Privacy Policy — Proof by Broadable™
Legal — Privacy Policy

Your data is handled with
the same care we put into the product.

We collect only what we need, use it only for what we say, and give you full control over it. No selling. No surprises. Just a straightforward data relationship built on trust.

We never sell your data
Your personal information is never sold, rented, or traded to third parties for their own marketing.
GDPR and global compliance
We follow GDPR, CCPA, and applicable data protection laws. You have full rights over your data at all times.
You control your data
Access, correct, export, or delete your data at any time by contacting our team. No hoops, no delays.
Last updated: 1 January 2025
Applies globally to proof.broadable.com
Privacy questions: [email protected]
This Privacy Policy was last updated on 1 January 2025. It applies to all users of Proof by Broadable™ at proof.broadable.com.
Plain-language summary: We collect the minimum data needed to run the service. We use it to operate and improve Proof, to process payments, and to communicate with you. We do not sell it. You can ask us to delete it at any time. The full legal details are in the sections below.
Identity

Who we are and who is responsible for your data

Proof by Broadable™ is a product of CodEye Technologies Pvt Ltd, a company incorporated in India. References to "we," "us," or "Proof" in this Privacy Policy refer to CodEye Technologies Pvt Ltd, operating the Proof by Broadable™ product at proof.broadable.com.

For the purposes of the General Data Protection Regulation (GDPR) and other applicable privacy laws, CodEye Technologies Pvt Ltd is the data controller for personal data collected through Proof. Our registered business address and contact details are available on request by emailing [email protected].

This policy applies to:

  • Visitors to proof.broadable.com and broadable.com
  • Registered users and paying customers of Proof
  • Anyone whose testimonial data is collected through Proof-powered collection forms or widgets

If you are a testimonial submitter (someone who submitted a review through a form created by a Proof customer), the business that collected your testimonial is the data controller for that specific data. Please contact them directly with questions about how they handle it.

Data Collection

What personal data we collect and why

We collect different types of data depending on how you interact with Proof. Here is a clear breakdown:

Account data
  • Full name
  • Email address
  • Password (hashed, never stored in plain text)
  • Business or brand name (optional)
  • Profile photo (optional)
Billing and payment data
  • Name on payment method
  • Billing address and country
  • Purchase amount and date
  • Payment method type (e.g., card, PayPal)
  • Card data is held exclusively by Paddle and never stored on our servers
Testimonial content
  • Text, star ratings, and written testimonials you collect
  • Video testimonials uploaded by submitters
  • Name, role, and company of testimonial authors
  • Platform metadata from imported reviews (e.g., Google, G2)
Technical and usage data
  • IP address (anonymised after 30 days)
  • Browser type and operating system
  • Pages visited and features used within the dashboard
  • Session duration and click events (aggregate, not individual tracking)
  • Error logs for debugging purposes

We do not collect sensitive personal data such as health information, religious beliefs, political opinions, racial or ethnic origin, or biometric data.

Data Use

How we use your personal data

We use the data we collect for the following purposes only:

Service delivery
To create and maintain your Proof account, provide access to features, sync your integrations, and deliver the core product you purchased.
Payments
To process your purchase through Paddle, issue receipts, handle refund requests, and maintain billing records required by tax law.
Support
To respond to your support requests, resolve technical issues, and communicate about your account. We only access your data when necessary to resolve your issue.
Product improvement
To understand which features are used, identify bugs and friction points, and prioritise improvements. This is done using aggregated, anonymised data wherever possible.
Legal compliance
To comply with applicable laws, respond to lawful requests from authorities, enforce our Terms of Service, and protect the rights and safety of our users.
Communications
With your consent only: we may send product update emails or occasional tips on getting more value from Proof. You can unsubscribe from any email with one click. We do not send unsolicited marketing.
Third Parties

Who we share your data with

We share your personal data only with the service providers necessary to operate Proof, and only to the extent required for them to perform their specific function. We do not sell data, and we do not allow any third party to use your data for their own marketing purposes.

Paddle
Payment processing and Merchant of Record. Paddle processes all payments, handles tax compliance, and issues purchase receipts. Paddle acts as a co-controller for payment data. Their privacy policy governs their use of your data: paddle.com/legal/privacy.
Hosting provider
Infrastructure and database hosting. Our application and your data is hosted on servers located in secure, GDPR-compliant data centres. We have data processing agreements in place with all infrastructure providers.
Email delivery
Transactional and product emails. We use a third-party email service provider to deliver account notifications, receipts, and product updates. Your email address is shared only for the purpose of delivering messages you have requested or that are required for your account.
Analytics
Usage and product analytics. We use privacy-respecting analytics tools to understand product usage at an aggregate level. We do not use Google Analytics. Where individual session data is collected, it is anonymised after 30 days.
Legal and security
Authorities and legal process. We may disclose personal data if required by a court order, regulatory authority, or other legal obligation. We will notify you of such requests unless prohibited from doing so by law.
International data transfers: Proof is operated from India. Some of our service providers may be located in the United States or European Economic Area. Where we transfer personal data outside the EEA or to countries without an adequacy decision, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
Cookies

Cookies and tracking technologies

We use cookies and similar technologies to operate the Proof platform. Here is a clear summary of what we use and why:

Essential cookies (always active)

These cookies are necessary for Proof to function. They maintain your login session, remember your preferences within the dashboard, and protect against cross-site request forgery (CSRF). You cannot opt out of these without disabling the service entirely.

Functional cookies (optional)

These cookies remember your settings and preferences such as language, dashboard layout preferences, and notification settings. They are not used for tracking or advertising.

Analytics cookies (optional, privacy-respecting)

We use minimal, privacy-respecting analytics to understand how Proof is used at an aggregate level. These do not track individuals across other websites. You can opt out of these via your account settings or by using a browser extension that blocks tracking scripts.

We do not use advertising, retargeting, or third-party tracking cookies. For full details, see our Cookie Policy.

Testimonial widget visitors: If your website embeds a Proof widget (Wall of Love, collection form, or similar), that widget may set a functional cookie to track whether a visitor has already submitted a testimonial. No personal data from your website visitors is sent to Proof servers without their explicit submission.
Retention

How long we keep your data

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Here is our standard retention schedule:

Data typeRetention periodReason
Account dataDuration of active account + 90 days post-deletionAllows account recovery if deletion was accidental. Permanently deleted after 90 days.
Testimonial contentDuration of active accountCore product data. Deleted with account unless exported by the user before deletion.
Billing records7 years from transaction dateRequired by Indian tax law and international accounting standards.
Support correspondence3 years from last interactionNecessary to resolve recurring issues and ensure service continuity.
IP addresses (server logs)30 days, then anonymisedUsed for security and debugging only. Anonymised to prevent individual identification.
Analytics data13 months, then aggregatedStandard analytics retention. Aggregated data is retained indefinitely in anonymised form.
Marketing consent recordsUntil consent is withdrawn + 3 yearsRequired to demonstrate legal basis for communications.

When you close your account or request deletion, we will permanently delete or anonymise your personal data within 90 days, except where legal obligations require us to retain billing records for longer.

Your Rights

Your rights over your personal data

Depending on your location, you have several rights over your personal data. We honour all of these rights for all users globally, regardless of jurisdiction:

1
Right of access
Request a copy of all personal data we hold about you. We will provide this in a machine-readable format within 30 days.
2
Right to rectification
Request correction of inaccurate or incomplete personal data. Most account data can be updated directly within your dashboard settings.
3
Right to erasure
Request deletion of your personal data ("right to be forgotten"). We will delete all account data within 90 days, subject to legal retention requirements for billing records.
4
Right to restrict processing
Request that we limit how we use your data while a dispute or review is in progress, without requiring full deletion.
5
Right to data portability
Request your data in a structured, machine-readable format so you can transfer it to another service. Your full testimonial library can be exported in CSV or JSON at any time from within Proof.
6
Right to object
Object to processing based on our legitimate interests. If you object, we will stop unless we have a compelling legitimate reason that overrides your interests.
7
Right to withdraw consent
Where processing is based on consent (e.g., marketing emails), you can withdraw it at any time with no effect on the lawfulness of prior processing.
8
Right to lodge a complaint
If you believe we are handling your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, email us at [email protected] with "Data Rights Request" in the subject line. We will respond within 30 calendar days. We may ask you to verify your identity before processing sensitive requests.

Security

How we protect your data

We take security seriously. The measures we have in place include:

Encryption
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Passwords are hashed using bcrypt and are never stored in recoverable form.
Access controls
Access to production systems and databases is restricted to essential personnel only. All access is logged and reviewed. We do not grant vendor or partner access to customer data without explicit need.
Payment security
We do not store card numbers, CVVs, or bank account details. All payment data is handled exclusively by Paddle, which is PCI-DSS compliant. Our servers never receive or process raw card data.
Incident response
In the event of a data breach affecting your personal data, we will notify affected users within 72 hours of becoming aware of the breach, as required by GDPR Article 33. We will also notify the relevant supervisory authority where required.

No system is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security. We encourage you to use a strong, unique password for your Proof account and enable two-factor authentication when available.

Contact

Contact us about privacy

If you have any questions about this Privacy Policy, want to exercise your data rights, or wish to raise a concern about how we handle your personal data, please contact us:

Privacy questions and data requests

We respond to all privacy-related emails within 72 hours (business days). Data subject requests are completed within 30 days per GDPR requirements.

Email Privacy Team
[email protected]

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will notify active users by email and update the "Last updated" date at the top of this page. Your continued use of Proof after a policy update constitutes acceptance of the revised terms. For historical versions of this policy, contact [email protected]. This policy is governed by the laws of India, without prejudice to your rights under applicable data protection legislation in your country of residence.

Privacy-first · GDPR compliant · No data selling · Ever

Your privacy is part of the product,
not an afterthought.

Proof is built by people who care about trust. If you have any concerns about how your data is handled, our team will respond within 72 hours.

GDPR compliant
Data never sold
AES-256 encrypted
30-day money-back
Get instant access — $100 once Privacy questions →

This is a plain-language privacy summary. By using Proof you agree to this policy and our Terms of Service. For the full legal text or historical versions, contact [email protected].