ProveProcess Privacy Policy
Effective date: June 18, 2026 · Last updated: June 18, 2026
This Privacy Policy explains how Ege Gencer ("ProveProcess," "we," "us," or "our") handles information when you use the ProveProcess browser extension, editor extensions, and web dashboards (together, the "Service"). ProveProcess helps instructors verify the process by which academic work is created. It is not a plagiarism or "AI detection" tool and does not make accusations about any individual.
If you have questions about this policy, contact us at hello@proveprocess.com.
1. The core principle: we do not collect your document content
ProveProcess is built so that the text you write never leaves your device and is never stored by us.
When you use ProveProcess with a document (for example, a Google Doc accessed through the Google Docs API, or a file open in a code editor), the Service reads the document only on your own device in order to compute privacy-preserving metadata:
- counts (words, characters, lines, paragraphs);
- one-way SHA-256 hashes of the content and of individual sections;
- behavioral event metadata (for example, "typing burst," "paste," timestamps, and the number of characters changed).
The raw text is processed locally, the hashes and counts are derived from it, and the original text is then discarded. A SHA-256 hash is a one-way fingerprint: it lets us detect whether content changed between two points in time, but it cannot be reversed to recover the original text. We never transmit, log, or store the contents of your documents.
2. Google user data
If you connect a Google account to use ProveProcess with Google Docs, we request the single scope https://www.googleapis.com/auth/documents.readonly (read-only access to Google Docs).
- What we access: the textual content of the specific Google Doc associated with a tracked assignment, read on your device through the Google Docs API.
- How we use it: solely to compute the privacy-preserving metadata described in Section 1, on your device, in real time.
- What we store: only the derived metadata (counts, one-way hashes, event records, and timestamps). We do not store, transmit to our servers, or retain the content of your Google Docs.
- What we do not do: we do not use Google user data for advertising, we do not sell it, we do not use it to train machine-learning or AI models, and no human at ProveProcess ever reads your document content (we never possess it).
Limited Use disclosure. ProveProcess's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
3. Information we do store
To produce a process report for an instructor, we store on our servers:
- Account information: your email address, a securely hashed password, and your role (student, instructor, or administrator).
- Session and event metadata: assignment and session identifiers, event types (e.g., typing burst, paste, idle), server-assigned timestamps, character/line/word counts, one-way content and section hashes, and a tamper-evident hash chain linking events in order.
- Generated reports: the computed process metrics, flags, and a process-strength summary.
None of this includes the text of your documents.
4. How we use information
We use the information above to: operate the Service; produce process reports for the instructor associated with an assignment; secure accounts and detect tampering with the event record; and comply with legal obligations. We do not sell personal information, and we do not use it for advertising.
5. How information is shared
- With your instructor and institution. Process metrics and reports for an assignment are visible to the instructor and authorized administrators for that assignment. Reports describe process strength (e.g., strong, moderate, weak, or not assessable); they do not assert that any individual engaged in misconduct.
- With service providers. We use infrastructure providers (for hosting and databases) that process data on our behalf under confidentiality obligations.
- For legal reasons. We may disclose information if required by law or to protect the rights, safety, and security of users and the Service.
We never sell or rent personal information, and we never share document content because we do not have it.
6. Data retention and deletion
We retain account and event metadata for as long as your account is active or as needed to provide the Service to your institution. You may request access to, correction of, or deletion of your personal data by emailing hello@proveprocess.com. We will respond consistent with applicable law and our agreements with your educational institution. Because we never store document content, there is no document text to delete.
7. Students and educational records (FERPA)
ProveProcess is used in academic settings and may process data relating to students, some of whom may be minors. When ProveProcess is deployed by an educational institution, we act as a service provider / "school official" with a legitimate educational interest under the U.S. Family Educational Rights and Privacy Act (FERPA) and analogous laws, processing data under the direction of the institution. We do not use student data for any purpose other than providing the Service. Institutions remain responsible for obtaining any consents required by their jurisdiction.
8. Security
Passwords are hashed using argon2id and are never stored in plain text or included in authentication tokens. Data in transit is protected with TLS. The event record is protected by a tamper-evident hash chain so that alterations can be detected. No system is perfectly secure, but we design the Service to minimize the data we hold in the first place.
9. International users
If you access the Service from outside the country where our servers are located, your information may be processed in that country. By using the Service you consent to such processing consistent with this policy.
10. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by additional notice.
11. Contact
Ege Gencer
Email: hello@proveprocess.com