ProofCustody

Privacy Policy

Last updated: June 23, 2026

1. Information We Collect

We collect information you provide directly: name, email address, company name, role, claim-volume range, and any notes you include when requesting a demo or sample report. For paid live-claim engagements, we process claim data under a signed Business Associate Agreement (BAA). We also collect standard server logs (IP address, browser type, pages visited) for security monitoring.

2. How We Use Your Data

Claim data from a paid engagement is used solely to provide the compliance audit service you request. We do not sell or license claims data. We share data only with service providers and subprocessors needed to operate the service, under contractual safeguards. Each client's data is isolated at the row level so that one client's records are never accessible to another.

3. PII / PHI Handling

For live-claim workflows, ProofCustody applies configured PII/PHI handling controls before analysis, and the deterministic rules engine processes redacted text. The rules engine contains no large language model, so original identifiers are not sent to external AI services. Ghost Audit sample reports run on ProofCustody-provided synthetic claims data — we do not request, upload, or process PHI for a Ghost Audit.

4. Data Retention

Claim data processed for a paid live-claim engagement is retained and deleted according to the terms of your signed BAA. Ghost Audit sample reports are generated from ProofCustody-provided synthetic data; we retain your request information (name, email, company, notes) for sales and support follow-up unless you ask us to delete it.

5. Security

Live-claim data is encrypted in transit and at rest in the configured HIPAA-eligible production environment, with role-based access controls and access logging. Our security overview is available on request. See our security overview for details.

6. HIPAA & Live Claims

Sample audits require no PHI and no agreement. For live-claim work involving PHI, a signed Business Associate Agreement (BAA) is put in place before any PHI is transferred, and data is processed in a HIPAA-eligible environment. Email legal@proofcustody.com to request a BAA.

7. Your Rights

You may request deletion of your data at any time by contacting legal@proofcustody.com. We will respond to deletion requests within 30 days.

8. Contact

For privacy questions or to exercise your rights, contact legal@proofcustody.com.