Privacy
Prooflet Privacy Policy
What personal information we collect, why, and how we handle it — structured on PIPEDA's ten fair information principles.
Last updated: July 11, 2026
Version: 2
This policy explains what personal information Prooflet ("Prooflet", "we", "us") collects, why, and how we handle it. We follow the Personal Information Protection and Electronic Documents Act (PIPEDA) and its ten fair information principles. Our privacy contact is legal@prooflet.ca.
1. Accountability
Prooflet is responsible for personal information under its control. Privacy questions, requests, and complaints go to legal@prooflet.ca, which reaches the person accountable for our privacy practices.
2. What we collect
- Account information — your name, email address, and password (stored as a salted hash, never in plain text).
- Workspace content — product information, artwork, brand assets, and settings you add to the Service.
- Billing information — handled by our payment processor, Stripe. We receive plan, invoice, and payment-status details; we do not store your full card number.
- Support communications — emails you send us.
- Technical information — IP address, browser type, session cookies, and service logs used to operate and secure the Service.
- Language preference — a
langcookie stores your English/French choice on prooflet.ca; on a first visit we use region-level IP geolocation (via our CDN) solely to choose French for visitors from Québec. We do not build location profiles.
We do not use third-party advertising or behavioural-tracking cookies, and we do not sell personal information.
3. Why we collect it
We use personal information to: provide and operate the Service; process billing; provide support; secure the Service and prevent abuse; meet legal obligations; and send service-related messages. We do not use your workspace content for anything other than providing the Service.
4. Required processing, consent, and choices
Some personal information processing is necessary to provide and secure the Service, authenticate accounts, process projects and billing, send service or security messages, maintain required records, enforce the Terms, and meet legal, security, accounting, dispute-resolution, and operational obligations.
Where Prooflet asks for consent for optional uses, you may choose not to provide it or may withdraw it later, subject to legal, security, contractual, recordkeeping, and operational limits. If you ask Prooflet to delete or stop using information required for the Service, some features or account access may no longer be available.
5. Sharing and service providers
We share personal information only with service providers who process it on our behalf, under contract, for the purposes above:
- Stripe — payment processing.
- Cloudflare — website hosting, content delivery, and security.
- Resend — transactional email delivery.
- Google Fonts (Google) — font delivery. When you load a Prooflet page, your browser requests font files from Google's servers. The request includes your IP address, the requested URL, and HTTP headers such as your user agent and referrer. Google states that it processes this information to serve and secure Google Fonts and does not use Google Fonts data to profile end users or for targeted advertising. See Google Fonts privacy and data collection.
- Cloud infrastructure providers that host the Service and its data.
Some providers process data outside Canada (including in the United States). While outside Canada, information is subject to the laws of those jurisdictions, and courts or authorities there may be able to compel access. We use contractual protections to require comparable care. We may also disclose information where required by law.
6. Retention
We keep personal information only as long as needed for the purposes above and to meet legal obligations. Proof and export history is kept for the period stated in your plan. After account closure we delete or anonymize personal information within a reasonable period, except what we must retain (for example, billing records).
7. Safeguards
We protect personal information with safeguards appropriate to its sensitivity, including encryption in transit (HTTPS), hashed passwords, access controls, and isolation between customer workspaces.
8. Access and correction
You may request access to your personal information and correction of inaccuracies by writing to legal@prooflet.ca. We respond within 30 days and at minimal or no cost. If we refuse a request, we will explain why and how to challenge our decision.
9. Breach response
If a breach of security safeguards creates a real risk of significant harm, we will report it to the Privacy Commissioner of Canada, notify affected individuals as soon as feasible, and keep records as PIPEDA requires.
10. Challenging compliance
If you are not satisfied with our response to a privacy concern, contact legal@prooflet.ca first; you may also complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca).
Changes
We may update this policy from time to time; the "Last updated" date reflects the current version. Material changes will be announced by email or in-product notice.
For product limitations, read the Prooflet disclaimers. For the legal page index, see the legal hub.