how it workspricingindustriessecuritydocs
privacy

Privacy Policy

Last updated: January 15, 2025

1. Introduction

pruv (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the pruv platform, API, SDK, and website (collectively, the “Service”).

2. Information we collect

Account information

When you create an account, we collect your email address, name, and authentication credentials. If you sign up via OAuth (GitHub, Google), we receive your profile information from the provider.

Verification data

When you use the pruv SDK or API, we receive XY records containing hashed state data. By default, pruv transmits only cryptographic hashes of your data, not the raw data itself. If you choose to store full state snapshots, that data is encrypted at rest with AES-256-GCM.

Auto-redaction

pruv automatically redacts detected secrets (API keys, passwords, tokens) before storing chain data. This feature is enabled by default and can be controlled via the PRUV_AUTO_REDACT environment variable.

Usage data

We collect information about how you interact with the Service, including API call frequency, feature usage, and error rates. This data is used to improve the Service and is not sold to third parties.

3. How we use your information

  • Provide, maintain, and improve the Service
  • Store and verify your XY chains and generate receipts
  • Process transactions and send related information
  • Send technical notices, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activity

4. Data retention

Verification records are retained according to your plan: Free (7 days), Pro (90 days), Team (1 year), Enterprise (custom). Account information is retained as long as your account is active. You can delete chains and associated entries at any time through the dashboard or API. Data will be retained for 30 days after account closure.

5. Data security

We protect your data with TLS 1.3 in transit, AES-256-GCM at rest, and SHA-256 hashed API keys. See our Security page for complete details.

6. Third-party services

We do not sell your personal information. We may share information with third-party service providers who assist us in operating the Service, subject to contractual obligations to protect your data. We may disclose information if required by law.

7. Your rights

Depending on your jurisdiction (GDPR, CCPA), you may have the right to access, correct, delete, or port your personal data. You may also have the right to restrict or object to certain processing. To exercise these rights, contact privacy@pruv.dev.

8. Contact

For privacy-related questions, contact privacy@pruv.dev.