Privacy Policy & Data Protection Framework

1. About ProofLedger & This Policy

ProofLedger ("we," "us," "our," or "the Company") is a British Columbia-based administrative technology company operating under sole proprietorship registration in the City of Burnaby, British Columbia, Canada. ProofLedger provides independent, read-only access log archiving, cryptographic data preservation, and operational analytics services to commercial businesses ("Clients").

This Privacy Policy governs how ProofLedger collects, uses, stores, protects, and discloses personal information across two distinct categories:

• Client Personal Information: Information provided directly by our business clients during account registration, onboarding, and ongoing service use.
• Employee & Visitor Data: Personal information about individuals whose access control events are captured and archived on behalf of our clients through ProofLedger's archiving infrastructure.

By engaging ProofLedger's services, signing a Service Agreement, or accessing our platform at proof-ledger.com, you acknowledge and consent to the practices described in this policy.

ProofLedger operates strictly as a data processor on behalf of its clients, who act as data controllers for all employee and visitor access log data. ProofLedger does not independently determine the purposes or means of processing employee access data — that authority rests solely with the client organization.

2. Information We Collect

2.1 Client Account Information

When a business registers for ProofLedger services, we collect:

• Business name and legal entity information
• Primary contact name, email address, and phone number
• Billing information processed securely through Stripe (ProofLedger does not store credit card numbers)
• Facility address and operational details
• Access control system vendor information and API credentials

2.2 Employee & Visitor Access Log Data

On behalf of our clients, ProofLedger automatically captures and archives the following data generated by the client's existing physical access control infrastructure:

• Employee or visitor full name (as configured in the client's access control system)
• Key fob identifier or access card token ID
• Door or device identifier and display name
• Precise timestamp of each access event
• Access event type (Access Granted, Access Denied, Door Held Open, etc.)
• Unique cryptographic hash fingerprint generated at the moment of capture
• Company identifier linking the record to the client organization

2.3 Visitor Log Data

For clients utilizing ProofLedger's Visitor Management module, we additionally collect:

• Visitor full name
• Purpose of visit
• Assigned visitor pass number
• Check-in and check-out timestamps
• Name of staff member who logged the visit

2.4 Website Usage Data

When you visit proof-ledger.com, we may collect standard web analytics data including IP address, browser type, pages visited, and referring URLs through standard server logs and analytics tools. This data is used solely for website performance and security purposes.

3. How We Use Your Information

3.1 Client Information

• To provision, manage, and deliver ProofLedger services under the signed Service Agreement
• To process payments and issue invoices
• To communicate service updates, compliance reports, and account notifications
• To provide technical support and onboarding assistance
• To comply with applicable Canadian laws and regulations

3.2 Employee & Visitor Access Log Data

• To archive access control records in an immutable, read-only format on behalf of the client
• To generate cryptographic hash fingerprints that verify record integrity
• To provide clients with searchable, filterable dashboard access to their own data
• To generate certified PDF audit trail reports upon client request
• To produce quarterly operational analytics and space utilization reports for eligible plan tiers
• To support clients in legal disputes, insurance claims, HR investigations, and compliance audits

4. Data Storage & Canadian Jurisdiction

All personal information collected and processed by ProofLedger is stored exclusively on Canadian servers located within the borders of Canada. ProofLedger does not transfer personal data outside of Canada.

4.1 Infrastructure

• Primary Database: Encrypted cloud database infrastructure hosted in Toronto, Ontario, Canada (ca-central-1 region)
• Long-Term Archive Storage: Encrypted object storage hosted in Calgary, Alberta, Canada (ca-west-1 region)
• Redundant Backup: All access log records are simultaneously written to both Canadian infrastructure systems at the moment of capture

4.2 Canadian Jurisdiction

By storing all data within Canada, ProofLedger ensures that your personal information remains subject to Canadian privacy law — specifically the Personal Information Protection Act (PIPA) of British Columbia — and is not subject to foreign government access requests under legislation such as the United States CLOUD Act.

5. WORM Protection & Cryptographic Integrity

ProofLedger's core service value is the immutability and verifiability of archived records. We achieve this through two complementary technical mechanisms:

5.1 WORM Architecture (Write Once, Read Many)

All access log records are committed to ProofLedger's archival infrastructure using a Write Once, Read Many (WORM) architectural model. This means:

• Records are written to storage at the moment of capture and cannot be retroactively modified
• No administrative user, ProofLedger employee, or client representative possesses the technical capability to alter a committed log record
• The database architecture structurally blocks UPDATE and DELETE operations on committed log entries
• All archived records are stored in read-only format accessible solely for retrieval and reporting

5.2 Cryptographic Hash Fingerprinting

At the exact moment each access log record is committed to ProofLedger's database, the system automatically generates a unique SHA-256 cryptographic hash fingerprint of the record's contents. This fingerprint:

• Is mathematically derived from the specific data values in that record
• Is permanently stored alongside the record
• Will produce a completely different value if any field in the record is altered — even by a single character
• Provides mathematically provable, court-admissible evidence of tampering if any modification is ever attempted

5.3 Dual Archive Redundancy

Every access log event is simultaneously written to both ProofLedger's primary database and independent long-term archive storage at the moment of capture. This dual-write architecture ensures that even in the event of a single infrastructure failure, no log records are lost.

6. Data Retention & Deletion Policy

6.1 Retention Periods by Service Tier

ProofLedger retains access log data for the duration specified in the client's active Service Agreement:

• Standard Plan: 365-day rolling retention. Records older than 365 days are automatically purged.
• Professional Plan: 730-day (2-year) rolling retention. Records older than 730 days are automatically purged.
• Gold Plan: 1,825-day (5-year) retention with Infinite Vault option. No automatic purges on Gold tier unless specifically requested.

6.2 Client Account Termination

Upon termination of a Service Agreement — whether by client cancellation, non-payment, or mutual agreement — ProofLedger will:

• Compile and deliver a complete export of all archived log records to the client's registered email address within 30 days of termination
• Permanently and irreversibly delete all client data from ProofLedger's systems within 60 days of termination
• Issue written confirmation of data deletion to the client upon completion

6.3 Early Termination

Clients terminating service before the minimum contract term are subject to an early termination fee as outlined in the Service Agreement. Data export and deletion obligations remain in full effect regardless of termination circumstances.

7. Data Sharing & Third Parties

7.1 No Sale of Personal Information

ProofLedger does not sell, rent, trade, or otherwise commercially exploit any personal information — including client information and employee access log data — under any circumstances.

7.2 Infrastructure Providers

ProofLedger utilizes the following third-party infrastructure providers to deliver its services. These providers act as sub-processors under data processing agreements and are bound by strict confidentiality and security obligations:

• Database Infrastructure: Canadian cloud database provider (ca-central-1, Toronto)
• Archive Storage: Canadian cloud object storage provider (ca-west-1, Calgary)
• Payment Processing: Stripe Inc. — PCI-DSS compliant payment processor. ProofLedger does not store payment card data.
• Automation Infrastructure: Make.com — used for automated data routing and processing workflows
• Website Hosting: IONOS — Canadian domain registration and hosting

7.3 Legal Disclosure

ProofLedger may disclose personal information without client consent only in the following circumstances:

• When required by a valid court order, subpoena, or lawful demand from a Canadian regulatory authority
• When necessary to prevent fraud, criminal activity, or imminent harm
• When required to establish, exercise, or defend legal claims involving ProofLedger

ProofLedger will notify affected clients of any such disclosure request to the extent permitted by law.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of ProofLedger's business assets, personal information may be transferred to the acquiring entity, provided that entity agrees to be bound by the terms of this Privacy Policy and applicable Canadian privacy legislation.

8. Your Rights Under PIPA

Under the Personal Information Protection Act (PIPA) of British Columbia, individuals have the following rights regarding their personal information held by ProofLedger:

8.1 Right of Access

You have the right to request access to personal information ProofLedger holds about you. We will respond to access requests within 30 days of receipt.

8.2 Right of Correction

You have the right to request correction of inaccurate or incomplete personal information. Note that due to ProofLedger's WORM architecture, committed access log records cannot be altered — however, supplementary notes or corrections can be appended to records upon written request.

8.3 Right of Withdrawal

You may withdraw consent to the collection or use of your personal information at any time, subject to legal or contractual restrictions. Withdrawal of consent may affect ProofLedger's ability to continue providing services.

8.4 Right to Complain

If you believe ProofLedger has violated your privacy rights under PIPA, you have the right to file a complaint with the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) at www.oipc.bc.ca.

8.5 Employee Rights

Employees whose personal information is captured through their employer's ProofLedger subscription should direct privacy inquiries to their employer (the data controller) in the first instance. ProofLedger will cooperate with reasonable requests forwarded by client organizations on behalf of their employees.

9. Security Safeguards

ProofLedger implements comprehensive administrative, technical, and physical security safeguards appropriate to the sensitivity of the personal information we hold:

9.1 Technical Safeguards

• Encryption at Rest: All data stored in ProofLedger's systems is encrypted using AES-256 encryption
• Encryption in Transit: All data transmitted between systems uses TLS 1.2 or higher
• Cryptographic Integrity: SHA-256 hash fingerprints verify the integrity of every archived record
• Access Controls: Role-based access control limits dashboard access to authorized client personnel only
• UUID Token Architecture: Client portal URLs use cryptographic UUID tokens rather than sequential identifiers, preventing unauthorized URL enumeration
• Dual Redundancy: Simultaneous dual-write to independent Canadian storage systems

9.2 Administrative Safeguards

• All ProofLedger personnel and independent contractors are bound by comprehensive confidentiality agreements
• Access to client data is restricted to personnel with a legitimate operational need
• Security practices are reviewed and updated regularly

9.3 Limitations

While ProofLedger implements industry-standard security measures, no system is entirely immune to security risks. ProofLedger's liability for data loss or breach originating from third-party infrastructure providers is limited as outlined in the Service Agreement.

10. Data Breach Protocol

In the event of a confirmed or suspected data breach affecting personal information held by ProofLedger, we will:

• Conduct an immediate internal investigation to determine the scope and nature of the breach
• Notify affected clients within 72 hours of confirming a breach that creates a real risk of significant harm
• Notify the Office of the Information and Privacy Commissioner for BC (OIPC BC) as required under PIPA
• Take immediate remedial action to contain the breach and prevent further unauthorized access
• Provide affected clients with a written incident report detailing the nature of the breach, data affected, and remedial actions taken

11. Cookies & Website Tracking

The ProofLedger website (proof-ledger.com) uses essential cookies necessary for website functionality, including session management for authenticated client dashboard access. We do not use third-party advertising cookies or cross-site tracking technologies.

You may disable cookies through your browser settings, however this may affect your ability to access the ProofLedger client dashboard.

12. Children's Privacy

ProofLedger's services are designed exclusively for commercial business clients and are not directed at individuals under the age of 18. ProofLedger does not knowingly collect personal information from minors. If you believe a minor's information has been inadvertently collected, please contact us immediately at the address below.

13. Changes to This Policy

ProofLedger reserves the right to update this Privacy Policy at any time to reflect changes in our practices, services, or applicable law. When material changes are made, we will:

• Update the "Last Updated" date at the top of this policy
• Notify active clients by email at least 14 days before changes take effect
• Post the updated policy prominently on proof-ledger.com

Continued use of ProofLedger services after the effective date of any policy update constitutes acceptance of the revised terms.