may receive personal data. All transfers to the United States are covered by Standard Contractual Clauses (SCCs) adopted by the European Commission under Art. 46(2)(c) GDPR.

Service	Purpose	Location	Transfer basis
Google Gemini API (via Cloudflare Worker)	AI enrichment of win text	USA	SCCs + Google API DPA
Cloudflare Workers	Proxy for AI requests, rate limiting	EU/USA (edge)	SCCs + Cloudflare DPA
RevenueCat	Subscription management	USA	SCCs + RevenueCat DPA
Vercel Web Analytics	Aggregate website statistics	USA	SCCs + Vercel DPA

6. Data We Do Not Collect

• Email addresses or names
• Location data (GPS or precise location)
• Advertising identifiers (IDFA)
• Cross-app tracking data
• Contacts, photos, calendar, or other device data
• Cookies of any kind

7. Data Security

All communication with our proxy server uses TLS 1.3 encryption with certificate pinning. Your device identifier is stored in the iOS Keychain, which is encrypted by the operating system. API requests are authenticated using HMAC-SHA256 tokens. Your wins, weekly updates, and briefs are stored locally on your device using iOS's built-in data protection. Win text is not end-to-end encrypted — it is visible at the proxy server in plaintext during forwarding to the AI service.

8. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights. To exercise any of them, contact abhishekgawde@proton.me.

• Access (Art. 15): You can request a copy of the personal data we hold about you. Most of your data is already directly accessible to you in the app. You can export it as JSON from Settings at any time. If you need to reference your anonymous identifier when contacting us, you can find it in Settings → Support as "Support ID."
• Rectification (Art. 16): You can correct inaccurate data directly within the app.
• Erasure (Art. 17): You can delete individual wins or all data from within the app. Uninstalling removes all locally stored data including the Keychain identifier. We do not maintain server-side records linked to you.
• Restriction (Art. 18): You can request that we restrict processing of your data in certain circumstances.
• Portability (Art. 20): You can export your data as a JSON file from Settings at any time.
• Objection (Art. 21): You have the right to object to processing based on legitimate interest (Art. 6(1)(f)), including the device UUID and website analytics. To opt out of website analytics, use a browser content blocker.
• Withdrawal of consent (Art. 7(3)): You can revoke AI consent at any time from Settings → Privacy. Withdrawal does not affect the lawfulness of prior processing.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. As this service is operated from Berlin, Germany, the competent authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)
Friedrichstraße 219, 10969 Berlin, Germany
Tel.: +49 30 13889-0
E-Mail: mailbox@datenschutz-berlin.de
www.datenschutz-berlin.de

You may also lodge a complaint with the supervisory authority in your EU member state of habitual residence or place of work.

10. Children's Privacy

Prov is not directed at children under the age of 16. We do not knowingly collect data from children.

11. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.

Categories of personal information Prov handles:

• Identifiers: a random device UUID stored in the iOS Keychain (not linked to your name, email, or Apple ID).
• "Other User Content," treated by us as Sensitive Personal Information under CPRA: your career achievements, skills, weekly updates, and briefs. Because these relate to your employment, we apply the stricter Sensitive Personal Information protections to them.

We do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA. We do not use or disclose Sensitive Personal Information for any purpose other than what is reasonably necessary to provide the service you requested (AI enrichment, subscription verification).

Your California rights:

• Right to know what personal information we process.
• Right to delete personal information (exercised by deleting the app, or by emailing us for anything held in server-side logs).
• Right to correct inaccurate personal information.
• Right to limit the use of Sensitive Personal Information — honored automatically; we only use it for the AI features you explicitly invoke.
• Right to non-discrimination for exercising these rights.

To exercise any of these rights, email abhishekgawde@proton.me. We verify your request using your device user ID and respond within 45 days.

12. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page indicates when the policy was last revised. Continued use of the app or website after changes constitutes acceptance of the updated policy.

13. Contact

Questions about this policy: abhishekgawde@proton.me