ProofLegal
On this page

On this page

The short version1. Who we are & the scope of this policy2. Information we collect3. How we collect it4. Why we use it & our legal basis5. Cookies & similar technologies6. How we share it — Subprocessors & recipients7. Founder / cross-tenant access8. International transfers9. Retention10. Security11. Your privacy rights12. Children13. Changes to this policy14. Contact & Privacy Officer

Proof Privacy Policy

Last updated / Effective date: July 11, 2026

This Privacy Policy explains how Proof Incorporated (operating the service and website known as Proof, at goproof.ca) collects, uses, discloses, safeguards, and retains personal information, and the choices and rights you have. In this policy, "Proof", "we", "us", and "our" mean Proof Incorporated. Capitalized terms have the meanings given where they first appear.

The short version

This summary is here to orient you. It is a plain-language overview, not a substitute for the full policy below, and the numbered sections control if there is ever any conflict.

  • What Proof is. Proof is a business-to-business software service sold to trucking carriers. Carriers put two permanent QR stickers on each trailer; drivers, dock workers, and mechanics scan them with an ordinary phone browser — no app, no login — to log what happened to the trailer. Each scan becomes a permanent, time-stamped, GPS-pinned record on an append-only Ledger.
  • Two roles, two hats. For most of the data captured in the field (your drivers, your contacts, scans on your trailers), the Customer (the carrier) decides why and how it is used and is the party responsible for it; Proof handles that data as a service provider / processor on the Customer's behalf, governed by our Data Processing Addendum (DPA). For our own account, billing, security, and website data, Proof is the party responsible.
  • What we handle. Dashboard-account details (name, email, hashed password, multi-factor enrollment, sign-in logs); driver and contact names, cell phone numbers and emails; a "badge" identity cookie on a driver's phone; GPS coordinates captured at each scan; photos uploaded at scans; and Ledger records of who did what and when.
  • Messages. Proof sends transactional text messages to field hands (drivers and mechanics) and transactional emails to office contacts — arrival alerts, hold/release notices, handoff links, work orders, and day tickets. The Customer is responsible for obtaining the consent that law (Canada's CASL; in the US, TCPA and A2P 10DLC rules) requires for these messages.
  • AI is kept at the edges. An AI model reads pasted third-party tracking pages to estimate an ETA, and screens free-text driver notes for content a carrier has blocked. The AI reads; our own deterministic code decides and writes to the Ledger. The AI provider receives only the text needed for that task, never the whole database.
  • Founder access, disclosed on purpose. Proof's operator ("Founder") can access data across Customer accounts to run, support, secure, and bill the Service. Founder actions that change your data — such as suspending an account or adjusting billing — are recorded in an append-only audit trail, and this cross-tenant access is restricted to the Founder behind server-side controls that require multi-factor authentication. We tell you this plainly because trust is the product.
  • We do not sell personal information. We share data only with the Subprocessors that run the Service, with the Customer and the shipment contacts the Customer designates, and where law or safety requires.
  • The Ledger is permanent by design. Scan records cannot be edited or deleted — the database itself forbids it — because the whole point of Proof is a record no one can quietly change. Corrections are added as new rows, never by erasing old ones.
  • You have rights. Depending on where you live, you can ask to access, correct, delete, or port your information, or withdraw consent. Email support@goproof.ca. If a carrier entered your data, we may route your request to that carrier, who is the party responsible for it.

1. Who we are & the scope of this policy

Proof Incorporated operates Proof, a drop-trailer accountability platform delivered as software-as-a-service through the website and application at goproof.ca and its related scan pages, links, and interfaces (together, the "Service"). We are a Canadian business. Our registered contact address is Ontario, Canada (mailing address on request via support@goproof.ca).

This policy applies to personal information we handle through the Service and the goproof.ca website. It does not apply to the independent privacy practices of any Customer, shipper, broker, or other third party who uses or connects to the Service, nor to third-party websites (such as a carrier's own tracking or telematics pages) that we merely link to or read on your instruction.

Our two roles. Proof interacts with personal information in two distinct capacities, and different rules apply to each:

  • As a service provider / processor for Customer Data. A "Customer" is a trucking carrier (or comparable business) that subscribes to the Service. "Customer Data" means the data a Customer and its authorized users and field workers put into, or generate through, the Service — including "Field Data" (driver and contact details, scans, GPS coordinates, photos, and Ledger events). For Customer Data, the Customer is the party that determines the purposes and means of processing (the "controller" under GDPR-style laws; the organization accountable under PIPEDA), and Proof processes that data on the Customer's documented instructions. Our handling of Customer Data is governed by our Data Processing Addendum ("DPA"), which forms part of the agreement between Proof and the Customer and prevails over this policy for Customer Data to the extent of any conflict.
  • As the party responsible for our own data. For information we collect for our own purposes — "Account Data" about the people who register and administer a Customer's dashboard, plus "Website Data", billing records, security and audit logs, and support communications — Proof is the accountable organization / controller and this policy governs directly.

If you are a driver, dock worker, mechanic, or shipment contact and a carrier entered your information or texted or emailed you through Proof, that carrier is the party responsible for that data. We can help route your request (see Your privacy rights), but the carrier may need to act on it.

2. Information we collect

We collect the categories of "Personal Information" below. A "Data Subject" is any identifiable individual the information relates to.

2.1 Account & dashboard users (Account Data)

When a Customer's administrator, dispatcher, or viewer registers for and uses the authenticated dashboard, we collect:

  • name and email address;
  • a salted hash of the password (managed by our authentication Subprocessor; we never store or receive the plaintext password and cannot read it back);
  • multi-factor authentication (MFA) enrollment status and time-based one-time passcode (TOTP) authenticator metadata (we do not store your authenticator's secret in readable form or your codes);
  • role and permission assignments within the Customer's organization;
  • sign-in and security logs — timestamps, IP address, approximate location derived from IP, device / browser characteristics, and the outcome of each authentication attempt (including lockouts and MFA challenges).

2.2 Field & shipment personal data (Field Data — Customer Data)

This is data entered by a Customer or its users, or captured automatically when someone scans a trailer. It is Customer Data for which the Customer is responsible. It includes:

  • Driver and field-contact identity — names of drivers, mechanics, and yard workers, and their cell phone numbers and, where provided, email addresses;
  • Shipment contacts — names, email addresses, and phone numbers of receivers, shippers, brokers, dispatch, and other contacts a Customer adds to a shipment;
  • The "badge" identity — a long-lived, unguessable identifier stored in a cookie (the "Badge Cookie", named proof_badge) that stamps a specific phone's browser as a specific, Customer-named driver, so that later scans from that phone are attributed to that person without any login;
  • GPS coordinates captured at scan time — the device's location at the moment a field worker taps a scan button, used to pin where an event happened;
  • Photos uploaded at scans — e.g. seal, count, condition, or defect photos — stored in a private storage bucket and served only through short-lived signed URLs;
  • Ledger events — append-only records naming who did what, when, and where: the action taken, the actor's attributed identity or role chip (e.g. DRIVER, RECEIVER, PIN-verified helper), timestamp, GPS pin, and any note, PIN-verification, or correction associated with the event (together, the "Ledger");
  • PIN and access events — for trailers protected by a Trailer PIN or an order-level field-action PIN, we record PIN-verification successes and failures, including GPS-pinned records of failed attempts and lockouts, as a security and audit signal.

2.3 Messaging data

When the Service sends a text message or email on a Customer's behalf, we collect and retain:

  • the destination phone number or email address and the message content sent (e.g. arrival, hold/release, handoff, work-order, and day-ticket messages, and any optional one-line note a sender chooses to append);
  • the send result returned to us when we hand a message off to our messaging Subprocessor — in general, confirmation that the message was accepted or queued for delivery, together with the time of that hand-off. We do not currently receive or retain asynchronous delivery-status callbacks (such as later “delivered,” “failed,” or “carrier-filtered” events) from the messaging Subprocessor, so the messaging records we hold confirm hand-off for delivery, not ultimate receipt.

Opt-outs and consent records. Standard SMS opt-out and help keywords (such as STOP and HELP) are processed by our SMS Subprocessor and the mobile carriers at the network level. Proof does not currently operate an inbound-message webhook and does not maintain its own separate store of opt-out states or of the consent evidence behind each message; the Customer is responsible for obtaining and keeping records of that consent, as described in Why we use it & our legal basis and in our Messaging Terms.

2.4 Website, cookie & limited analytics data (Website Data)

When you visit goproof.ca or use the Service, we and our infrastructure providers automatically receive standard technical data — IP address, browser and device type, pages or endpoints requested, referring URLs, timestamps, and diagnostic logs — and set the cookies described in Cookies & similar technologies. We do not use third-party advertising or cross-site ad-tracking cookies. Any product analytics we use are limited to understanding and improving how the Service is used.

2.5 Support communications

If you contact us for support, sales, or a privacy request, we collect the information you provide — your name and contact details, the content of your message, and related correspondence — to respond and keep a record.

2.6 What Proof does not intentionally collect

The Service is not designed to collect special or sensitive categories of information (such as health, biometric, financial-account, or government-ID data). Please do not enter such information into free-text fields, notes, or photos. Payment-card processing is not integrated into the Service; Proof invoices Customers manually and does not collect cardholder data through the Service.

3. How we collect it

  • Directly from Customers and their users — when an administrator registers, builds an order, adds a driver, contact, trailer, or facility, uploads a logo, or configures notifications.
  • Automatically through use of the Service — when a field worker scans a QR code, taps a scan button (capturing time, GPS, and the action), takes or uploads a photo, opens a texted private link (setting or refreshing the Badge Cookie), or when your browser or device sends technical data and cookies.
  • From our Subprocessors — for example, message delivery status and carrier-level delivery outcomes from our SMS and email providers, and the ETA our AI extraction step derives from a tracking page you asked us to watch.
  • From the public field surface — a person who scans a trailer may provide their cell number to receive updates, or a name for the Ledger when verifying with a PIN. Bystanders who merely scan see only what someone standing at the trailer could already see.

4. Why we use it & our legal basis

We use Personal Information for the following purposes:

  • To provide the Service — to operate the accountability Ledger; resolve which shipment a scanned trailer belongs to; attribute events to the right person; run the clocks and reports; send notifications, wait-loop hold/release messages, handoff links, work orders, and day tickets; and generate documents and PDFs.
  • To secure and operate the Service — authentication, MFA, rate-limiting and lockouts, fraud and abuse prevention, PIN-guessing alarms, tenant isolation, backups, logging, debugging, and maintaining the integrity of the append-only Ledger.
  • To communicate — to send transactional and Service-related messages, respond to support requests, and send administrative notices about the Service.
  • To bill and administer — to manage subscriptions, track usage and billing status, and enforce our agreements (including suspension for non-payment).
  • To comply with law — to meet legal, regulatory, tax, and audit obligations and to respond to lawful requests.
  • To improve the Service — using aggregated and/or de-identified data that does not identify any individual, to understand usage, improve reliability, and develop features. We do not use identifiable Ledger content for unrelated purposes.

Legal basis. Under Canada's PIPEDA, we rely on consent (express or implied, appropriate to the sensitivity of the information) and, where permitted, on purposes a reasonable person would consider appropriate in the circumstances — including our legitimate need to operate, secure, and bill the Service. Where the EU/UK GDPR applies, our lawful bases are typically performance of a contract, our legitimate interests in operating and securing the Service, and compliance with legal obligations; for Customer Data, the Customer determines and is responsible for the lawful basis.

Messaging consent. The text messages and emails Proof sends are transactional messages sent on a Customer's instruction. The Customer is responsible for obtaining and maintaining the consent that applicable law requires from each recipient — including express consent and identification / unsubscribe requirements under Canada's CASL, and prior express consent and A2P 10DLC / TCPA requirements for calls and texts to US numbers. Recipients can opt out at any time (for example, by replying STOP to a text), and honoring opt-outs is a shared obligation reflected in our messaging terms.

AI processing. To estimate arrival times, our system may send the text of a third-party tracking page (that a Customer chose to have watched) to our AI Subprocessor, which returns a structured ETA and confidence; and to keep messages deliverable, it may send the text of a free-text driver note to the same Subprocessor to screen it against carrier-blocked content before it is sent. In both cases the AI reads and our deterministic code decides and writes — no AI output becomes a Ledger event on its own, and the AI Subprocessor receives only the specific text needed for the task, not your wider data.

5. Cookies & similar technologies

Proof uses only the cookies it needs to function. We do not use advertising cookies or cross-site ad tracking. The Service sets the following essential cookies:

  • The authentication session cookie. Set by our authentication Subprocessor for dashboard users, this cookie keeps you signed in and enforces your session and MFA state. It is strictly necessary to use the authenticated dashboard; without it you cannot stay logged in.
  • The Badge Cookie (proof_badge). This is a long-lived, httpOnly cookie (retained for approximately six months and refreshed when a driver opens a new private link) that stamps a field worker's phone browser as a specific, Customer-named driver. Its purpose is to attribute that person's later trailer scans to them without requiring a login or app, and to power guardrails such as the wrong-trailer warning. It stores an unguessable identity token, not your messages or location history. It is essential to how the no-login field experience works and is not used for advertising. A field worker can clear it at any time through their browser settings (after which their scans are treated as anonymous until they open a new private link).
  • The field PIN cookie (proof_pin_<shipment>). When a field worker enters the correct Trailer PIN or field-action PIN for a shipment, the Service sets a first-party, httpOnly cookie — one per shipment, named for that shipment — so the field worker is not asked to re-enter the PIN on every scan for the rest of that day. It is a persistent cookie that expires at the end of the day (Toronto time). Where a PIN-verified helper types their name for the Ledger, that name is stored in this cookie so it can be reused for their scans that day; the cookie may therefore contain a person's name (Personal Information). It is essential to the PIN-protected field flow and is not used for advertising or cross-site tracking.

We and our infrastructure providers may also use strictly necessary technical storage and logs to route requests, balance load, and keep the Service secure. For more detail, see our separate Cookie Policy where provided.

6. How we share it — Subprocessors & recipients

We disclose Personal Information only as described here. A "Subprocessor" is a third party we engage to help provide the Service. Each Subprocessor receives only the data it needs for its function, is bound by contract to appropriate confidentiality and security obligations, and may only process data on our instructions. Our current Subprocessors are:

  • Supabase — our hosted Postgres database, authentication, and file storage. Receives and stores substantially all Account Data and Customer Data (including Ledger events, contact details, photos, and hashed credentials). Hosted in Canada (region ca-central-1) where available.
  • Vercel — application hosting and content delivery. Processes request data and technical logs necessary to serve the Service.
  • Resend — transactional email delivery. Receives recipient email addresses and email content (including update documents and PDF attachments) and returns delivery status.
  • Twilio — transactional SMS delivery. Receives recipient phone numbers and message content and returns delivery / carrier status and opt-out signals.
  • Anthropic — the AI model (Claude) used for ETA extraction and driver-note screening. Receives only the specific text sent for those tasks (the text of a watched tracking page, or a driver-note to be screened), not the wider database, and returns a structured result.

Payment processing is not integrated into the Service, so we do not share cardholder data with a payment processor through the Service. Our current Subprocessor list, and the specifics of Customer-Data processing, are maintained in and governed by our DPA and its Subprocessor schedule.

We also disclose Personal Information:

  • To the Customer and the contacts it designates. Field Data and Ledger events are made available to the Customer whose trailers and shipments they concern, and update messages and documents are sent to the shipment contacts (receivers, shippers, brokers, dispatch, drivers, mechanics) the Customer chooses, according to the "who hears what" settings the Customer configures.
  • For legal and safety reasons. Where we reasonably believe disclosure is required by law, regulation, legal process, or a lawful government request, or is necessary to protect the rights, property, or safety of Proof, our Customers, Data Subjects, or the public, or to enforce our agreements.
  • In a business transfer. If Proof is involved in a merger, acquisition, financing, reorganization, or sale of assets, Personal Information may be transferred as part of that transaction, subject to the receiving party honoring this policy or providing notice as required by law.

We do not sell Personal Information, and we do not "share" it for cross-context behavioral advertising, as those terms are used under laws such as the CCPA/CPRA.

7. Founder / cross-tenant access

Proof is operated by its founder and operator (the "Founder", also referred to as a super-admin). To run, support, secure, and bill the Service, the Founder can access data across Customer accounts — including Account Data and Customer Data — for example to provide support, investigate a security or reliability issue, operate the platform, and administer billing and suspension.

Founder actions that change data are recorded in an append-only audit trail. When the Founder takes a state-changing action — for example, suspending or reinstating a Customer, adjusting billing, or provisioning an organization — the Service writes a Founder Access record (who, what, which Customer, and when) that cannot itself be edited or deleted. The Founder's viewing of Customer Data for support and operations is not, today, captured as a separate per-view log entry; that access is instead constrained by the security controls described in Security — including MFA and the restriction of privileged, cross-tenant access to the Founder behind server-side gates. We disclose Founder Access plainly, rather than burying it, because trust is the product, and the Founder does not use Customer Data for purposes unrelated to operating the Service.

8. International transfers

We aim to keep Customer Data in Canada where practical — our database, authentication, and file storage run in the Canadian region (ca-central-1) of our hosting Subprocessor where available. However, some Subprocessors — including our application hosting/CDN, email, SMS, and AI providers (Vercel, Resend, Twilio, and Anthropic) — may process or store certain data in the United States or other countries. As a result, Personal Information may be stored or processed outside your province or country and may be subject to the laws of those jurisdictions, including lawful access by their authorities.

When we transfer Personal Information across borders, we use appropriate contractual and organizational safeguards (such as data-processing and confidentiality terms with our Subprocessors and, where applicable to EU/UK data, recognized transfer mechanisms such as Standard Contractual Clauses). By using the Service, you understand that your Personal Information may be transferred to and processed in these locations. If you have questions about our transfer safeguards, contact us at support@goproof.ca.

9. Retention

The Ledger is retained as the record of what happened. By design, Ledger events are append-only — the database revokes the ability to edit or delete them, for everyone — because an accountability record that could be quietly changed would be worthless. Corrections are recorded as additional Ledger rows that reference the original; the original is never erased. We retain the Ledger for as long as needed to serve its accountability, audit, dispute-evidence, and legal purposes.

We retain other Personal Information for as long as it is needed for the purposes in this policy, and then delete or de-identify it, unless a longer period is required or permitted by law (for example, tax, accounting, security, or legal-hold requirements). Typical practice:

  • Account Data is retained for the life of the account and for a reasonable period afterward for security, audit, and legal purposes;
  • Photos are retained in private storage for as long as their associated shipment/Ledger context is retained;
  • Messaging and delivery records are retained to evidence delivery and consent handling for a reasonable period;
  • Security and audit logs (including sign-in, PIN-attempt, and Founder-action audit records) are retained to protect the Service.

On account closure. When a Customer closes its account, we will delete or de-identify Customer Data in accordance with the DPA and applicable law, except that append-only Ledger records and information we are required or reasonably need to keep for legal, audit, security, or dispute-evidence purposes may be retained. Because the Customer is the party responsible for Customer Data, deletion requests about Field Data are handled together with, and subject to, the Customer's instructions.

10. Security

We take security seriously and implement measures designed to protect Personal Information, including:

  • Database-enforced tenant isolation. Row-Level Security keyed by organization (org_id) isolates each Customer's data in the database itself, so that even a bug in application code should not let one Customer's data reach another. Privileged cross-tenant access is confined to the Founder behind server-side gates, and state-changing Founder actions are recorded in an append-only audit trail (see Founder / cross-tenant access).
  • Mandatory multi-factor authentication (MFA). Every dashboard user must enroll a TOTP authenticator; a stolen password alone does not grant access.
  • Salted password hashing and leaked-password screening. Passwords are stored only as salted hashes via our authentication Subprocessor — never in plaintext — and passwords found in known breach dumps are rejected.
  • An append-only audit Ledger. UPDATE and DELETE are revoked on the events table at the database level, so the audit trail cannot be edited by anyone.
  • High-entropy tokens and PINs. Public field links use long, unguessable tokens; action links are single-purpose and time-limited; PINs are generated from cryptographic randomness, rate-limited, and lock out after repeated failures (with alerts).
  • Encryption in transit and server-side secrets. Traffic is served over HTTPS, and sensitive credentials (service keys and messaging/AI provider secrets) are held server-side only and never exposed to the browser.
  • Private photo storage served only through short-lived signed URLs, plus operational logging, throttling, and backups.

No method of transmission or storage is perfectly secure. While we work to protect your Personal Information, we cannot guarantee absolute security. If we become aware of a breach of security safeguards involving Personal Information that creates a real risk of significant harm, we will notify affected parties and regulators as required by applicable law (including PIPEDA's breach-reporting obligations), and — for Customer Data — will notify and support the Customer as the responsible party in line with the DPA.

11. Your privacy rights

Subject to applicable law and reasonable verification of your identity, you have rights over your Personal Information. Because Proof holds most Field Data on behalf of Customers, the practical route to exercise a right depends on who is responsible for the data.

11.1 Rights under Canadian law (PIPEDA)

  • Access — to ask whether we hold Personal Information about you and to receive a copy, subject to legal exceptions;
  • Correction — to ask us to correct inaccurate or incomplete information (for the append-only Ledger, corrections are recorded as new rows referencing the original, not by erasing history);
  • Withdraw consent — to withdraw consent to certain uses or disclosures on reasonable notice, subject to legal or contractual restrictions (this may affect the Service or messages you receive); and
  • Complain — to challenge our compliance and, if unsatisfied, to complain to the Office of the Privacy Commissioner of Canada (see Contact & Privacy Officer).

11.2 Rights where GDPR/UK GDPR or US state laws (e.g. CCPA/CPRA) apply

If you are in a region whose laws grant them, you may also have rights to access, rectify, erase, restrict, or object to processing, to data portability, and to opt out of the "sale" or "sharing" of personal information for targeted advertising — which we do not do. We do not discriminate against you for exercising your rights. Where the GDPR applies to Customer Data, the Customer is the controller and you may need to direct certain requests to that Customer.

11.3 Data entered by a Customer

If a carrier (Customer) entered your information or messaged you through Proof — for example, you are a driver, mechanic, or shipment contact — that Customer is the party responsible for that data. If you contact us, we may refer or forward your request to the relevant Customer and assist that Customer in responding, as the DPA requires.

11.4 How to exercise your rights

Email support@goproof.ca with your request. We will respond within the timeframes required by applicable law. To protect you, we may need to verify your identity before acting, and we may decline or limit a request where the law permits (for example, to preserve the integrity of the append-only accountability record, to comply with legal obligations, or to protect the rights of others).

12. Children

The Service is a business tool intended for use by businesses and their workers. It is not directed to children, and we do not knowingly collect Personal Information from anyone under the age of majority in their province or jurisdiction of residence. If you believe a minor has provided Personal Information through the Service, contact support@goproof.ca and we will take appropriate steps to address it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated / Effective date" at the top and, where a change is material, take reasonable steps to provide additional notice (for example, through the Service or by email to account administrators). Changes take effect on the stated effective date. Your continued use of the Service after a change takes effect signifies your acceptance of the updated policy, to the extent permitted by law.

14. Contact & Privacy Officer

If you have questions, requests, or concerns about this policy or our handling of Personal Information, contact our Privacy Officer:

  • Privacy Officer, Proof Incorporated
  • Email: support@goproof.ca
  • General legal contact: support@goproof.ca
  • Support: support@goproof.ca
  • Mail: Ontario, Canada (mailing address on request via support@goproof.ca)

We will acknowledge and address your inquiry within a reasonable time and within any period required by law. This policy is governed by the laws of the Province of Ontario and the applicable federal laws of Canada, without regard to conflict-of-laws rules.

Complaints to a regulator. If you are in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca or 1-800-282-1376. Residents of some provinces or other countries may also have the right to complain to their local privacy or data-protection authority.

Terms·Privacy·Messaging·Cookies·All

goproof.ca · If it moved, we can prove it.