Proof PackEnterprise Compliance
Log inStart Free Scan

Privacy Policy — Proofpack

(Cloudwise)

Effective date: 22nd Jan 2026

Last updated: 22nd Jan 2026

This Privacy Policy explains how Cloudwise (“Cloudwise”, “we”, “us”) collects, uses, and shares personal data when you use Proofpack (the “Service”).

Controller: Cloudwise Aps, Denmark

Contact: info@proofpack.eu

1) What the Service does

Proofpack scans websites you add to the Service and produces accessibility-related findings and scores to help you improve accessibility and support EAA-related work. The Service does not require customers to upload documents/files for scanning as part of normal operation.

2) Personal data we collect

A) Account and customer relationship data

  • Name, email, organization name (if provided)
  • Authentication/session data (e.g., session tokens)
  • Support communications and requests

B) Billing and subscription data

  • Subscription status, plan, invoice references, payment status, and billing contact details
  • Payment details (such as full card numbers) are processed directly by our payment provider and are not stored by Cloudwise.

C) Website scanning data

When you submit a website for scanning, we may process:

  • Website URL/domain(s) you provide
  • Scan results (findings, scores, affected page URLs, technical metadata)
  • Operational logs created during scanning (e.g., timestamps, HTTP status codes)

Important: While scanning, the Service may incidentally process personal data that is publicly available on scanned pages.

3) How we use personal data

  • Provide and operate the Service (accounts, scans, dashboards, support)
  • Process subscriptions and billing administration
  • Secure the Service and prevent abuse (fraud detection, rate limiting)
  • Monitor and improve performance and reliability
  • Meet legal obligations (accounting, tax, lawful requests)

4) Legal bases (GDPR)

Where GDPR applies, we process personal data based on:

  • Contract (Art. 6(1)(b)) — to provide the Service
  • Legitimate interests (Art. 6(1)(f)) — to secure and improve the Service
  • Legal obligation (Art. 6(1)(c)) — accounting and tax compliance
  • Consent (Art. 6(1)(a)) — where required (e.g., optional cookies)

5) Subprocessors and sharing

We share personal data only as needed with the core providers below:

Supabase

Database, auth, and session infrastructure.

Railway

Hosting and infrastructure for running the Service.

Stripe

Payment processing and subscription billing.

We do not sell personal data.

6) International transfers

We are based in Denmark. Some providers may process data outside the EU/EEA. We use appropriate safeguards such as Standard Contractual Clauses (SCCs).

7) Data retention

Account data is retained while active. Billing records are kept for the period required by Danish accounting and tax law. Scan results and audit report evidence are kept for up to 1 year from the scan date, after which they are permanently deleted.

8) Security

We use reasonable technical and organizational measures including encryption in transit, access controls, and regular monitoring.

9) Your rights (EEA/UK)

You have rights including access, rectification, erasure, and objection. To exercise these, email info@proofpack.eu. Supervisory authority: Datatilsynet (Denmark).

Acceptable Use Policy

(Proofpack)

Effective date: 22nd Jan 2026

This Acceptable Use Policy (“AUP”) governs use of Proofpack. Violations may result in rate-limiting, suspension, or termination.

1) Permission to scan

You must own the website you scan or have explicit authorization from the owner/administrator. Do not scan websites you do not have permission to assess.

2) Prohibited activities

  • Attempt to compromise the Service or its infrastructure
  • Bypass authentication, quotas, or scan limits
  • Disrupt the Service via excessive automation or abusive frequency
  • Use the Service for unlawful or deceptive purposes
  • Reverse engineer the Service except where permitted by law

3) Fair use and plan limits

We enforce plan-based limits on sites and scan frequency. You must not attempt to circumvent these limits.

4) Responsible scanning

You are responsible for any impact your scans have on your own systems. Avoid triggering scans in ways that overload production servers.

5) Enforcement and verification

We may investigate suspected violations and request evidence of scanning authorization.

6) Reporting abuse

Report suspected abuse to legal@proofpack.eu or info@proofpack.eu

© 2026 Cloudwise Aps

Danish registered company • info@proofpack.eu