No Affiliation Disclaimer: Proof Me LLC is not affiliated with, endorsed by, sponsored by, or in any way officially connected with Apple Inc., Meta Platforms, Signal Messenger LLC, Telegram FZ-LLC, Snap Inc., Microsoft, TikTok, or any other messaging platform referenced in our Service. All trademarks, product names, and brand names are the property of their respective owners and are used for identification and compatibility description only.
Zero-Knowledge Architecture: Your cloud vault data is encrypted on your device using AES-256-GCM before it ever reaches our servers. We cannot decrypt or provide readable message content, attachments, or vault contents because we do not possess your vault password or encryption keys. We may still process and disclose account, billing, usage, device, encrypted-object metadata, or ciphertext where this policy or law allows.
1. Introduction
Proof Me LLC ("Company," "we," "us," or "our"), the legal entity that operates the Proof Me Hard! forensic research platform ("Service"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.
2. Our Zero-Knowledge Commitment
We have built our platform with a true zero-knowledge encryption architecture. This is not a marketing claim — it is a fundamental technical design of our system:
- Client-Side Encryption: All data uploaded to our cloud storage is encrypted on your device using AES-256-GCM authenticated encryption before transmission. All encryption and decryption operations occur exclusively on your device, never on our servers. Our servers store only ciphertext, initialization vectors, and file sizes.
- We Never Possess Your Keys: Your encryption keys are derived from your vault password on your device using the Argon2id memory-hard key derivation function. We never receive, transmit, store, or have access to your encryption keys or your vault password at any point. Our servers store only a salt, Argon2 parameters, a key-verification hash, and, where configured by the client, an encrypted recovery-key record that we cannot decrypt.
- We Cannot Access Your Data: We do not have the technical capability to decrypt, read, view, or access your messages, attachments, contacts, or any personal content. Our servers store only encrypted data that is meaningless without your keys.
- We Cannot Provide Readable Vault Content: Even if compelled by court order, subpoena, warrant, national security letter, or any other legal process, we cannot provide readable access to your encrypted cloud data because we do not possess the technical means to decrypt it. We can only confirm that encrypted (unreadable) data exists and provide metadata such as storage size and timestamps. See our Law Enforcement & Legal Process Policy.
- Local Processing: Our desktop application processes your message data locally on your computer across all supported platforms (iMessage, WhatsApp, Telegram, Facebook Messenger, Instagram, Skype, TikTok, and Snapchat). Message content, conversations, and attachments are never transmitted to our servers in unencrypted form.
- Key Loss is Permanent: If you lose the credentials needed to decrypt your vault, your encrypted data is permanently inaccessible. We cannot perform key recovery because we never had your keys.
3. Information We Collect
3.1 Information You Provide
- Account Information: Name, email address, and password when you create an account
- Billing Information: Payment card details, processed securely by our payment processor (Stripe) or, for purchases made through an authorized reseller platform (such as ClickBank, JVZoo, CartPanda, or 2Checkout), by that platform as the merchant of record. We never store full card numbers.
- Support Communications: Information you provide when contacting customer support, including support form submissions, email messages, phone numbers, SMS messages, call details, request type, product area, platform, app version, operating system version, source type, order or session reference, IP address, browser details, and support conversation metadata
3.2 Information Collected Automatically
- Device Information: Device type, operating system, browser type, unique device identifiers
- Usage Information: Features used, actions taken, time spent on the Service
- Log Data: IP address, approximate country/city derived from IP address when a reviewed lookup provider is enabled, access times, pages viewed, referring URLs
- Agreement Records: When you accept our legal documents, we record the document versions accepted, the date and time, your IP address, and your browser's user agent string. We retain these records as evidence of your agreement.
- Cookies: Essential cookies for authentication and session management
3.3 Information We Do NOT Collect or Access
Due to our zero-knowledge architecture, it is technically impossible for us to access the following data, even if requested by law enforcement or compelled by legal process:
- Your message content or conversation history
- Your attachments (photos, videos, documents)
- Your contacts or address book data
- Any decrypted personal data from your device backups or messaging app exports
- Your encryption keys or any means to decrypt your data
- The contents of any data you upload to our cloud storage (stored only in encrypted form)
3.4 Analytics and Telemetry
Website analytics. Our public marketing pages and purchase flow use Google Analytics 4 to measure visits, traffic sources, and purchases. Google Analytics is never loaded inside the application itself — your account dashboard and the desktop app contain no Google trackers. Email addresses are redacted from analytics data.
Desktop app telemetry. The desktop application sends anonymous product telemetry to our own servers (never to third parties) to help us improve reliability and performance. This is on by default and can be turned off at any time in the app under Settings → Privacy. Telemetry consists only of:
- Feature usage events (for example, "an extraction completed") with approximate magnitudes (bucketed ranges, never exact counts), durations, navigation screen names, bucketed navigation depth, and preference states such as crash-report and automatic-sync opt-ins
- Sign-in and license-health outcomes, such as successful sign-in or heartbeat events, subscription tier, trial flag, coarse failure category, and authorized-computer slot counts
- Update check, install, skip, and failure outcomes, including app versions and coarse failure categories
- App version, operating system version, processor architecture, coarse CPU core bucket, coarse memory bucket, coarse storage-capacity and free-space buckets, coarse window-size bucket, coarse display-scale bucket, theme, locale, and coarse UTC offset
- Local capability flags showing whether packaged desktop helpers or built-in decode support are available for iOS backups, video thumbnails, OCR, and HEIC images
- Error categories (never error text, which could contain file paths)
- A one-way hashed machine identifier and a random per-launch session identifier
Telemetry never includes message content, search queries, file names or paths, contact names or handles, email addresses, passwords, authentication tokens, encryption keys, recovery secrets, or any data from your library. These exclusions are enforced in the application code and validated again by our servers, which reject any event name or metric key outside the approved telemetry inventory. Telemetry data is retained for 180 days and then deleted automatically. If you turn telemetry off, queued events are discarded immediately.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process your subscription and payments
- Send transactional emails (receipts, account notifications, trial and renewal reminders)
- Respond to your inquiries and provide customer support
- Send and receive customer-support text messages when you text us or provide your phone number for SMS support, verification, account assistance, billing help, or technical troubleshooting
- Analyze usage patterns to improve the Service
- Detect, prevent, and address fraud, abuse, payment disputes, and security issues
- Maintain records of your agreement to our legal documents
- Comply with legal obligations
5. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Service Providers: With trusted third parties who assist us in operating the Service (e.g., Stripe for payments, cloud infrastructure providers, email service providers), subject to confidentiality agreements
- Merchants of Record: If you purchased through an authorized reseller platform, that platform processes your payment data as the merchant of record under its own privacy policy; we exchange with it only the minimum information needed to provision and manage your access
- Legal Requirements: When required by law, subpoena, court order, or governmental regulation, as described in our Law Enforcement & Legal Process Policy
- Protection of Rights: To protect our rights, property, safety, or that of our users or the public, including submitting transaction and agreement records to payment networks in response to payment disputes
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
Important: Even when compelled by legal process, we cannot provide access to your encrypted data because we do not have the technical ability to decrypt it. We can only provide account-level metadata (email address, account creation date, billing information, IP logs) in response to valid legal process. The contents of your encrypted data are permanently inaccessible to us.
5.1 Support SMS and Phone Providers
If you contact us by SMS or phone, or ask us to respond by SMS or phone, we may use telecommunications service providers to send, receive, route, log, and secure those communications. We share phone numbers, message metadata, message content, delivery status, and related support records with those providers only as needed to provide customer support, comply with telecommunications rules, prevent abuse, and maintain records of support communications.
Customer-support SMS is not used for marketing unless you separately opt in to a marketing program. Message and data rates may apply. Message frequency varies. You can reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to opt out of support SMS, and HELP or INFO for help. Opting out of SMS does not prevent us from sending legally required, security-related, billing-related, or account-related notices through other channels where permitted by law.
We do not sell or share mobile opt-in data, SMS consent records, or phone numbers with third parties for their own marketing or promotional purposes.
5.2 Third-Party Marketing Partners
We may engage third-party affiliates, publishers, and advertising networks to promote our Service. These Marketing Partners may collect information about you through their own tracking technologies (cookies, pixels, etc.) subject to their own privacy policies. We require Marketing Partners to comply with applicable privacy laws but do not control their data collection practices. We share only the minimum information necessary with Marketing Partners to attribute referrals (such as a referral identifier), and never share your personal data, account information, or any encrypted content.
6. Data Security
We implement industry-standard security measures to protect your data:
- TLS/SSL encryption for all data in transit
- Encryption at rest for stored data
- Regular security audits and penetration testing
- Access controls and authentication requirements, including optional two-factor authentication for your account
- Employee security training
However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Data Retention
- Account Data: Retained while your account is active and for a reasonable period thereafter for legal and business purposes
- Billing and Agreement Records: Retained as required by tax and financial regulations and for defense of legal claims (typically 7 years)
- Support SMS, phone, and customer-support records, including support form and email records: Retained for a reasonable period for customer support, security, compliance, fraud prevention, billing dispute defense, and business recordkeeping, unless a longer period is required by law or a shorter period is appropriate for the record type
- Your Encrypted Data: Deleted upon account termination or at your request
- Log Data: Typically retained for 90 days for security and debugging purposes
- Desktop Telemetry: Retained for 180 days, then deleted automatically
8. Your Rights and Choices
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data and account
- Export: Request your data in a portable format
- Opt-Out: Unsubscribe from marketing communications at any time
To exercise these rights, contact us at [email protected].
9. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
10. International Data Transfers
Your information may be transferred to and processed in the United States or other countries where our service providers are located. By using our Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.
11. Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
12. Data Breach Notification
We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information. In the event of a data breach affecting your personal information (account data, billing information, or usage metadata), we will notify you and applicable regulatory authorities in accordance with all applicable state and federal breach notification laws.
Impact of Our Zero-Knowledge Architecture on Breach Scenarios: Because all user content stored in our cloud is encrypted on your device before transmission and we do not possess decryption keys, unauthorized access to our cloud storage systems would not expose your personal messages, attachments, or content. An attacker who gained access to our storage would obtain only encrypted data that is computationally infeasible to decrypt without your personal encryption keys. However, our application database contains account-level information (email, name, hashed password, billing metadata, device metadata, IP logs) that could be affected by a breach, and we will provide notification accordingly.
13. Law Enforcement and Legal Process
We respect the legal process and will comply with valid law enforcement requests to the extent we are technically able. However, due to our zero-knowledge architecture, our ability to respond is inherently limited:
- What we CAN provide: Account-level metadata (email address, name, account creation date, subscription status, billing transaction records, IP address logs, device metadata, timestamps of account activity)
- What we CANNOT provide: Message content, attachments, contacts, conversation history, decrypted cloud storage contents, encryption keys, or any means to access a user's encrypted data. This is not a policy choice — it is a technical impossibility inherent to our architecture.
We will notify affected users of law enforcement requests unless prohibited by law (such as a gag order or sealed warrant). We will challenge overbroad or legally deficient requests. For full details, including how to serve legal process on Proof Me LLC, see our Law Enforcement & Legal Process Policy.
14. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know what personal information is collected and how it is used
- Right to know if personal information is sold or disclosed and to whom
- Right to request deletion of your personal information
- Right to opt-out of the sale or sharing of personal information
- Right to correct inaccurate personal information
- Right to limit use and disclosure of sensitive personal information
- Right to non-discrimination for exercising your privacy rights
We do not sell or share your personal information. To exercise your California privacy rights, contact us at [email protected]. We will respond to verified requests within 45 days.
15. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:
- Right to access, rectification, and erasure
- Right to restrict or object to processing
- Right to data portability
- Right to lodge a complaint with a supervisory authority
Our legal basis for processing your data includes: performance of a contract, legitimate interests, and your consent.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date and version number. Your continued use of the Service after such changes constitutes acceptance of the revised policy.
17. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Proof Me LLC30 N Gould St STE R
Sheridan, WY 82801
Email: [email protected]
By using Proof Me Hard!, you acknowledge that you have read and understood this Privacy Policy.