Our role
Provon is the controller for personal information we collect to operate our website, accounts, billing, security, marketing, and support. When a customer sends telemetry, evaluation data, datasets, policies, findings, or other application content to Provon, Provon generally acts as a processor or service provider for that customer. The customer remains responsible for the data it chooses to submit and for providing any required notices to its own users.
Information we collect
Information you provide
We collect information you provide when you create an account, join an organization, configure a project, invite teammates, create API keys, contact us, request support, subscribe to updates, or participate in a sales or product conversation. This may include name, email address, company, role, authentication details, workspace settings, support messages, and communication preferences.
Telemetry and evaluation content
Provon is built for AI and agent quality workflows. Depending on how you configure the product, customer content may include traces, spans, logs, metrics, request and response metadata, model prompts and outputs, tool calls, conversation excerpts, user identifiers, evaluation scores, judge explanations, findings, datasets, personas, policies, review decisions, and retention settings.
Usage, device, and log data
We automatically collect information needed to keep the service reliable and secure, such as IP address, browser type, operating system, device identifiers, referring URLs, pages viewed, timestamps, feature usage, diagnostics, crash reports, and security logs.
How we use information
We process information for the following purposes:
- Provide, operate, maintain, and improve Provon products and services.
- Authenticate users, manage organizations, projects, memberships, roles, sessions, and API keys.
- Ingest, store, query, and display traces, metrics, logs, evaluations, datasets, findings, and reviews.
- Support online evaluation, policy checks, human review, dataset curation, regression tracking, and persona testing.
- Detect, prevent, and investigate abuse, fraud, outages, security incidents, and policy violations.
- Respond to support requests, send administrative notices, and communicate about product updates.
- Analyze aggregate or deidentified usage to improve reliability, performance, and user experience.
- Comply with legal obligations, enforce agreements, and protect the rights, safety, and property of Provon, customers, and others.
Legal bases for processing
Where privacy laws require a legal basis, we rely on performance of a contract to provide Provon, legitimate interests to secure and improve the service, consent for optional communications or processing where required, and legal obligations when we must comply with applicable law.
Sharing and subprocessors
We do not sell personal information. We may share information with vendors and service providers that help us run Provon, including hosting, storage, databases, email, authentication, analytics, billing, support, security, logging, and infrastructure providers. These providers process information under contractual restrictions.
We may also share information with integrations you or your organization enable, professional advisors, authorities when required by law, and parties involved in a merger, acquisition, financing, reorganization, or sale of assets. Customer administrators may access and manage workspace content according to their role and organization settings.
Retention and deletion
We retain personal information and customer content for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support customer-configured retention policies. Provon is designed to support per-project telemetry retention settings, and customers may delete or export applicable workspace content through product features or by contacting us.
Security
We use administrative, technical, and organizational safeguards designed to protect information, including access controls, authentication, auditability, encryption in transit, least-privilege practices, monitoring, and secure development processes. No electronic transmission or storage system is perfectly secure, so we cannot guarantee absolute security.
Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port your personal information. You may also have rights to withdraw consent, opt out of certain communications, appeal a decision, or lodge a complaint with a supervisory authority.
If your information is part of customer content submitted by a Provon customer, we may direct your request to that customer because they control the underlying data. We may ask for information needed to verify your identity before fulfilling a request.
International transfers
Provon may process information in the United States and other countries where we or our service providers operate. When required, we use appropriate safeguards for cross-border transfers, such as contractual commitments designed to protect personal information.
Children's privacy
Provon is not directed to children, and we do not knowingly collect personal information from children under 13 or the age required by local law. If you believe a child has provided personal information to Provon, please contact us so we can take appropriate action.
Changes to this policy
We may update this policy from time to time. When we make changes, we will update the date at the top of this page. If changes are material, we may provide additional notice through the service, email, or another reasonable channel.
Contact us
If you have questions about this policy or want to exercise privacy rights, contact Provon Labs, Inc. at privacy@provon.dev.