Privacy
Policy

Data is only collected when you explicitly authorise a connection via that platform's OAuth flow. We collect three categories of data across our integrations.

Account Data (all users)

• —To display your trust metrics, review activity, social growth, and revenue signals on your Proof dashboard — the sole purpose of every data point we collect.
• —To send you service notifications (e.g. new review alerts, sync errors) via email where you've opted in.
• —To maintain your account and authenticate your platform connections via stored OAuth tokens.
• —We do not use your data for advertising, profiling, or any purpose beyond operating the dashboard you've authorised.
• —We do not sell, license, or share your data with any third party for their own purposes.

We apply different retention rules depending on the sensitivity of the data and how it's used.

All platform data is collected exclusively via official, merchant-authorised OAuth 2.0 flows. Proof employees cannot initiate or alter any merchant's platform authorisation.

• —Google Business Profile — via Google OAuth 2.0 ( business.manage scope, read-only). New review events are received via Google Cloud Pub/Sub (My Business Notifications API) — not by polling.
• —Instagram — via Meta's Instagram Basic Display API OAuth flow. Business account required.
• —Shopify — via Shopify's OAuth app install flow using the Admin API with read-only orders and products scopes.

• —Write to, edit, or modify your Google Business Profile, Instagram account, or Shopify store in any way.
• —Post, respond to, or flag reviews on your behalf.
• —Access individual customer names, addresses, payment details, or any personally identifiable information from Shopify orders.
• —Read private Instagram messages, story content, or follower identities.
• —Store raw review text or reviewer names beyond the active dashboard session.
• —Share any platform data with third parties for advertising, analytics resale, or profiling purposes.

• —All traffic between your browser, our servers, and connected platform APIs uses TLS 1.2 or higher.
• —OAuth tokens and credentials are encrypted at rest using industry-standard practices.
• —Cloud Pub/Sub communication with Google is secured via Google's own IAM permission system — only our service account (mybusiness-api-pubsub@system.gserviceaccount.com publisher permission) can publish to our topic.
• —Access to production systems is restricted to authorised Statsnapp Technologies personnel only.

• —Revoke access anytime. Disconnect any integration from your Proof dashboard, or directly via each platform's settings (Google Account → Security, Instagram → Apps and Websites, Shopify Admin → Apps).
• —Request data deletion. Email Founder@withproof.io — all linked data is permanently deleted within 24 hours of confirmation.
• —Access your data. Request a summary of what data Proof holds for your account at any time.
• —DPDP Act (India). As an Indian-based company, we operate in compliance with India's Digital Personal Data Protection Act, 2023. You have the right to access, correct, and erase your personal data.

Proof connects to the following third-party platforms. Their own privacy policies govern how they handle data on their side:

• —Google Business Profile API — Google Privacy Policy · GBP API Terms
• —Google Cloud Pub/Sub— used exclusively for receiving new review event notifications from Google's My Business Notifications API. Governed by Google Cloud Data Processing Terms.
• —Instagram Basic Display API — Meta Privacy Policy
• —Shopify Admin API — Shopify Privacy Policy

We will notify you by email before making material changes to this privacy policy. The "Last updated" date at the top of this page is updated for all changes. Continued use of Proof after notification constitutes acceptance.