provenrail

Legal

Privacy Policy

Last updated 10 June 2026

This policy covers the website at provenrail.com and its subdomains. It is written to be read, not to hide behind. The short version: the Provenrail software is self-hosted, so the records it produces never reach us, and the website itself collects only what it needs to run.

The software does not send us your data

Provenrail is distributed as open-source software that you run on your own infrastructure. The audit records your agents produce go to a sink you operate. We do not receive, store, or have any access to those records or their contents. When you self-host, you are the data controller for your own data; we are not a processor of it.

What the website collects

• Server logs. Like any website, our host records standard request metadata (IP address, user agent, timestamp, requested URL) to operate the site, prevent abuse, and diagnose problems. These logs are retained for a short period and then discarded.
• The hosted verifier. If you use /verify to check a bundle in your browser, the bundle is processed to return a verdict and is not retained after the response. It is used only to compute the result you asked for.
• No advertising trackers. We do not sell personal data and do not embed third-party advertising or cross-site tracking pixels.

When you create an account

If you sign in at /account, we create an account so you can manage a subscription and your commercial license key. For this we store your email address and your plan and subscription status. We do not store passwords: sign-in is a one-time email link. We never store, receive, or have access to the audit records your agents produce. Those remain on infrastructure you operate.

Who processes this data for us

• Supabase hosts authentication and the account database (your email, plan, subscription status, license key). Data is stored in the EU (Frankfurt). Supabase acts as our processor under a data processing agreement.
• Polar handles payments and subscriptions as the Merchant of Record. When you subscribe, Polar is the seller and processes your billing details and applicable tax; we never see or store your card data. Polar shares back only your subscription status and a customer reference.

We do not use this data for advertising and do not sell it.

Cookies

The marketing site does not set tracking cookies. Any cookie present is strictly necessary for the page to function.

Email you send us

If you email us, we keep that correspondence to reply and for our records. We do not add you to a marketing list without your consent.

Your rights

If you are in the EU/EEA or UK, you have rights to access, correct, or erase personal data we hold about you, and to object to or restrict its processing. To exercise them, email [email protected]. We respond to legitimate requests within the statutory timeframe.

Changes

If this policy changes materially, we will update the date above and, where appropriate, note the change on this page.

Contact

Questions about privacy: [email protected].

Back to provenrail.com