Proof Cookie Policy
Last Updated / Effective Date: July 11, 2026
This Cookie Policy explains how Proof, the software-as-a-service platform operated by Proof Incorporated ("Proof Incorporated", "we", "us", or "our") at goproof.ca (the "Service"), uses cookies and similar technologies. It should be read together with the Proof Privacy Policy, which describes how we handle personal information more generally. Capitalized terms not defined here have the meanings given in the Proof Terms of Service.
The short version
This summary is for convenience only and does not replace the full Policy below.
Proof uses only the essential cookies it needs to work: one that keeps a dashboard user signed in, one that lets the Service recognize a field worker's phone so their scans are attributed without an app or a login, and one that remembers — for the rest of the day — that a field worker entered the correct PIN for a shipment (along with the name they typed for the record). We do not use advertising cookies, and we do not use cross-site or third-party tracking cookies. You can control cookies in your browser, but blocking Proof's essential cookies will break sign-in and field-scan attribution.
1. What cookies are
A cookie is a small text file that a website stores on your device (through your browser) so it can recognize your browser on later requests. Cookies can be session cookies (deleted when you close your browser) or persistent cookies (kept for a set period). A cookie may be marked httpOnly, meaning it can be read by the server but not by scripts running in the page — a security setting we use for our cookies. "Cookies" in this Policy also covers similar technologies used for the same purposes.
2. The cookies Proof uses
The Service uses only strictly necessary (essential) cookies. These are first-party cookies (set by the Service itself); they are required to provide the Service you have asked for and, because they are essential, they cannot be switched off without breaking core functionality.
2.1. Authentication session cookie (dashboard sign-in)
- Purpose: Keeps an Authorized User signed in to the dashboard after they log in, so they do not have to re-authenticate on every page. This cookie carries the user's authenticated session.
- Who it affects: Dashboard (office) users of a Customer.
- Set by: The Service's authentication provider, Supabase Auth, operating as our subprocessor.
- Type / duration: Essential. It lasts for the length of the signed-in session, with the session refreshed as you continue to use the dashboard and expiring after a period of inactivity or on sign-out.
- Advertising? No.
2.2. Field badge cookie — proof_badge (field-scan attribution)
- Purpose: Stamps a field worker's phone as a known driver or field participant so that, when they scan a trailer QR code, their events are attributed to them without an app and without a login. This is what lets the Service recognize a driver's phone across scans and provide features such as the wrong-trailer guardrail.
- Who it affects: Field Users (drivers, mechanics, and other field participants) who open a private Proof link.
- Set by: The Service (first-party).
- Type / duration: Essential; httpOnly (not readable by page scripts); persistent, with a lifetime of approximately six (6) months. Opening a new private link can refresh it.
- Advertising? No. It is not used for advertising, and it is not used to track you across other websites.
2.3. Field PIN cookie — proof_pin_<shipment> (same-day PIN memory)
- Purpose: When a Field User enters the correct PIN for a PIN-protected shipment or field action, this cookie records — for that shipment — that the PIN was passed, so the Field User is not prompted for the PIN again on every scan for the rest of the day. If a PIN-verified helper types their name for the Ledger, that name is stored in this cookie so it can be reused for their scans that day.
- Who it affects: Field Users who unlock a PIN-protected shipment or field action.
- Set by: The Service (first-party).
- Type / duration: Essential; httpOnly (not readable by page scripts); persistent, expiring at the end of the day (Toronto time). There is one such cookie per shipment a Field User unlocks.
- Contains personal information? It may contain the name a PIN-verified helper typed for the Ledger (up to a short length). It is not used for advertising or cross-site tracking.
3. What Proof does not use
- No advertising cookies. The Service does not serve ads and does not use cookies for advertising, ad targeting, or ad measurement.
- No cross-site or third-party tracking cookies. We do not use cookies to follow you across other websites or to build an advertising profile of you, and we do not permit third parties to do so through the Service.
- No selling of cookie data. We do not sell information collected through cookies.
4. How to control cookies
4.1. Most browsers let you view, block, or delete cookies through their settings, and let you set preferences for first-party and third-party cookies. Because the cookies described in Section 2 are essential, blocking or deleting them will affect the Service:
- Blocking or clearing the authentication session cookie will prevent you from signing in to, or staying signed in to, the dashboard.
- Blocking or clearing the
proof_badgecookie will prevent the Service from recognizing your phone, so your field scans will not be attributed to you and badge-dependent features will not work; you may need to open your private link again. - Blocking or clearing a
proof_pin_<shipment>cookie will cause the Service to ask for the shipment's PIN again (and to re-prompt for the helper's name) on your next scan that day.
4.2. Browser signals such as "Do Not Track" and Global Privacy Control affect optional tracking cookies. Because the Service uses only essential cookies and does not use tracking or advertising cookies, these signals do not change what the Service sets — there is nothing optional to disable.
4.3. Note that the private Proof links texted to field workers should be opened in the phone's default browser (for example, Safari on iPhone or Chrome on Android). Opening a link inside another app's in-app browser can place the badge cookie in a separate, isolated cookie store, which can prevent the phone from being recognized on a later scan.
5. Changes to this Policy
We may update this Cookie Policy from time to time. When we make material changes we will update the "Last Updated / Effective Date" above and, where required, provide notice through the Service. If we ever introduce cookies beyond the essential ones described here, we will update this Policy and, where the law requires consent, obtain it before those cookies are used.
6. Contact and further information
For how we handle personal information generally, see the Privacy Policy at goproof.ca. Questions about this Cookie Policy or about privacy may be sent to support@goproof.ca, or by mail to Proof Incorporated, Ontario, Canada (mailing address on request via support@goproof.ca).