Privacy Policy

We collect the following categories of information when you use ProxiVeil:

• Account information — your email address, name, and organization details provided during registration
• Uploaded security data — log files, vulnerability scans, phishing emails, and other security artifacts you upload for analysis
• Usage analytics — page views, feature usage, and interaction data collected via PostHog to improve the Service
• Payment information — billing details processed by Stripe. We do not store credit card numbers, CVVs, or full payment card data on our servers

When you upload security data for analysis, personally identifiable information (PII) is automatically stripped before the data is sent to our AI analysis engine. This includes email addresses, usernames, IP addresses, fully qualified domain names, Windows SIDs, and Active Directory paths.

Your uploaded data is not used to train AI models. Analysis is performed solely to generate results for your account. The AI processes your data in real time and does not retain it beyond the scope of the analysis request.

Analysis results, including generated reports and recommendations, are stored within your organization account and are subject to the same security controls and access policies as your uploaded data.

Your data is stored on Supabase infrastructure hosted on Amazon Web Services (AWS) in the us-east-1 region. We implement the following security measures:

• Encryption at rest using AES-256, managed by cloud provider KMS
• Encryption in transit using TLS 1.2 or higher on all connections
• Row-level security (RLS) policies enforced at the database level for complete tenant isolation — your data is never accessible to other organizations
• Append-only audit logs for all data access and modifications
• httpOnly session cookies to prevent cross-site scripting attacks

Account data (email, name, organization details) is retained for the duration of your active account. Uploaded files and generated reports are retained according to your plan settings.

Upon account closure, you have 30 days to export your data. After this period, all uploaded files, analysis reports, and account data will be permanently deleted from our systems within 30 days. Anonymized, aggregated usage statistics may be retained for product improvement purposes.

We use the following third-party services to operate the platform. Each service processes only the minimum data necessary for its function:

• Supabase — database hosting, authentication, and file storage
• Stripe — payment processing and subscription management
• Anthropic (Claude) — AI-powered security analysis. All PII is stripped before data is sent to Anthropic
• PostHog — product analytics and usage tracking
• Vercel — application hosting and serverless functions
• Cloudflare — CDN and DDoS protection
• Resend — transactional email delivery (account notifications, reports, alerts)

We use a limited set of cookies, none of which are used for advertising:

• Session cookies — httpOnly cookies for authentication. These are essential for the Service to function and cannot be disabled
• Analytics cookies — PostHog cookies for anonymous usage analytics. You may opt out of analytics tracking (see Your Rights below)

We do not use advertising cookies, tracking pixels, or any third-party advertising networks.

You have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate personal data
• Deletion — request deletion of your account and associated data
• Data export — export your uploaded data and generated reports at any time from your dashboard
• Opt-out of analytics — disable PostHog analytics tracking from your account settings

To exercise any of these rights, contact us at support@proxiveil.com. We will respond to your request within 30 days.

If you have questions about this Privacy Policy or our data practices, contact us at: