Privacy Policy

Effective date: 20th June 2026 — Version 2.0

1. Introduction

This Privacy Policy describes how PROVEN Global, Inc. (“PROVEN”, “we”, “us”, or “our”) collects, uses, and discloses personal data when you access or use the PROVEN platform available at https://provenvalidation.com and any associated services, applications, APIs, integrations, and reports (collectively, the “Service”).

PROVEN is a professional validation platform designed so that each Professional initiates, controls, and owns their own validation process and the resulting report. This privacy-by-design principle shapes the entirety of this Policy.

This Policy should be read together with the PROVEN Terms and Conditions and the PROVEN Cookie Policy, which form an integral part of the relationship between you and PROVEN.

2. Who We Are; Data Controller

For the purposes of the European Union General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the Swiss Federal Act on Data Protection (“FADP”), the United Kingdom GDPR, and equivalent legislation, the data controller for personal data processed through the Service is:

PROVEN Global, Inc.
Email: privacy@provenvalidation.com

For users in the United States, this Policy describes our practices in accordance with applicable U.S. state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”).

3. Scope and User Categories

This Policy applies to the following categories of individuals who interact with the Service:

  • “Professionals”: individuals who create a PROVEN account to build, hold, and selectively share a validated profile of their own professional competencies.
  • “Peers”: individuals personally invited by a Professional to provide feedback on that Professional's competencies.
  • “Recruiters”: individuals or organizations accessing the Service to identify or contact Professionals in connection with employment, contract, or engagement opportunities.
  • “Company Users”: organizations and their authorized representatives accessing the Service for hiring, talent, or workforce purposes.
  • “Visitors”: individuals who visit the public-facing portions of the Service without creating an account.

4. Information We Collect

4.1 Information You Provide Directly

When you create an account or interact with the Service, you may provide:

  • Identification data: name, email address, professional title, country of residence, and (optionally) profile photo.
  • Professional data: employment history, education, certifications, languages, skills, and self-assessment of competencies.
  • Account credentials: hashed passwords or third-party authentication tokens (for example, Google or LinkedIn sign-in, where offered).
  • Communications: messages you send through the platform, including invitations to Peers and communications with Recruiters and Company Users.
  • Payment information: where applicable, billing details processed through our payment provider. PROVEN does not store full payment card numbers on its own systems.

4.2 Information Provided About Peers by Professionals

When a Professional invites a Peer to participate in a Validation, the Professional provides the Peer's email address and, optionally, the Peer's name and relationship context (for example, “former manager” or “current colleague”). The Professional is responsible for ensuring that they have an appropriate basis to share that contact information with PROVEN for the purpose of sending the invitation.

PROVEN processes the Peer's contact information solely to deliver the invitation, manage the response, and incorporate the Peer's feedback into the Professional's Report. PROVEN does not use Peer contact information for direct marketing.

4.3 Information Provided by Peers

When a Peer accepts an invitation, the Peer may provide:

  • Their name, email address, and professional context (current role and relationship to the Professional).
  • Their structured feedback on the Professional's competencies.
  • Any additional comments they choose to include.

Peer feedback is provided voluntarily. A Peer may decline an invitation or withdraw before submitting feedback at any time.

4.4 Information from Third-Party Sources

If you choose to connect a third-party account (for example, LinkedIn or Google) to the Service, we may receive information from that third party in accordance with your authorization on that platform and its privacy practices. We use this information only to facilitate sign-in or to pre-fill profile data you have authorized to import.

4.5 Automatically Collected Information

When you access the Service, we and our service providers may collect:

  • Technical data: IP address, device identifiers, browser type and version, operating system, language preferences, and time zone.
  • Usage data: pages viewed, features used, time spent, click paths, referring URLs, and error logs.
  • Cookies and similar technologies: as described in the PROVEN Cookie Policy.

5. How We Use Personal Data

We use personal data for the following purposes:

  • To provide, operate, and maintain the Service, including account creation, authentication, profile management, Validation workflows, and Report generation.
  • To enable Professionals to invite Peers, receive feedback, and produce and share Reports.
  • To enable Recruiters and Company Users to search for Professionals who have made themselves discoverable.
  • To preserve the integrity of Validations, including the application of platform rules such as minimum response times, pattern detection, and peer relationship checks. These rules apply uniformly and are intended to deter manipulation rather than to evaluate any individual.
  • To communicate with you about the Service, including service notices, security alerts, and administrative messages.
  • To send commercial communications where permitted by law and where you have the right to opt out at any time.
  • To process payments and manage billing.
  • To monitor, analyze, and improve the Service, including security, performance, reliability, and user experience.
  • To detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms and Conditions.
  • To comply with legal obligations and to establish, exercise, or defend legal claims.

PROVEN does not evaluate individuals as “good” or “bad”, does not produce moral judgments, and does not make hiring, contracting, promotion, retention, or any other employment decisions on behalf of any party.

6. Legal Bases for Processing (EU, EEA, United Kingdom, Switzerland)

Where the GDPR, UK GDPR, or FADP applies, we rely on the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR): to provide the Service to Users who have accepted the Terms and Conditions.
  • Legitimate interests (Article 6(1)(f) GDPR): to operate, secure, and improve the Service; to communicate with Users; to prevent fraud and abuse. Where we rely on legitimate interests, we have assessed that these interests are not overridden by Users' rights and freedoms.
  • Consent (Article 6(1)(a) GDPR): for specific processing activities that require it, including certain cookies and direct marketing communications. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Compliance with a legal obligation (Article 6(1)(c) GDPR): where required by applicable law.

We do not knowingly process special categories of personal data within the meaning of Article 9 GDPR. Users are instructed not to submit such information through the Service.

7. Sharing of Personal Data

7.1 With Other Users at the Professional's Direction

A Professional's profile and Report are shared with other Users only as a result of the Professional's own decisions about visibility and sharing. PROVEN does not deliver Reports to any third party on its own initiative.

7.2 With Service Providers

We engage carefully selected service providers (“Processors” under the GDPR) to perform functions on our behalf, such as cloud infrastructure, email delivery, analytics, customer support tooling, and payment processing. These providers process personal data only on our documented instructions and under contractual obligations consistent with applicable law.

7.3 In Connection with Legal Obligations

We may disclose personal data when we believe in good faith that disclosure is necessary to comply with a legal obligation, to enforce our Terms and Conditions, to protect the rights, property, or safety of PROVEN or others, or to respond to lawful requests by public authorities.

7.4 In Connection with Corporate Transactions

If PROVEN is involved in a merger, acquisition, financing, reorganization, sale of assets, or insolvency proceeding, personal data may be transferred as part of that transaction. Any transferee will be bound to honor the commitments set out in this Policy or will provide notice and choice in accordance with applicable law.

7.5 With Your Consent

We may share personal data with third parties when you direct us to do so or otherwise consent to such sharing.

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising, within the meaning of the CCPA.

8. International Data Transfers

PROVEN is established in the United States and may use service providers located in the United States, the European Economic Area, the United Kingdom, Switzerland, and other jurisdictions. When we transfer personal data outside of your country of residence, including from the European Economic Area, the United Kingdom, or Switzerland to the United States, we implement appropriate safeguards, including:

  • Standard Contractual Clauses adopted by the European Commission.
  • The Swiss-U.S. Data Privacy Framework or equivalent successor frameworks, where applicable.
  • Additional technical and organizational measures where reasonably necessary.

You may request a copy of the safeguards in place by contacting privacy@provenvalidation.com.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Service, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

  • Active accounts: data is retained for the duration of the account.
  • Closed accounts: profile data is deleted or anonymized within ninety (90) days of account closure, except where retention is required by law or necessary to enforce legal claims.
  • Reports already shared by a Professional with a third party: copies retained by that third party are outside PROVEN's technical control after sharing.
  • Backup copies: secure backups are retained for a maximum of twelve (12) months and are then overwritten or deleted in the ordinary course.

10. Your Rights

10.1 Rights Under GDPR, UK GDPR, and Swiss FADP

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights:

  • Right of access to your personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) in defined circumstances.
  • Right to restriction of processing in defined circumstances.
  • Right to data portability for data you have provided to us.
  • Right to object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint with a supervisory authority, including the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority in the EU or UK.

10.2 Rights Under California Law

If you are a California resident, you have the following rights under the CCPA:

  • Right to know what personal information we collect, use, disclose, and sell or share.
  • Right to delete personal information we have collected about you.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information. PROVEN does not sell or share personal information for cross-context behavioral advertising.
  • Right to limit the use and disclosure of sensitive personal information. PROVEN does not use sensitive personal information for purposes that would trigger this right.
  • Right to non-discrimination for exercising your privacy rights.

10.3 How to Exercise Your Rights

To exercise any of your rights, contact us at privacy@provenvalidation.com. We will respond within the timeframes required by applicable law (generally one month under the GDPR and forty-five (45) days under the CCPA, with extensions where permitted).

We may need to verify your identity before fulfilling a request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or decline to act, as permitted by law.

11. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls, monitoring, secure development practices, and regular review.

No system can be guaranteed to be one hundred percent secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly of any suspected unauthorized access.

12. Children

The Service is not directed to individuals under the age of 18 and we do not knowingly collect personal data from individuals under 18. If we become aware that we have collected such data, we will delete it without undue delay.

13. Automated Decision-Making

PROVEN does not make decisions about Users based solely on automated processing that produces legal effects or similarly significant effects on them. The platform may apply automated integrity checks to Validations, but these checks do not constitute decisions about any individual within the meaning of Article 22 GDPR.

Any decision regarding employment, contracting, or engagement is made by the Recruiter or Company User using the Service, not by PROVEN.

14. Cookies and Similar Technologies

We use cookies and similar technologies as described in the PROVEN Cookie Policy. You can manage your cookie preferences at any time through your browser settings.

15. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services not operated by PROVEN. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy notices of any third party before providing information to them.

16. Changes to This Policy

We may update this Policy from time to time to reflect changes in the Service, our practices, or applicable law. Material changes will be communicated through the Service or by email, with a reasonable notice period before they take effect. The “Last updated” date at the top of this Policy indicates when it was most recently revised.

17. Contact

Questions about this Policy or your personal data may be directed to:

PROVEN Global, Inc.
Email: privacy@provenvalidation.com
Postal address: [to be set upon incorporation]

For users in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to contact your local data protection supervisory authority.