Data & Privacy

What is stored

retain=false mode

Set retain: false in your API request and the original reasoning text is processed entirely in memory — it is never written to disk or database. The certificate is still generated, stored, and permanently accessible, but without the reasoning text. This mode is designed for regulated industries where sending proprietary or sensitive reasoning chains to a third party requires minimised data exposure.

What Prova does NOT do

• ✓ Train any AI model on submitted reasoning chains
• ✓ Share reasoning chains with third parties
• ✓ Use submitted content for any purpose other than generating your certificate
• ✓ Store raw API keys (only SHA-256 hashes)
• ✓ Sell data or allow advertising targeting based on submitted content

Certificate permanence

Certificates are never deleted. This is by design — a certificate used in a regulatory audit or legal proceeding must remain accessible indefinitely. If a certificate contains an error and a corrected certificate is issued, the original is marked as superseded but remains permanently accessible, linked to the correction.

EU data residency

Currently, all data is stored in Supabase US region. EU data residency (data stored exclusively within the European Economic Area) is available on the Enterprise plan. Contact us to discuss your requirements.

Data retention

Certificates: permanent (never deleted). Usage logs: retained for 24 months then anonymised. Account data: retained while your account is active, deleted within 30 days of account closure. Reasoning text (retain=true): retained with the certificate permanently. Reasoning text (retain=false): never stored.

Contact

Data questions: kian@cobound.dev
For GDPR data subject requests, include your account email and the nature of the request.