DuloProof
Get Started
LEGAL

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: February 10, 2026

Introduction

DuloProof (“we,” “our,” or “us”), operating the DuloProof platform, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the “Services”).

We operate under the laws of the European Union, including the General Data Protection Regulation (GDPR). We act as the data controller for the personal data processed through our Services.

Please read this privacy policy carefully. By using our Services, you consent to the practices described in this policy.

Lawful Basis for Processing

Under the GDPR, we process your personal data on the following lawful bases:

  • Contract Performance: Processing necessary to provide our Services to you (e.g., account management, service delivery).
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services and ensuring security, where those interests are not overridden by your rights.
  • Consent: Where you have given us specific consent for processing activities, such as receiving promotional communications.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

Information We Collect

Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, company name, and job title when you create an account. Passwords are managed securely by our authentication provider (AWS Cognito) and are not directly stored by us.
  • Profile Information: Any additional information you add to your profile.
  • Content: Checklists, templates, comments, and other content you create or upload.
  • Communications: Messages you send to us through our Services.
  • Payment Information: Billing address and payment details, processed securely by Stripe. We do not store your full payment card details.

Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage Data: Pages viewed, features used, actions taken, and time spent.
  • Device Information: Device type, operating system, browser type, and screen resolution.
  • Log Data: IP address, access times, and referring URLs.

Information from Third Parties

We may receive information from our service providers in the course of delivering the Services, specifically:

  • AWS Cognito: Authentication data associated with your account.
  • Stripe: Payment confirmation and subscription status (when applicable).

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyse trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorised activity
  • Personalise and improve your experience
  • Send promotional communications (with your consent)

AI-Powered Features

Our Services include AI-powered template generation features. When you use these features:

  • AI Provider: We use Anthropic’s Claude AI to generate and process templates based on your input.
  • Data Sent to AI: Content and prompts you provide when using AI template generation features may be sent to Anthropic for processing.
  • AI Data Handling: Anthropic processes this data in accordance with their privacy policy and data processing terms. We have contractual safeguards in place with Anthropic regarding data handling.
  • No Training on Your Data: Your content is not used to train Anthropic’s AI models.
  • AI Output: AI-generated templates are provided as-is. You are responsible for reviewing and validating all AI-generated content before use.

Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

  • With Service Providers: We work with the following service providers to operate our Services:
    • AWS (Amazon Web Services): Cloud hosting and authentication services
    • Anthropic: AI-powered template generation
    • Stripe: Payment processing (when applicable)
  • For Legal Reasons: To comply with applicable laws, respond to legal requests, or protect rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you direct us to share information

Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments

Data Retention

We retain your information for as long as your account is active or as needed to provide Services. We may retain certain information for legitimate business purposes or as required by law. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Access: Request a copy of your personal information
  • Rectification: Request correction of inaccurate information
  • Erasure: Request deletion of your information (“right to be forgotten”)
  • Restriction: Request restriction of processing of your data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at hello@duloproof.com. We will respond to your request within 30 days as required by the GDPR. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

International Data Transfers

Your information is primarily processed within the European Union on AWS infrastructure. However, certain data may be transferred to and processed in regions outside the EU in the following cases:

  • AWS: Data may be processed in AWS data centres in the EU and US regions.
  • Anthropic: When you use AI-powered features, your input data is processed by Anthropic, which operates in the United States.

For transfers outside the EU/EEA, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

Children’s Privacy

Our Services are not intended for children under 16. We do not knowingly collect information from children under 16.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the new policy and updating the “Last updated” date.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

  • Email: hello@duloproof.com
  • Data Controller: DuloProof