Privacy Policy

1. Overview

Prov is a local-first career achievement capture app for iOS. There are no user accounts, no email collection, and no sign-up process. Your data is stored on your device. This policy explains what information is collected and how it is used when you interact with AI-powered features and subscription services.

2. Data Collected and How It Is Used

Win Text (AI Enrichment)

When you save a win, the text you enter is sent over a TLS-encrypted (HTTPS) connection to a Cloudflare Worker proxy with certificate pinning enforced on the client. The proxy decrypts the request to forward it to the Google Gemini API for processing. This is used solely to generate a polished achievement statement, extract skills, and classify the win into a pattern category. Your win text is not stored on the proxy after processing is complete. It is visible in plaintext at the proxy and at Google's API during processing.

Voice Audio

If you use voice input, audio is processed entirely on your device using Apple's Speech framework. No audio is sent to any server or stored after transcription.

Device Identifier

A random UUID is generated on first launch and stored in the iOS Keychain. This identifier is sent to the proxy server for API authentication and rate limiting. It is not linked to your Apple ID, name, or any other personal information.

Subscription Status

Subscription purchases are handled through the Apple App Store and processed by RevenueCat. RevenueCat receives an anonymous app user ID (the same device UUID) to manage subscription status. Prov does not receive your name, email, or payment details through this process.

Usage Counters

Free-tier usage limits (such as the number of AI enrichments per month) are tracked locally via UserDefaults and validated server-side via the proxy. No personal data is included in these checks beyond the device UUID.

3. Third-Party Services

• Google Gemini API (via Cloudflare Worker proxy) — processes win text for AI enrichment. Subject to Google's API Terms of Service.
• RevenueCat — manages subscription status. Subject to RevenueCat's Privacy Policy.
• Apple App Attest — verifies device integrity to prevent API abuse. No personal data is shared.

4. Data We Do Not Collect

• Email addresses
• Names or real-world identities
• Location data
• Analytics or usage telemetry
• Advertising identifiers (IDFA)
• Cross-app tracking data
• Contacts, photos, or other device data

5. Data Security

All communication with our proxy server uses TLS encryption (HTTPS) with certificate pinning to prevent interception by network proxies or compromised certificate authorities. Your device identifier is stored in the iOS Keychain, which is encrypted by the operating system. API requests are authenticated using HMAC-SHA256 tokens and, on supported devices (iPhone 12 and later), Apple App Attest provides additional cryptographic device integrity verification via the Secure Enclave. Your wins, weekly updates, and briefs are stored locally on your device using iOS's built-in data protection. Win text is not end-to-end encrypted — it is decrypted at the proxy server for forwarding to the AI service.

6. Your Rights

• Export: You can export all your data as a JSON file from Settings at any time.
• Delete: You can delete individual wins or all data from within the app.
• Uninstall: Deleting the app removes all locally stored data, including the Keychain identifier.

Since we do not maintain user accounts or store personal data on our servers, there is no server-side data to request deletion of.

7. Children's Privacy

Prov is not directed at children under the age of 13. We do not knowingly collect any information from children.

8. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page indicates when the policy was last revised. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this privacy policy, contact us at abhishekgawde@proton.me.