Skip to content
ProovProov

Privacy Policy

Last updated: April 2, 2026

Proov ("we," "us," or "our") is operated by Marian Stanciulica, an independent developer based in Romania. This Privacy Policy explains how we collect, use, and protect your information when you use the Proov mobile application and website (collectively, the "Service").

1. Information We Collect

Account Information

When you sign up via Apple Sign-In or Google Sign-In, we receive your authentication identifier and, if you choose to share it, your name and email address. You also create a username/handle during onboarding.

Focus Session Data

We store data you create through the app: focus sessions (duration, start time, notes, tags), projects (name, description, icon, color), custom tags, and profile statistics (total focus time, streak count, session count).

Device Information

If you enable push notifications, we store your Apple Push Notification service (APNs) device token to deliver notifications. We also store your notification preferences.

Analytics

We use PostHog to understand how the app is used. Analytics events (e.g., session started, feature viewed) are collected only in release builds — development builds send no analytics data. Session replay captures 10% of sessions with all text inputs masked and all images masked. We do not use analytics for cross-app tracking.

Purchase Information

Subscriptions are processed through Apple's App Store and managed via RevenueCat. We do not collect or store your payment details. RevenueCat receives a pseudonymous app user ID to manage your subscription status.

Screen Time Data

If you grant Screen Time permission, the app uses Apple's Family Controls framework to block distracting apps during focus sessions. We store only aggregate counts (number of apps/websites blocked), never the identities of blocked apps or websites. This data never leaves your device except as aggregate counts.

2. How We Use Your Information

  • Provide and maintain the Service (sessions, streaks, statistics)
  • Send push notifications you have opted into (streak reminders, session summaries, achievements, product updates)
  • Analyze aggregated, anonymized usage patterns to improve the app
  • Process and manage your subscription
  • Respond to support requests

We do not sell your personal data. We do not use your data for advertising. We do not engage in cross-app tracking.

3. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation, we process your data based on:

  • Contract performance — to provide the Service you signed up for
  • Legitimate interest — to improve and secure the Service through aggregated analytics
  • Consent — for optional features like push notifications and session replay

4. Third-Party Services

We share data with these service providers, who process it on our behalf:

Supabase

Authentication, database hosting, and backend infrastructure

Privacy Policy

PostHog

Product analytics and masked session replay

Privacy Policy

RevenueCat

Subscription management and purchase validation

Privacy Policy

Apple (APNs)

Push notification delivery

Privacy Policy

5. Data Storage and Security

Your data is stored on Supabase-managed infrastructure with row-level security policies ensuring you can only access your own data. All data is transmitted over HTTPS/TLS. We do not store passwords — authentication is handled entirely through Apple Sign-In and Google Sign-In via Supabase Auth.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we permanently delete all your personal data (sessions, projects, tags, profile, device tokens) from our servers. Aggregated, anonymized analytics data may be retained.

7. Your Rights (GDPR)

As an EU resident, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — delete your account and all associated data
  • Restriction — restrict processing of your data
  • Portability — receive your data in a portable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at marian@tryproov.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or any EU data protection authority.

8. Children's Privacy

Proov is available to users aged 13 and older. If you are between 13 and 16 and located in the EU, you need parental or guardian consent to use the Service. We do not knowingly collect data from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.

9. International Transfers

Your data may be processed outside the EU/EEA by our service providers (Supabase, PostHog, RevenueCat). These transfers are protected by Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by updating the date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at: marian@tryproov.app