Privacy Policy

Last updated:

13 November 2025

1. Introduction

DeepTrace Consulting Ltd (trading as Proof) ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital forensics and data acquisition platform.

DeepTrace Consulting Ltd is the data controller responsible for your personal data. Deeptrace Consulting Ltd is registered with the Information Commissioner's Office (ICO Registration Number: ZC044407)

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address

  • Name (if provided via Google OAuth)

  • Google account ID (when using Google authentication), Microsoft Account ID (when using Microsoft authentication)

  • Account creation and last login timestamps

2.2 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. We receive and store:

  • Stripe customer ID

  • Payment status and timestamps

  • Transaction records

2.3 Acquisition Data

When you perform data acquisitions, we collect and store:

  • File metadata (names, sizes, timestamps, hashes)

  • Chain of custody information

  • Acquisition logs and status information

  • Encrypted copies of acquired data

2.4 Technical Information

We automatically collect:

  • IP addresses

  • Browser type and version

  • Operating system

  • Access times and referring URLs

  • Error logs and performance data

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our forensic data acquisition services

  • Process your payments and manage subscriptions

  • Authenticate your identity and secure your account

  • Generate chain of custody documentation

  • Store and enable retrieval of acquired data

  • Communicate with you about service updates and issues

  • Improve our platform and develop new features

  • Comply with legal obligations and law enforcement requests

  • Detect and prevent fraud and security incidents

4. Data Storage and Security

4.1 Storage Location

Your data is stored on secure servers in the EU-WEST-2 (London) AWS region. Acquired files are encrypted using AES-256 encryption before storage in Amazon S3. Some service providers (Stripe, Clerk, Sentry) are based in the United States. Data transfers to these providers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-US Data Privacy Framework (for certified participants).

4.2 Security Measures

We implement industry-standard security measures including:

  • AES-256 encryption for all acquired data at rest

  • TLS/SSL encryption for data in transit

  • Secure credential management via AWS Secrets Manager

  • Regular security audits and monitoring

  • Role-based access controls

  • Multi-factor authentication support

4.3 Data Retention

Acquired data is retained for 60 days unless you request earlier deletion. After 60 days, data is automatically deleted from our systems. Account information is retained until you request account deletion. You can delete an acquisition's data any time from the Dashboard. If you request deletion of your profile, all associated data will be deleted within 24 hours.

Payment transaction records are retained for 7 years to comply with UK tax law requirements, even if you delete your account. These records contain only payment amounts, dates, and transaction IDs - no file data or acquisition content.

Chain of custody records are deleted with acquisition data after 60 days, unless required for an active legal proceeding or dispute.

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share information with trusted service providers:

  • Amazon Web Services (AWS): Cloud infrastructure and data storage

  • Stripe: Payment processing

  • Google: Authentication and cloud storage access (when you use Google OAuth)

  • Microsoft: Authentication and cloud storage access (when you use Microsoft OAuth)

  • Clerk: Authentication and user management

  • Sentry: Error tracking and application monitoring

  • Google Analytics: Usage analytics and service improvements

5.2 Legal Requirements

We may disclose your information when required by law, court order, or legal process, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data

  • Correction: Update or correct inaccurate information

  • Deletion: Request deletion of your account and associated data

  • Export: Download your acquired data and chain of custody records

  • Object: Object to certain processing of your data

  • Portability: Receive your data in a machine-readable format

  • Complaint: Lodge a complaint with the Information Commissioner's Office (ico.org.uk) if you believe your data rights have been violated

To exercise these rights, contact us at the email address provided below.

7. Cookies and Tracking

  • Essential cookies: Session management and authentication

  • Analytics cookies: Google Analytics for usage statistics (you can opt-out)

8. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

9. International Data Transfers

Your data is primarily stored in the EU (London region). If you access our service from outside the EU, your data will be transferred to and processed in the EU under appropriate safeguards.
Some service providers (Stripe, Clerk, Sentry) are based in the United States. Data transfers to these providers are protected by: Standard Contractual Clauses (SCCs) approved by the European Commission; The EU-US Data Privacy Framework (for certified participants).

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: support@proof-data.com

12. GDPR Compliance

For users in the European Economic Area (EEA), we process your data under the following legal bases:

  • Contract: Providing acquisition services, storing and managing your data, processing payments, and fulfilling our contractual obligations to you

  • Consent: Where you have given explicit consent, such as connecting cloud storage accounts (Google Drive, OneDrive) for data acquisition

  • Legal Obligation: Complying with legal requirements, responding to lawful requests, and maintaining records as required by law

  • Legitimate Interests: Fraud prevention, service improvement, security monitoring, preventing abuse, and protecting our rights and those of our users