Application privacy policy

Privacy Policy

Last updated: May 4, 2026

ProofSite helps local business owners create proof-first websites, collect testimonials, publish public pages, and receive leads. This policy explains what information ProofSite collects, how it is used, and the choices available to account holders and visitors.

ProofSite uses Google OAuth for sign-in. When you continue with Google, ProofSite uses basic profile information only to create or access your ProofSite account.

Information we collect

Account information: name, email address, authentication identifiers, avatar URL or image, account settings, and authentication session data.
Business workspace information: organization details, business name, category, description, contact details, location, hours, services, website drafts, published site data, domains, assets, and project settings.
Proof and content: testimonials, testimonial request links, uploaded photos, captions, alt text, source labels, approval status, and edits made by the business owner.
Lead and public submission data: names, email addresses, phone numbers, messages, preferred services, source URLs, consent flags, and related form metadata submitted through public ProofSite pages.
Google-related data: if you sign in with Google, ProofSite receives basic account profile data such as name, email, and avatar. If you use the optional Google Places helper, ProofSite may store allowed business details, source labels, attribution metadata, limited review references, and photo references returned for the business lookup.
Technical and security data: IP address, user agent, request logs, device and browser information, timestamps, analytics events, cookies or local storage used for authentication, and anti-abuse checks.

How we use information

Authenticate users and maintain secure account sessions.
Create, edit, publish, and host local business websites.
Collect, moderate, approve, reject, and display testimonials.
Store and organize business photos, logos, galleries, and captions.
Generate proof themes and site drafts when the owner requests it.
Deliver leads to the business owner and measure lightweight CTA, form, and QR interactions.
Protect the service from spam, abuse, unauthorized access, and fraud.
Provide support, debug issues, improve reliability, and comply with legal obligations.

Google OAuth and Google API data

ProofSite uses Google OAuth for sign-in and account creation. For sign-in, ProofSite requests only the information needed to identify the account, such as name, email, and avatar. ProofSite does not use Google OAuth sign-in to access Gmail, Drive, Calendar, or other Google content.

ProofSite's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Users can revoke Google access from their Google Account permissions page.

AI generation

When an owner queues proof extraction or site generation, ProofSite may send relevant business details, approved testimonials, services, assets metadata, and owner-provided claims to an AI provider to create draft output. AI output is a draft for owner review. Owners should verify all generated claims before publishing.

How information is shared

Public site visitors: published business details, approved testimonials, selected photos, hours, services, CTAs, and contact forms are visible on public ProofSite pages.
Service providers: hosting, database, email, analytics, AI, authentication, payment, and infrastructure providers may process data only as needed to operate ProofSite.
Legal and safety: information may be disclosed when required by law, to protect rights and safety, or to investigate abuse.

ProofSite does not sell personal information. Pending testimonials and imported reference data are not shown on public sites unless the owner approves or publishes them.

Cookies and local storage

ProofSite uses cookies or browser storage for authentication sessions, security, preferences, and basic product functionality. Public pages may record lightweight events such as CTA clicks, form submissions, or QR source visits.

Data retention and deletion

ProofSite keeps account, business, content, lead, and operational data while the account or workspace is active or as needed for service, security, backups, legal compliance, and dispute resolution. Account owners may request access, correction, export, or deletion of their data by contacting ProofSite.

Security

ProofSite uses reasonable administrative and technical safeguards to protect data. No online service can guarantee perfect security, so users should protect account credentials and notify ProofSite of any suspected unauthorized access.

Children

ProofSite is intended for business users and is not directed to children under 13. Do not use ProofSite to submit information about a child without appropriate authority and consent.

International processing

ProofSite may process and store information in countries other than where a user or visitor lives. By using ProofSite, users understand that information may be processed where ProofSite and its providers operate.

Changes to this policy

ProofSite may update this policy as the product, providers, or legal requirements change. The updated date above shows when this policy was last revised.

Contact

Questions about this policy can be sent to bao@baobui.dev.