Trust Center

Provyn stores candidate and recruiter data in Airtable (US region). Email is sent via Resend (us-east-1). We do not sell your data, share it with third parties for advertising, or use it to train models.

Candidates may download a full export of their data at any time from their profile. The export includes every assessment attempt, funnel event, and email log from the last 90 days. Hard deletion removes your row from Airtable within 7 days of a request.

Recruiters see only the information candidates have chosen to make public: score tiers, percentile bands, role category, and identity verification status. Raw assessment answers are never exposed to recruiters.

Every assessment is time-limited and single-attempt (unless an admin grants a retake). Question pools are randomised per attempt using a per-session seed so no two attempts see the same ordering.

During an assessment, the runner logs: webcam snapshots at random intervals (with candidate consent), keystroke timing (when, not what is typed), fullscreen exits, tab switches, and paste events. These signals contribute to a per-attempt Integrity Score displayed on each submission.

Code questions are evaluated first by an automated grader (LLM-based, confidence threshold 0.8). Submissions where the grader is uncertain are reviewed by a senior engineer before a score is issued. Candidates are notified by email when their final score is ready.

Provyn uses lightweight client-side proctoring — not a full lockdown browser or third-party agent. Specifically:

• Webcam snapshots at random intervals (requires camera permission)
• Keystroke timing metadata (not content)
• Keyboard shortcuts intercepted (print, save, DevTools)
• Mouse movement patterns
• Clipboard actions logged (not clipboard contents)
• Tab/window focus loss flagged
• Fullscreen exits flagged and paused

Candidates are shown a full disclosure screen before clicking Begin and must check a consent checkbox. Proctoring data is stored only for the duration needed to adjudicate the attempt and is accessible only to Provyn admins. It is not shared with recruiters.

Identity verification is optional and powered by Stripe Identity (US region). When a candidate chooses to verify, their government ID image and a liveness selfie are processed by Stripe and immediately discarded from Provyn's systems — only the verification outcome (verified / not verified) is stored.

A verified badge appears on the candidate's public profile and credential pages. Provyn does not claim any formal accreditation or government-issued certification status — we verify that the person who took the assessment is a real human matching their stated identity, nothing more.

• All traffic over HTTPS (Netlify-managed TLS)
• Authentication via NextAuth.js — session tokens, no passwords stored
• Stripe handles all payment card data — Provyn never sees card numbers
• Stripe webhook payloads are signature-verified (constructEvent) before any data is written
• Airtable API keys stored as Netlify environment secrets
• Admin routes require an explicit allowlist of admin email addresses
• Rate limiting on all public signup endpoints (per-IP)
• Error monitoring via Sentry (when configured)

We do not conduct penetration tests on a fixed schedule, but we review new routes for common vulnerabilities (injection, XSS, CSRF) before shipping. If you find a security issue, email provyn.app@outlook.com with a description and we will respond within 48 hours.

Profile score is a single 0–100 number we surface on the recruiter directory and shortlist views. It combines verified assessment performance, credential strength, and profile completeness into a directional signal a recruiter can use to triage who to look at first.

What it is:

• A weighted combination of every passed assessment's score and percentile.
• A small bonus for filling out role, location, and LinkedIn URL.
• A small bonus for higher verification tiers (Identity > LinkedIn > Email).

What it is not:

• A hiring decision. It is a directional triage signal — read the credential, then decide.
• A predictive validity claim. We do not assert that a higher score predicts on-the-job outcome.
• A reputation score. It does not factor in social signal, follower count, or anything outside Provyn.

Recruiters: hover the “?” next to profile score on any directory card to see this short explanation inline.

• Active accounts: retained indefinitely while the account is active
• Soft-deleted accounts: hidden from UI, retained for 7 days
• Hard-deleted accounts: removed from Airtable within 7 days of request
• Email logs: retained for 90 days in data exports
• Webcam snapshots: retained until the submission is closed or the account is deleted
• Stripe payment records: subject to Stripe's retention policy (typically 5+ years for compliance)

To request deletion of your data, email provyn.app@outlook.com from the address associated with your account. We will confirm deletion within 7 business days.