1. Introduction
Welcome to ProoFi. We are committed to protecting your privacy and ensuring the highest level of security for your data. As a provider of compliance tools designed to help organizations meet ISO 27001, GDPR, and other regulatory standards, we practice what we preach.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use the ProoFi compliance platform.
Last Updated: March 2026. This policy is aligned with the General Data Protection Regulation (GDPR) and the security principles of ISO/IEC 27001.
2. Information We Collect
To provide our compliance services, we collect the following types of data:
- Account Data: Name, email address, company details required to create and manage your ProoFi account.
- Platform Usage Data: Audit logs, IP addresses, browser types, and timestamped actions. This data is essential for maintaining the integrity of the compliance artifacts generated within ProoFi.
- Compliance Artifacts (Customer Data): Information you upload or connect to ProoFi for the purpose of compliance monitoring (e.g., policy documents, employee security training statuses). We act as a Data Processor for this information.
3. How We Use Your Data
We process your data strictly for the following purposes:
- Providing, operating, and maintaining the ProoFi compliance platform.
- Generating compliance reports, audit trails, and certification readiness assessments.
- Ensuring platform security through continuous monitoring and anomaly detection.
- Communicating with you regarding platform updates, security alerts, and support requests.
4. Data Security & ISO Compliance
Security is the foundation of ProoFi. We have implemented technical and organizational measures to ensure a level of security appropriate to the risk, as required by GDPR Article 32 and ISO 27001.
- Encryption: All data is encrypted in transit (using TLS 1.3) and at rest (using AES-256).
- Access Control: We enforce strict Role-Based Access Control (RBAC) and mandatory Multi-Factor Authentication (MFA) for all ProoFi staff.
- Continuous Auditing: Our own systems are subjected to continuous compliance monitoring, automated vulnerability scanning, and annual independent penetration testing.
5. Sub-Processors and Data Sharing
We do not sell your personal data. We only share information with authorized sub-processors who assist us in providing the ProoFi service (e.g., cloud hosting providers). All sub-processors are vetted for GDPR and ISO 27001 compliance and are bound by strict Data Processing Agreements (DPAs).
A full, updated list of our current sub-processors is available within your ProoFi dashboard.
6. Your GDPR Data Subject Rights
Under the GDPR, you possess several rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct any inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data, provided it is no longer necessary for compliance or legal obligations.
- Right to Restrict Processing & Portability: You can request to limit how we use your data or request your data in a structured, machine-readable format.
To exercise these rights, please contact our Data Protection Officer.
7. Contact Information
If you have questions about this Privacy Policy, your rights, or our security practices, please contact our Data Protection Officer (DPO):
Email: privacy@proofi.com
Mailing Address: ProoFi Security & Privacy Team, Team Proofi