Privacy Policy

Proven Data LLC ("Proven Data," "we," "us," or "our") operates provendata.com and its associated platforms, tools, and online services (collectively, the "Services"). This Privacy Policy describes what personal information we collect, how we use and share it, and what rights you have over it. It applies to visitors, prospective clients, and individuals who contact us or engage our services through any of these properties.

This Policy does not govern personal data that we process on behalf of our clients as a contracted service provider: that processing is governed by the applicable service agreement.

1. Information We Collect

1.1 Engagement and Case Data

Proven Data treats every contact as a consultation from the moment you reach out, regardless of whether a formal engagement is signed. From first contact, we collect your name, job title, organization name, business email address, and phone number, along with the nature of your situation and any relevant details you provide. For active engagements, this extends to incident description, affected systems, ransomware variant details (if applicable), network and endpoint information, and billing and point-of-contact details.

1.2 Digital Forensics Evidence Data

DFIR engagements require Proven Data to access, collect, and analyze forensic evidence: disk images, memory captures, system logs, email data, and similar artifacts. This material may contain personal data belonging to your employees, customers, or other third parties.

Such data is processed solely to deliver the contracted services. It is not used for Proven Data's own analytics, marketing, or any secondary purpose, and is handled under applicable confidentiality agreements. Retention is governed by Section 6.

1.3 Account Registration Data

Our Lynx platform requires users to create an account. When you register, we collect your name, business email address, organization name, and any credentials or profile information you provide during setup. We also collect records of your activity within the platform, such as login timestamps, session data, and actions taken in connection with your engagement. This information is used solely to provide and manage platform access and to support your service engagement.

1.4 Payment Information

We accept credit and debit cards, bank transfers, checks, and other payment methods. Card transactions are processed by PCI-DSS-compliant third-party payment processors. We do not store full card numbers or CVV codes.

1.5 Usage Data

When you use our Services, we automatically collect technical data including IP address, browser type and version, operating system, pages visited, time and date of visits, and referring URL. This data is collected via Google Analytics 4 and is described further in Section 3.

2. How We Use Your Information

We use the information we collect to:

• Respond to inquiries and provide, perform, and manage our services
• Analyze website usage and improve content, navigation, and user experience
• Measure the effectiveness of our advertising campaigns and attribute conversions
• Send marketing communications about our services and resources (you may opt out at any time — see Section 7)
• Fulfill legal and regulatory obligations and respond to lawful requests

3. Cookies and Tracking Technologies

3.1 What We Use

Proven Data uses cookies and similar tracking technologies to operate the website, measure traffic, and deliver advertising. We categorize them as follows.

Analytics cookies collect pseudonymous data about how visitors interact with our Services: pages visited, session duration, and traffic sources. We use Google Analytics 4 (GA4) for this purpose.

Advertising cookies enable us to measure conversions from our advertising campaigns and to show relevant ads to people who have previously visited our website. We use advertising platforms including Google Ads, LinkedIn Ads, and others we may use from time to time.

Functional cookies support essential website operations such as security and load balancing.

3.2 Analytics and Cross-Session Measurement

When you submit a form through our Services, we may assign an internal pseudonymous identifier to your submission and pass it to GA4. This allows us to understand how users interact with our site across multiple visits without re-identifying you. The identifier is an opaque internal reference maintained by Proven Data: it is not your name or email address.

3.3 Advertising Measurement

When you complete a conversion action such as submitting a contact form, we may transmit a hashed (one-way encrypted) version of your contact information to Google Ads to improve the accuracy of conversion attribution. This process, known as Enhanced Conversions, uses a hash that cannot be reversed to identify you. We may also upload hashed contact lists to Google Ads to create targeted advertising audiences; hashed data is used only for audience matching. You may opt out of personalized advertising at Google's My Ad Center.

3.4 Managing Cookies

You can manage your cookie preferences at any time by clicking "Do not sell or share my personal information" in the footer of any page. This opens your privacy preference panel where you can enable or disable analytics and advertising cookies independently.

You may also instruct your browser to refuse all cookies, though this may affect site functionality. We honor the Global Privacy Control (GPC) browser signal as an opt-out of advertising cookies as required by applicable law — no additional action is required on your part.

To opt out of interest-based advertising from the networks we use:

• US: optout.aboutads.info
• EU: youronlinechoices.eu

4. How We Share Your Information

Proven Data does not sell your personal information.

Service providers. We share information with third-party companies that process it on our behalf, including analytics providers, advertising platforms, security and performance providers, and our email marketing and payment processing providers. These providers may only use data for the purpose we specify.

Advertising platforms. We share cookie-based identifiers and, in some cases, hashed contact data with advertising platforms for conversion measurement and remarketing, as described in Section 3.3. Under California law, this constitutes "sharing" for cross-context behavioral advertising. See Section 8 for your opt-out rights.

Business transfers. If Proven Data is involved in a merger, acquisition, or asset sale, your data may be transferred to the successor entity. We will provide notice before your data becomes subject to a materially different privacy policy.

Legal requirements. We may disclose personal data when required by law or in response to a valid legal process, or when necessary to protect the rights, property, or safety of Proven Data, our clients, or the public.

5. Security

Proven Data maintains administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle. Given the nature of our DFIR practice, security is not incidental to our operations. Our controls are reviewed and updated on an ongoing basis.

6. Data Retention

The retention period for data we process varies based on the nature of the information and applicable obligations. In general:

• Engagement and consultation data is retained for as long as necessary to deliver services and for a reasonable period thereafter to support dispute resolution, follow-up, and legal compliance
• Digital forensics evidence and DFIR artifacts are retained as specified in the engagement agreement, with a default period following delivery unless extended by written agreement
• Account registration data is retained for the duration of platform access and for a reasonable period following account closure
• Payment and billing records are retained as required by applicable tax and financial recordkeeping obligations
• Marketing contact records are retained until opt-out is received, plus the period required to demonstrate compliance
• Security incident and access logs are retained as required by applicable law or as necessary to investigate and close the incident
• Job application data is retained for a reasonable period and then securely deleted unless an employment relationship results
• Website analytics data is retained as configured in our analytics platform, subject to applicable legal requirements

When retention is no longer required, data is securely deleted or anonymized.

7. Email Marketing

We may send marketing communications about our services and cybersecurity resources. You may opt out at any time by clicking the unsubscribe link in any email or by contacting [email protected]. Unsubscribing from marketing does not affect transactional communications related to active service engagements.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we have collected about you, the sources, and how it is used and shared
• Request deletion of your personal information, subject to certain exceptions
• Request correction of inaccurate information
• Opt out of the sharing of your personal information for cross-context behavioral advertising

We will not discriminate against you for exercising any of these rights.

Proven Data does not sell personal information. However, we share cookie-based identifiers and hashed contact data with advertising platforms for cross-context behavioral advertising, which constitutes "sharing" under the CPRA. You may opt out by clicking "Do not sell or share my personal information" in the footer of any page, by using a browser that transmits the GPC signal (honored automatically), or by emailing [email protected] with "California Privacy Request" in the subject line.

To submit a request to know, delete, or correct, contact us at [email protected] or by mail at the address in Section 13. We will respond to verifiable consumer requests within 15 business days and may ask you to verify your identity before processing a request.

9. Privacy Rights for Residents of Other States

Residents of states that have enacted comprehensive consumer privacy legislation may have rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising and the sale of personal information. We honor these rights where applicable under the law of your state, including the automatic honoring of the GPC signal as required by applicable law. To submit a request, contact us using the information in Section 13.

10. Rights of EEA, UK, and Swiss Residents

If you are located in the EEA, UK, or Switzerland, you have the right to access, rectify, erase, restrict, or port your personal data, to object to processing based on legitimate interests or for direct marketing, and to withdraw consent at any time without affecting prior lawful processing. Where we rely on consent as a legal basis — such as for advertising cookies — you may withdraw it at any time through the preference panel described in Section 3.4. For service delivery and legal compliance purposes, we rely on contract performance and legal obligation as our basis for processing.

To exercise these rights, contact [email protected]. We will respond within one month. If you believe we have not adequately addressed your request, you may lodge a complaint with your local supervisory authority:

• EEA: edpb.europa.eu/about-edpb/about-edpb/members_en
• UK: ico.org.uk/make-a-complaint
• Switzerland: edoeb.admin.ch

Personal data from EEA, UK, or Swiss residents may be transferred to the United States. We rely on Standard Contractual Clauses approved by the European Commission as the transfer mechanism for such transfers.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted information to us, contact [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Policy from time to time. Changes take effect when posted, and the "Last Updated" date will reflect the revision. For material changes, we will take reasonable steps to notify affected individuals.

13. Contact Us

For questions about this Policy or to exercise your privacy rights:

Proven Data LLC
39b Alpha Park
Cleveland, OH 44143

[email protected]