SecProve

Privacy Policy

Effective date: March 22, 2026 · Last updated: April 14, 2026

1. Introduction

SecProve ("we," "us," or "our") operates the SecProve platform at secprove.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. By using SecProve, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, username, display name, and role when you create an account.
  • Profile information: avatar image, bio, and social media links (LinkedIn, Twitter/X, Reddit) that you optionally add.
  • Payment information: billing details processed by Stripe. We do not store credit card numbers on our servers.
  • Feedback and reports: content you submit through error reports, feedback forms, or support requests.

2.2 Information Collected Automatically

  • Usage data: quiz responses, scores, streaks, session information, and feature interactions.
  • Device information: browser type, operating system, and device identifiers.
  • Analytics data: page views, feature usage, and performance metrics collected via PostHog.
  • Log data: IP addresses, access times, and referring URLs.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the SecProve platform.
  • Process your account registration and manage your subscription.
  • Generate leaderboards, knowledge maps, and performance analytics.
  • Display your public profile (username, display name, avatar, bio, social links, scores, and badges) to other users, unless you set your profile to private.
  • Send transactional communications (account verification, password resets, subscription confirmations).
  • Analyze usage patterns to improve our product and content quality.
  • Detect, prevent, and address technical issues and abuse.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • Public profile data: your username, display name, avatar, bio, social links, scores, badges, and leaderboard rankings are visible to other users unless your profile is set to private.
  • Service providers: we share data with third-party services that help us operate the platform, including Supabase (database and authentication), Stripe (payment processing), PostHog (analytics), and Resend (transactional email). These providers are bound by their own privacy policies.
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction.

5. Data Storage and Security

Your data is stored in Supabase infrastructure. We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS) and at rest, row-level security policies, and access controls. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance: processing necessary to provide the SecProve platform, including account management, quiz delivery, rating computation, and subscription management (Article 6(1)(b) GDPR).
  • Legitimate interests: analytics, fraud prevention, platform security, and product improvement, where these interests are not overridden by your data protection rights (Article 6(1)(f) GDPR).
  • Consent: optional analytics tracking via PostHog, marketing communications, and any processing for which we explicitly request your consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.
  • Legal obligation: processing required to comply with applicable laws, regulations, or legal processes (Article 6(1)(c) GDPR).

7. Your Rights

7.1 Rights for All Users

  • Access and update: you can access and update your profile information at any time through the Settings page.
  • Profile visibility: you can set your profile to private, which hides your profile from other users.
  • Account deletion: you can request account deletion through Settings. This removes your profile, quiz history, badges, and leaderboard entries. Deletion is processed within 30 days.
  • Data export: you can request a machine-readable copy of your personal data by contacting us at support@secprove.com. We will respond within 30 days.
  • Analytics opt-out: PostHog respects Do Not Track (DNT) browser settings. You may also disable analytics in your browser settings.

7.2 Additional Rights for EEA/UK/Swiss Residents (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following additional rights:

  • Right of access (Art. 15): request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate personal data.
  • Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Art. 18): request that we limit how we use your data.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7): withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: you may file a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany).

To exercise these rights, contact us at support@secprove.com. We will respond within 30 days.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we share it.
  • Right to delete: request deletion of your personal information, subject to certain exceptions.
  • Right to correct: request correction of inaccurate personal information.
  • Right to opt-out of sale/sharing: we do not sell your personal information or share it for cross-context behavioral advertising.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at support@secprove.com or use the account deletion feature in Settings. We will verify your identity before processing requests.

8. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

  • Account data: retained while your account is active and for 30 days after deletion request.
  • Quiz and performance data: retained while your account is active. Deleted with your account.
  • Payment records: retained for 7 years after the transaction to comply with tax and accounting obligations.
  • Analytics data: PostHog data is retained for 12 months, then automatically purged.
  • Server logs: retained for 90 days for security and debugging purposes.
  • Support correspondence: retained for 2 years after resolution.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We use PostHog for product analytics, which may set cookies or use local storage to track feature usage across sessions. We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings.

10. International Data Transfers

Your information is processed and stored in the United States via our infrastructure providers (Supabase, Vercel, Stripe). If you are located outside the United States, your personal data will be transferred to and processed in the United States.

For transfers from the EEA/UK/Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally approved transfer mechanisms, to ensure your data receives an adequate level of protection. Our service providers (Supabase, Stripe, PostHog) maintain their own data processing agreements and transfer safeguards.

11. Children's Privacy

SecProve is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us personal data, contact us at support@secprove.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending an email notification at least 30 days before material changes take effect. Your continued use of SecProve after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

For EEA/UK residents: if you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with your local supervisory authority.

SecProve — Community-Driven Cybersecurity Knowledge