Your data, on your terms.

• Account information: email address, full name, role category, optional LinkedIn URL, optional location. Collected at signup.
• Assessment data: your answers to assessment questions, resulting scores, percentile ranks, and credential URLs. Collected when you take an assessment.
• Fraud telemetry: tab-blur counts, paste / copy events, environment fingerprint (screen, CPU, timezone), and optional webcam snapshots (if you consent to proctoring). Used to validate the integrity of your attempt.
• Usage telemetry: which pages you visit, which assessments you start, time on task. Used to improve the funnel.
• Payment information: card details are collected and stored by Stripe, our payment processor. Provyn never sees or stores your card number; we only see the Stripe customer ID and subscription status.
• Email log: every email we send to you with timestamps for sent / delivered / opened / clicked / bounced. Used to debug deliverability and respect your opt-out preferences.

• Deliver the service: render dashboards, score assessments, mint credential URLs, surface verified candidates to recruiters.
• Detect fraud and uphold credential integrity. Webcam snapshots and behavioral telemetry are only ever reviewed by admin reviewers, never by recruiters.
• Send transactional email (sign-in links, credential confirmations, billing receipts). You cannot opt out of these because they are how the service works.
• Send marketing email (lifecycle nudges, product updates). You can opt out at any time from /settings -- Email Preferences or via the unsubscribe link at the bottom of any marketing email.
• Improve the product. We aggregate anonymized usage patterns to decide which assessments to add and which parts of the funnel to fix.

We do not sell or rent your data.

Verified candidates appear in the recruiter directory by default once they pass at least one assessment. Approved recruiters can save you to a shortlist and contact you via the LinkedIn URL on your profile. You can opt out of directory visibility at any time by contacting provyn.app@outlook.com.

We share data with the following processors for service delivery:

• Stripe (payments + identity verification): card processing, subscription management, optional Stripe Identity flow.
• Resend (email delivery): all transactional and marketing email.
• Airtable (data storage): account rows, assessments, shortlists, audit logs.
• Netlify (hosting): the application itself plus serverless functions.
• Upstash (caching): session tokens, rate-limit counters.
• Sentry (error tracking): unhandled exceptions in production for debugging.

Each processor has its own privacy policy and is bound by a data processing agreement with us.

• Account data: kept until you delete your account. Soft delete has a 7-day recovery window; after 7 days a daily cron hard-deletes the row plus linked submissions and shortlists.
• Webcam snapshots: auto-deleted after 90 days regardless of account state.
• Email log: retained 90 days for deliverability debugging.
• Funnel events: retained 90 days for product analytics.
• Stripe billing data: retained per Stripe's policies; we cannot delete records on Stripe's side because they are tax records.

• Right to access: download a JSON export of all your data via Settings -- Account -- Download my data. Includes your row, every assessment attempt, the last 90 days of email log, and your funnel events.
• Right to deletion: delete your account from Settings -- Account. Hard delete after the 7-day grace period.
• Right to opt out of marketing: unsubscribe link in every marketing email or Settings -- Email Preferences. Transactional email keeps flowing because it is how the service works.
• Right to data portability: the JSON export above is machine-readable and yours to take anywhere.
• Right to correction: edit your name, LinkedIn URL, location, etc. from /profile/edit. For email changes, contact support.

We use session cookies for authentication (NextAuth JWT cookie). No third-party advertising or analytics cookies. We do not use Google Analytics, Facebook Pixel, or any cross-site tracking.

Webcam access is requested only when you start a proctored assessment, and only if you grant consent. You can decline; your credential will simply not carry a Proctored badge.

Provyn is not intended for users under 16. Do not sign up if you are under 16. If we discover an account belongs to a minor we will delete it and contact a parent or guardian.

Data is stored in the United States (Airtable, Resend, Upstash, Netlify all in US East regions). If you are in the EU / EEA / UK, by using the service you acknowledge this transfer. We rely on Standard Contractual Clauses with our processors for the lawful basis.

If we make material changes, we will notify you via email at least 30 days before they take effect. Minor clarifications go live on the page; the "Last updated" date at the top reflects the most recent change.

Privacy questions? Email provyn.app@outlook.com. Data subject access requests get a one-business-day acknowledgment and a substantive response within 30 days.

Related: see /terms for the service agreement and /refund-policy for billing-specific terms.