Proofpath Home
Beta · Policy update in progress

Trust & Privacy Center

We build products that use context, AI, and user feedback to make decisions easier. This center explains how we handle data, AI-assisted outputs, user contributions, beta features, privacy choices, and product-specific safeguards.

Manage privacy requestPrivacy choices

Overview

Privacy-by-default: we aim to collect the minimum useful data needed to make the product work, improve the experience, and respect user choices. Privacy laws vary by location. This page is designed to help users understand and manage privacy choices — it is not a substitute for legal review.

We do not currently claim compliance with CCPA/CPRA, GDPR, South Korea PIPA, Brazil LGPD, HIPAA, or SOC 2. Formal legal review is required before making jurisdiction-specific compliance claims.

Privacy choices

Core product functionality still works where feasible if analytics or personalization are off.

Essential product functionality

Always on. Required for sign-in, saving your work, and core flows.

Analytics

Coarse usage events to understand which flows work. Never raw notes, uploads, or sensitive details.

Product personalization

Use your in-product signals to tailor Proofpath surfaces to you.

Cross-product personalization (Lumenfolk)

Allow non-sensitive signals to inform other Lumenfolk products, only with explicit opt-in.

Approved partner / API use

Permit limited use by vetted partners. Off by default.

Marketing contact

Email or messaging about new features, beta invites, or research.

Sensitive data use

Allow sensitive context (health, legal, financial, identity) to inform in-product personalization. Off by default.

Do not use for personalization

Suppress personalization globally, even when other scopes are on.

Preferences are stored on this device until server-side consent storage is enabled.

Anonymous analytics

On by default. Sends only coarse event names, IDs, enums, and reason codes — with IP anonymized and no ads signals. Never your notes, uploads, parsed medical text, names, or emails. Currently OFF (you opted out).

Data we may collect

Account data

Sign-in info needed to keep your work safe.

Required

Usage data

Coarse interactions to understand which flows work.

Optional · analytics consent

Consent preferences

Your privacy choices on this device or account.

Required

Product inputs

Things you type, paste, or upload into Proofpath.

Optional

Profile signals

Patterns Proofpath infers from your activity.

Optional · may be sensitive

Feedback & corrections

Your “not quite right,” “useful,” and free-text notes.

Optional

Recommendation interactions

Which suggestions you open, dismiss, or save.

Optional

Resource interactions

Documents, briefs, and exports you generate.

Optional

Contribution requests

Missing-data, source, and improvement suggestions.

Optional

Uploaded or pasted content

Files or text you send to Proofpath for parsing.

Optional · sensitive

Payment or inquiry intent

Pricing visits, checkout starts, inquiry submissions.

Optional

Categories labeled “planned” are not currently collected.

How we use data

  • Operate core product features you’ve asked for.
  • Improve flows, fix bugs, and prioritize what to build next.
  • Personalize Proofpath surfaces — only with your consent.
  • Respond to your privacy or support requests.
  • Meet recordkeeping needs related to billing or legal obligations.

Analytics & personalization

We avoid sending raw private content or sensitive profile details to analytics. Events use coarse categories, reason codes, counts, and consent-safe properties.

Analytics may receive

  • Event name, source surface, product area
  • Account / profile / trial state (enum)
  • Coarse category or lane
  • Structured reason codes, confidence band, booleans, counts
  • Consent state, non-sensitive IDs

Never sent to analytics

  • Free text, uploads, parsed medical/legal/financial details
  • Names, emails, phone numbers, precise location
  • Child or family details
  • Sensitive identity or community context
  • Private profile facts or full CanonIQ outputs
  • Raw profile answers, appointment, provider, or report details

Sensitive data

Sensitive context is optional unless required for the product to function. We aim to use the minimum information needed and avoid exposing sensitive details unnecessarily.

health or medical context
legal context
financial hardship or benefits context
child or family context
precise location
identity or community context
sexuality, gender identity, race, ethnicity, religion
biometric or identity verification data
raw uploaded documents
free-text private notes
mental health or crisis-related context
employment or income vulnerability
immigration or citizenship context

User rights & requests

You can ask us to act on your data. We’ll respond as quickly as we reasonably can.

  • Access my data
  • Correct my data
  • Delete my data
  • Export my data
  • Suppress or do not use a signal
  • Restrict cross-product use
  • Opt out of sale/share/targeted advertising
  • Limit sensitive data use
  • Ask a privacy question
Manage privacy request

AI & automated assistance

Some product experiences may use AI or automated systems to summarize, rank, classify, parse, recommend, or generate drafts. AI-assisted outputs may be incomplete or wrong. Important outputs should be reviewed before relying on them.

  • This is not medical advice, diagnosis, or treatment. Use it to prepare for a conversation with a licensed clinician.
  • Not legal, financial, or benefits advice.
  • Not identity verification or a guarantee of outcomes.

Product profiles & CanonIQ

Product-specific profiles (e.g. Proofpath’s readiness profile) help a single product work better. They are not the same as the full CanonIQ.

Full CanonIQ is a deeper personal context profile. No user receives the full CanonIQ output unless they purchase or are granted access to the full CanonIQ product. CanonIQ is not biometric authentication, legal identity verification, or a mental health diagnosis — it is a personal context and surface-personalization layer.

Unlock full CanonIQ — $79

Contributions & user-submitted content

Some surfaces invite missing-data, source, or improvement suggestions. Contributions are stored with structured fields and may be reviewed before they affect the product. Sensitive details are not used publicly.

Regional privacy readiness

We design our data systems around privacy-by-default principles, data minimization, consent controls, user correction, deletion/export request paths, sensitivity labeling, and regional privacy-readiness. We aim to support users from stricter privacy regions, including California, the European Union / EEA, South Korea, and Brazil.

Data processing and storage locations may vary by vendor and product. We are reviewing our systems as products move from prototype to public beta. Formal legal review is required before making jurisdiction-specific compliance claims.

Vendor inventory

A working list of vendors and processors. Items marked “needs review” are pending verification.

VendorPurposeRegionStatus
Lovable Cloud (Supabase)
Privacy policy		Hosting, database, authentication, file storageNeeds review
needs review
Google Analytics 4
Privacy policy		Privacy-friendly product analytics (consent-gated)US / global
active
Amplitude
Privacy policy		Optional product analytics (consent-gated)US
planned
Fillout
Privacy policy		Inquiry and privacy request intake formNeeds review
active
Stripe
Privacy policy		Payment processing for paid plansUS / global
planned
LLM provider (TBD)
Optional AI summarization / parsing assistance
needs review

Retention & deletion

Records may carry deleted_at, suppressed_at, expires_at, and retention_policy fields so user data can be deleted, anonymized, suppressed, archived, or expired. Automated deletion is being built out — for now, use the privacy request path.

Policy links

Contact

Use the inquiry form to reach us about privacy, data rights, security questions, or feedback.

Contact us

Proofpath helps organize and summarize information. It does not provide medical, legal, financial, benefits, disability, housing, or insurance advice. It does not diagnose, verify medical accuracy, or replace a clinician, attorney, benefits worker, insurer, or qualified professional. Generated documents and summaries are starting points — review them with the appropriate qualified professional before relying on them.

Proofpath helps organize and summarize information. It does not provide medical, legal, financial, benefits, disability, housing, or insurance advice. It does not diagnose, verify medical accuracy, or replace a clinician, attorney, benefits worker, insurer, or qualified professional. Generated documents and summaries are starting points — review them with the appropriate qualified professional before relying on them.