Last updated June 5, 2026
This policy explains what personal data ProofNod collects, why we use it, who we share it with, and the rights you have. It covers both people who hold a ProofNod account and the clients whose details account holders enter into the service.
ProofNod is a tool for freelancers and studios to create change orders and capture structured client approvals. The service is currently operated by an individual based in Bulgaria (the European Union), referred to here as "we", "us", or "the operator". We are the data controller for the account and usage data described below.
You can reach us about anything in this policy, including privacy requests, at hello@proofnod.com. We have not appointed a Data Protection Officer because the scale of our processing does not require one under Article 37 GDPR.
We collect the following categories of personal data:
Much of the data in the service is information our account holders enter about their own clients and projects. We receive that data from the account holder, not from the client directly. If you are an account holder, you are responsible for having a lawful basis to share your clients' details with us and for informing them where required.
A core function of ProofNod is to produce a trustworthy record that a client approved a specific change order. To do that we log the time of approval, the browser user agent, and a one-way hashed version of the client's IP address. We do not store raw IP addresses. The legal basis is our legitimate interest in the integrity of approval records and our performance of the contract with the account holder.
We do not sell your data. We share it only with the service providers (sub-processors) needed to run ProofNod, each under a data-processing agreement:
We will update this list before adding a new sub-processor. We may also disclose data where required by law or to protect our legal rights.
Some of our providers process data on infrastructure outside the European Economic Area, including the United States. Where that happens we rely on the EU-U.S. Data Privacy Framework where the provider is certified, and on the European Commission's Standard Contractual Clauses as a backstop safeguard. You can ask us for more detail on these mechanisms.
Under the GDPR you have the right to access, correct, delete, restrict, or port your personal data, to object to processing based on legitimate interests, and to withdraw any consent you have given. We do not make decisions about you using solely automated processing.
To exercise any of these rights, email hello@proofnod.com. We will respond within one month. Account holders can also update or delete much of their data directly from the dashboard.
If you believe we have mishandled your data you can lodge a complaint with the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни, cpdp.bg). If you are in another EU country you may also contact your local supervisory authority.
We use only strictly necessary cookies: the session cookie that keeps you signed in (set by Supabase authentication) and, during the closed pre-launch, a short-lived preview cookie. For audience measurement we use Vercel Web Analytics, a privacy-friendly tool that sets no cookies, does no cross-site tracking, and collects only aggregated, anonymous usage data that does not identify you. Because we use no advertising or tracking cookies, no cookie consent banner is required. Stripe may set its own cookies needed to process a payment when you check out.
We protect data in transit with encryption (HTTPS), store passwords only as secure hashes, and store IP addresses and approval-link tokens only in hashed form. Access to production data is restricted, and we rely on reputable infrastructure providers. No system is perfectly secure, but if a breach affects your data we will notify the relevant supervisory authority and, where the risk is high, affected users, as required by the GDPR.
ProofNod is a business tool not directed at children. We do not knowingly collect data from anyone under 18. If you believe a child has given us data, contact us and we will delete it.
When you enter your clients' data into ProofNod you act as a data controller for that data in your own right. You are responsible for having a lawful basis to process it, for giving your clients any notice they are due, and for handling their requests about the data you control.
We may update this policy as the product grows. For material changes we will notify account holders by email or in the app and update the date above. Continued use after a change means you accept the updated policy.
For any privacy question or request, email hello@proofnod.com.