Privacy policy.

ProseID processes two kinds of data: data about you, our customer, and data about your end users who fill out forms you've published. We treat these differently.

Data we collect about you (the customer)

Email, name, hashed password, billing details, the IP address you sign in from, and your usage patterns inside the app. We process this to operate the service, bill you, and keep your account secure.

Data we process for your end users

When an end user fills out a form you've published, we receive their submission, validate it against the schema you bound to the form, and deliver the verified payload to you via the channels you've configured. We act as a data processor on your behalf — you're the controller. By default, the submitted form data is purged from our hot storage within 30 days of webhook delivery; only the cryptographic proof and signature persist.

AdES signatures

Signed sessions are signed by UIP — not by ProseID. UIP is the signature authority and binds the signature to the signer's verified identity. We retain the resulting signature, UIP's certificate fingerprint, and the signed payload digest indefinitely so the signature remains independently verifiable; the cleartext payload itself is not part of this retention.

Sub-processors

We use a small set of infrastructure sub-processors (cloud hosting, email delivery, payments). The current list is published at /legal/sub-processors and updated as it changes.

Your rights

If you're a customer, you can export or delete your account data at any time from settings. If you're an end user who completed a form, contact the publisher who sent you the form — they're the controller and we'll route your request to them.

Contact

Privacy questions: [email protected]. Data protection officer: same address.

This is placeholder copy provided for product preview. Final policy will be reviewed by counsel before launch.