Privacy Policy
Effective Date: February 24, 2026
ProofIQ ("we," "us," "our") operates the compliance automation platform available at proofiqapp.com. We take the privacy and security of your data seriously — especially given the sensitive nature of FCC/USAC Lifeline eligibility documentation. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
1. Information We Collect
We collect information in the following categories:
a. Account Information
When you create an account, we collect your name, email address, phone number, company name, job title, and billing information. This data is necessary to provision your account, process payments, and communicate with you about the Services.
b. Audit & Compliance Data
Through our AI agents — Sentra, Verda, and Cora — you may submit subscriber eligibility documents, government-issued identifiers, proof-of-income records, and benefit program enrollment confirmations. This data is processed exclusively for the purpose of automated compliance verification and is treated with the highest level of security.
c. Usage & Technical Data
We automatically collect information about how you interact with the platform, including IP addresses, browser type, device identifiers, operating system, access timestamps, pages viewed, and actions taken. This data helps us improve performance, diagnose issues, and enhance the user experience.
d. Cookies & Tracking Technologies
We use essential cookies to maintain session state and authentication. We may also use analytics cookies to understand aggregate usage patterns. You can manage cookie preferences through your browser settings. We do not use tracking technologies for third-party advertising purposes.
2. How We Use Your Information
We use the information we collect to:
- Deliver and operate the Services — Processing eligibility audits, generating compliance reports, and managing your account.
- Improve our AI models — Aggregated, anonymized audit patterns may be used to enhance the accuracy of Sentra, Verda, and Cora. Individual subscriber data is never used to train models without explicit, documented consent.
- Communicate with you — Sending service-related notifications, product updates, security alerts, and billing communications.
- Ensure security and compliance — Detecting fraud, preventing unauthorized access, and meeting our regulatory obligations.
- Fulfill legal obligations — Responding to lawful requests from regulators, law enforcement, or courts of competent jurisdiction.
3. Data Sharing & Disclosure
We do not sell your data. We do not share personal or audit data for advertising, marketing by third parties, or any purpose unrelated to delivering the Services. We may share information in the following limited circumstances:
- Service Providers — Trusted third-party vendors who assist us with infrastructure, payment processing, or analytics, bound by strict data processing agreements.
- Legal Compliance — When required by law, subpoena, court order, or regulatory request.
- Business Transfers — In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.
- With Your Consent — When you explicitly authorize us to share specific information.
4. Data Security
Protecting compliance data is foundational to our business. We implement security measures that include, but are not limited to:
- Encryption — All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access Controls — Role-based access with multi-factor authentication for internal systems.
- Infrastructure — Hosted on SOC 2 compliant cloud infrastructure with automated threat detection.
- Audit Logging — Comprehensive logging of all data access and processing activities for accountability.
- Incident Response — A documented incident response plan with defined notification timelines in the event of a data breach.
While no system can guarantee absolute security, we continuously evaluate and enhance our security posture to meet industry best practices and regulatory expectations.
5. Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
- Account data is retained for the duration of your account and for a reasonable period thereafter for record-keeping.
- Audit and compliance data is retained in accordance with FCC/USAC record retention requirements (typically a minimum of 10 years for Lifeline records).
- Usage data is retained in anonymized form for analytics and service improvement.
Upon account deletion, we will remove or anonymize your personal data within 90 days, except where retention is required by law or legitimate business interest.
6. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion — Request deletion of your personal data, subject to legal retention requirements.
- Portability — Request your data in a structured, commonly used, and machine-readable format.
- Objection — Object to certain processing activities, such as direct marketing.
- Restriction — Request that we restrict the processing of your data under certain circumstances.
To exercise any of these rights, please contact us at privacy@proofiqapp.com. We will respond within 30 days.
7. Children's Privacy
The Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete it.
8. Third-Party Links
Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party service before providing your information.
9. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, regulatory requirements, or for other operational reasons. When we make material changes, we will update the "Effective Date" at the top of this page and notify you via email or an in-platform banner. Your continued use of the Services after any modification constitutes your acceptance of the updated policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: