The Layer Separation Principle
Provncloud operates on the principle of Hash-Only Sovereignty. We anchor cryptographic hashes of your data to the blockchain. We do not store, process, or ever see the raw content of your anchored data.
1. Information We Collect
To operate the infrastructure, we collect only minimal administrative data:
- Account Data: Email address and billing information (processed via Stripe).
- Usage Telemetry: Number of anchor calls, plan limits, and API key activity.
- On-Chain Metadata: Public blockchain addresses and transaction IDs associated with anchors.
2. Hashing Security
When you submit a "Claim" for anchoring, you are submitting a SHA-256 hash. It is mathematically impossible for Provncloud to reverse this hash to view your data. Your data remains on your servers; only the "proof" exists on ours.
3. Data Sharing
We do not sell user data. Information is shared only with:
• Supported Settlement Networks: Hashed proofs are broadcasted to the public ledger on the selected network, including Solana.
• Stripe: For specialized billing and payment processing.
• Supabase: For secure database and auth hosting.
4. Cookies and Tracking
We use strictly functional cookies for authentication sessions. We do not use third-party advertising trackers or behavioral targeting pixels.
5. Data Retention
We apply a two-layer retention model:
- On-Chain Anchors: Cryptographic proof records written to the Solana blockchain are permanent and immutable. We cannot delete them, and neither can anyone else.
- Database Records: Proof request metadata stored in our database (anchor status, timestamps, API identifiers) is retained for 90 days by default, after which it is automatically purged. This period may be adjusted via your account settings in future releases.
- Account Data: Your email address, billing history, and API keys are retained for the duration of your account and for up to 1 year after deletion for legal and audit purposes.
GDPR & Data Rights
Under GDPR, you have the right to access, rectify, or delete your administrative data. Since anchored proofs are on a public immutable blockchain, they cannot be deleted from the ledger. You may request deletion of your administrative account data at any time.
6. Data Processing Agreement (DPA)
Enterprise and Pro customers who require a signed Data Processing Agreement under GDPR Article 28 may request one by emailing provncloud@provnai.com. We will provide our standard DPA within 5 business days. Custom DPA terms require up to 14 business days for legal review.
A complete list of our sub-processors and their GDPR safeguards is available at our Sub-processors page.
Privacy concerns? Reach out to provncloud@provnai.com