Proof PackEnterprise Compliance

Privacy Policy

(Automated Accessibility Assessment and Compliance-Support Service)

Effective date: 22 January 2026

Last updated: 28 March 2026

This Privacy Policy explains how ProofPack (“ProofPack”, “we”, “us”, “our”) collects, uses, stores, and shares personal data in connection with the ProofPack application and related services (the “Service”).

Controller: ProofPack

Contact: info@proofpack.eu

This Privacy Policy applies to personal data processed through the Service, our website, customer support, billing, and related business operations.

1) What the Service does

ProofPack is an automated accessibility assessment and compliance-support service. It scans Websites submitted by customers and produces accessibility-related findings, technical outputs, and scores intended to help identify likely accessibility gaps and support internal accessibility and EAA-related work.

The Service does not require customers to upload documents or files for scanning as part of its normal operation, unless expressly stated for a specific feature.

2) Personal data we collect

A) Account and customer relationship data

This may include:

  • name,
  • email address,
  • organization name,
  • account credentials or authentication-related identifiers,
  • session and login information,
  • communications with us, including support requests and correspondence.

B) Billing and subscription data

This may include:

  • subscription status,
  • plan type,
  • billing contact details,
  • invoice references,
  • payment status,
  • VAT-related billing information where applicable.

Payment card details, including full card numbers, are processed directly by our payment provider and are not stored by ProofPack.

C) Website scanning data

When you submit a Website to the Service, we may process:

  • domain names and URLs you provide,
  • affected page URLs,
  • scan findings, issue summaries, scores, reports, and related technical outputs,
  • technical metadata generated during scanning,
  • operational logs such as timestamps, request/response information, status codes, and system events related to the scan.

D) Publicly available personal data on scanned Websites

Because the Service scans Websites submitted by customers, it may incidentally process personal data that is publicly available on scanned pages, such as names, job titles, email addresses, phone numbers, biographies, profile details, or other personal data that appears on those pages.

We do not collect such data for independent profiling purposes. It is processed only as an incidental part of operating the scan and generating Outputs for the customer.

E) Usage, device, and security data

We may also process limited technical and usage-related data such as:

  • IP addresses,
  • browser type,
  • device or operating system information,
  • service interaction logs,
  • error logs,
  • audit logs,
  • abuse-prevention and security signals.

3) How we use personal data

We use personal data only as necessary for legitimate business and operational purposes, including to:

  • provide, operate, and maintain the Service,
  • create and manage customer accounts,
  • perform scans and generate Outputs,
  • provide dashboards, reports, and related functionality,
  • process subscriptions, billing, and payment administration,
  • communicate with customers about the Service,
  • provide customer support,
  • secure the Service and prevent fraud, abuse, unauthorized access, or misuse,
  • monitor, troubleshoot, and improve performance, reliability, and product quality,
  • comply with legal, regulatory, tax, accounting, and enforcement obligations,
  • enforce our Terms, Acceptable Use Policy, and related legal rights.

We do not sell personal data.

4) Legal bases for processing (GDPR)

A) Contract — Article 6(1)(b)

We process personal data where necessary to enter into or perform a contract with you, including to: create and manage accounts, provide the Service, process subscriptions, respond to support requests, and administer the customer relationship.

B) Legitimate interests — Article 6(1)(f)

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by data protection rights and freedoms. These interests include: operating and improving the Service, ensuring security and reliability, preventing fraud and abuse, maintaining logs, defending legal claims, and enforcing contractual rights.

C) Legal obligation — Article 6(1)(c)

We process personal data where necessary to comply with legal obligations, including accounting, tax, bookkeeping, and lawful disclosure obligations.

D) Consent — Article 6(1)(a)

Where consent is legally required, such as for certain optional cookies or similar technologies, we will rely on consent and provide a way to withdraw it.

5) Sources of personal data

We collect personal data:

  • directly from you when you create an account, subscribe, contact us, or use the Service,
  • from your use of the Service and related technical systems,
  • from Websites you submit for scanning,
  • from payment and billing providers in connection with subscription administration,
  • from service providers that support authentication, hosting, analytics, and infrastructure.

6) Sharing of personal data and subprocessors

We share personal data only where necessary to operate the Service or comply with legal obligations. This may include sharing with service providers that act on our behalf. Core providers currently include:

Supabase

Database, authentication, and session infrastructure.

Railway

Hosting and infrastructure for operating the Service.

Stripe

Payment processing and subscription billing.

We may also share personal data with professional advisers, public authorities, or in connection with a corporate transaction. We do not sell personal data and do not share personal data with third parties for their own independent advertising purposes.

7) International data transfers

ProofPack is based in Denmark. Some of our service providers may process personal data outside the EU/EEA. Where personal data is transferred outside the EU/EEA, we use appropriate safeguards where required by law, including the European Commission’s Standard Contractual Clauses or other valid transfer mechanisms.

8) Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account data: retained while the account is active and for a reasonable period afterward.
  • Billing and transaction data: retained for the period required by applicable accounting, tax, and legal obligations.
  • Scan results: retained for up to one (1) year from the scan date, unless otherwise agreed.
  • Support and logs: retained as long as necessary for support, security, and product improvement.

9) Security

We implement reasonable technical and organizational measures designed to protect personal data, including encryption in transit, access controls, role-based permissions, and monitoring. However, no method is completely secure.

10) Your rights

If the GDPR applies, you may have rights to access, correction, deletion, restriction, objection, portability, and consent withdrawal. To exercise these rights, contact us at info@proofpack.eu. We may ask you to verify your identity.

11) Complaints

If you believe our processing violates applicable law, you may lodge a complaint with your local supervisory authority. For Denmark: Datatilsynet. We encourage you to contact us first.

12) Cookies and similar technologies

If we use cookies, we will describe them in a separate Cookie Policy or notice. Non-essential cookies will be used only with your consent.

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by updating the date above or posting notice through the Service.

14) Contact

ProofPack

Email: info@proofpack.eu

Acceptable Use Policy — ProofPack

(ProofPack)

Effective date: 22 January 2026

Last updated: 28 March 2026

This Acceptable Use Policy (“AUP”) governs your use of ProofPack and forms part of the Terms & Conditions for the Service. Violations of this AUP may result in warnings, scan restrictions, rate-limiting, suspension, or termination of access.

1) Authority to scan

You may use the Service only in relation to Websites that you own, control, operate, or are expressly authorized to assess.

By submitting a Website for scanning, you represent and warrant that you have all required rights, permissions, approvals, and legal authority to allow ProofPack to access, scan, analyze, and process that Website for the purpose of providing the Service.

You must not use the Service to scan, monitor, assess, or profile third-party Websites without authorization.

2) Prohibited activities

You may not use the Service to:

  • attempt to compromise, disrupt, damage, disable, overburden, or impair the Service or its infrastructure,
  • bypass authentication, quotas, rate limits, plan limits, access restrictions, or billing controls,
  • probe, test, or attempt to discover vulnerabilities in the Service itself,
  • gain or attempt to gain unauthorized access to accounts, data, systems, or non-public functionality,
  • use the Service in an unlawful, deceptive, fraudulent, infringing, abusive, or harmful manner,
  • reverse engineer, decompile, disassemble, copy, or create derivative works from the Service, except where prohibited from restricting such activity by applicable law,
  • use the Service to assess third-party Websites without permission,
  • use the Service in a manner that could reasonably be expected to overload or disrupt your own infrastructure, a scanned Website, or any related system,
  • misrepresent Outputs, scores, or findings as legal advice, legal conclusions, or certifications,
  • use the Service to support unauthorized scraping, monitoring, competitive disruption, or other activities outside the intended purpose of the Service.

3) Fair use and plan limits

We may apply plan-based or technical limits on websites, scan frequency, pages per scan, feature access, storage, and API usage. You must not attempt to circumvent these limits or use the Service in a way that undermines its reliability, integrity, or security.

4) Responsible scanning

You are responsible for how and when you initiate scans and for the impact of those scans on systems you control. You should avoid initiating scans in a way that creates unnecessary load on production systems, interferes with performance, or creates avoidable security/availability risks.

5) Verification and enforcement

We may investigate suspected violations of this AUP and may take any action we reasonably consider necessary, including requesting evidence of your authority to scan, temporarily restricting scans, applying rate limits, or suspending/terminating access.

6) Reporting abuse

To report suspected abuse, unauthorized use, or security concerns, contact: legal@proofpack.eu or info@proofpack.eu

© 2026 PROOFPACK

INFO@PROOFPACK.EU