ProveSite

Legal

Privacy Policy

Last updated: May 19, 2026

1. Who we are

ProveSite Inc. (“ProveSite”, “we”, “our”) operates the ProveSite workforce compliance platform, available at app.provesite.com and associated subdomains. Our registered office is in Canada.

2. Data we collect

We collect information necessary to operate the platform:

  • Account information: name, email address, phone number, company name.
  • Worker profile data: trade type, emergency contact, profile photo.
  • Certification records: photos of certification documents, expiry dates, issuing bodies.
  • Site activity: check-in and check-out times, location at the site level (not GPS tracking), compliance status.
  • Usage data: pages visited, features used, device type — collected via standard web server logs.

3. How we use your data

  • To operate and deliver the ProveSite platform.
  • To send transactional notifications (certification expiry alerts, OTP codes, emergency roll call alerts).
  • To generate compliance reports requested by your organisation.
  • To maintain audit records required by applicable workplace safety regulations.
  • To improve platform reliability and performance.

We do not sell your data to third parties. We do not use your data for advertising.

4. Data residency

All ProveSite data is stored and processed in Canada (ca-central-1) using Supabase infrastructure hosted on AWS. This applies to all database records, file uploads, and backups. We do not transfer personal data outside of Canada for storage or primary processing.

5. Data retention

Worker check-in records, certification records, and audit logs are retained for as long as your organisation’s account is active, plus a minimum of 7 years to satisfy WSIB and applicable provincial workplace safety record-keeping requirements. You may request deletion of your account by contacting us; records required by law will be retained for the required period.

6. Third-party services

ProveSite uses the following third-party services to operate:

  • Supabase — database and file storage (Canada)
  • Resend — transactional email delivery
  • Twilio — SMS notifications
  • Vercel — web application hosting
  • Railway — API server hosting
  • Stripe — payment processing (billing customers only)

Each of these providers is bound by their own privacy policies and, where applicable, a data processing agreement with ProveSite.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of your account and associated personal data (subject to legal retention requirements).
  • Withdraw consent for non-essential communications.

To exercise these rights, contact us at hello@provesite.com.

8. Security

ProveSite uses industry-standard security practices including bcrypt password hashing, JWT-based authentication, TLS encryption in transit, and row-level security on all database tables. For a full security overview, see our Security page.

9. Changes to this policy

We may update this policy as the platform evolves. Material changes will be communicated to account holders via email at least 14 days before they take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

10. Contact

Questions about this policy or your data? Email us at hello@provesite.com or write to ProveSite Inc., Canada.