Proofa Privacy Policy
Enterprise-Grade Authentication & Licensing Infrastructure
Last Updated: December 2025
Overview
Proofa is an enterprise-grade authentication and licensing infrastructure for SaaS applications. This policy explains how we handle authentication data, sessions, and licensing information.
Information Collected
Authentication Data
- User credentials (email, hashed passwords)
- Session tokens and refresh tokens
- Multi-factor authentication settings
- Login history and timestamps
Licensing Data
- License keys and validation status
- Product and subscription information
- Usage limits and quotas
- Tenant and organization associations
Technical Data
- IP addresses for security monitoring
- Device information and user agents
- API usage logs
Data Usage
Data is used solely for:
- Authentication and authorization
- License validation and enforcement
- Security monitoring and fraud prevention
- Multi-tenant access control
- Session management
Data Security
Important: All passwords are hashed using industry-standard algorithms. Session tokens use secure encryption. Multi-factor authentication is supported.
Data Retention
- Active sessions: Until logout or expiration
- User accounts: Until deletion requested
- Audit logs: Retained for security compliance (typically 90 days)
- License data: Retained for billing and compliance purposes
Multi-Tenant Architecture
Proofa uses a multi-tenant architecture. Data isolation is enforced at the application and database level. Tenant data is never shared across organizations.
Third-Party Services
Hosting: Cloud infrastructure providers (AWS, GCP, or similar)
Email: Transactional email services for authentication
Monitoring: Infrastructure monitoring (no PII shared)
Your Rights
- Access your authentication data
- Delete your account and associated data
- Export your data
- Revoke active sessions
- Request audit logs
Contact
For privacy inquiries, contact us at:
Email: dps.manit@gmail.com