Last updated: 08.01.2025
This Data Retention Policy applies to the Proofly service ("Service") operated by Proofly, a company registered in the United Arab Emirates with company number 10248, and registered office at 3rd Floor, A3 Building, Business Center, PO Box 449648, Dubai, United Arab Emirates. (collectively referred to as "Company", "we", "us", "our").
The Service includes the Proofly website (www.proofly.ai) and related services.
1. Introduction
1.1 Purpose of the Document
This policy establishes the principles, timeframes, and procedures for storing and deleting personal data in the Service.
This policy is in accordance with Regulation (EU) 2016/679 (GDPR), UK GDPR, CCPA and other applicable data protection laws in regions where the Company operates.
1.2 Scope
This policy applies to all personal data processed by the Company.
1.3 Responsibility
The designated Data Protection Officer (DPO) of the Company is responsible for ensuring compliance with this policy.
2. Data Retention Principles
2.1 Data Minimization
Proofly stores only the data necessary for providing services and complying with legal requirements.
2.2 Storage Limitation
Personal data is stored no longer than necessary for the purposes for which it is processed.
2.3 Data Accuracy
Proofly takes measures to ensure the accuracy and currency of stored data.
3. Categories of Data and Retention Periods
The following retention periods apply to Proofly unless otherwise specified:
3.1 User Account Data
Retention period: Until account deletion by the user or 24 months after last activity
Rationale: Necessary for service provision and user support
3.2 User Content Data (photos and videos)
Retention period: 90 days after upload, unless deleted earlier by the user.
Rationale: Necessary for service functionality (deepfake detection).
3.3 User Activity Logs
Retention period: 12 months
Rationale: Service quality improvement and dispute resolution
4. AI-Related Data Retention:
4.1. AI Model Training Data:
Retention period: 24 months from last use in training
Rationale: Necessary for continuous improvement of AI models and auditability
4.2. User Interaction Logs with AI Systems:
Retention period: 12 months
Rationale: Necessary for system improvement and user support
All AI-related data is stored in an anonymized or pseudonymized form to protect user privacy.
5. Data Deletion Procedures
5.1 Automatic Deletion
System automatically deletes data upon expiration of retention period
5.2 Manual Deletion
Upon user request for data deletion
Execution time frame: within 30 days of request
5.3 Pseudonymization
Data required for analytics undergoes pseudonymization after active use period expiration
5.4 Secure Deletion
Secure deletion methods are used, preventing data recovery
6. Exceptions to Retention Policy
6.1 Legal Requirements
Data may be stored longer than the established period if required by law
6.2 Scientific and Statistical Purposes
Anonymized data may be stored longer for research purposes
7. Data Subject Rights
Request processing procedure via Data Subject Rights Request Form (if applicable)
7.1 Right to Explanation of AI Decisions
Users have the right to request an explanation of how AI systems have influenced their matches or recommendations.
Proofly will provide this information in a clear, understandable format within 30 days of the request.
7.2 Right to Correct AI-Inferred Data
Users can view any data inferred by our AI systems by contacting us at [email protected]
8. AI Data Security Measures
8.1 Encryption: All AI-related data is encrypted.
8.2 Access Control: Access to AI systems and related data is strictly limited to authorized personnel.
8.3 Audit Trails: All access to and modifications of AI systems and data are logged and regularly audited.
8.4 Anonymization: Where possible, data used for AI training and inference is anonymized to protect individual privacy.
9. Audit and Control
9.1 Regular Audit
Quarterly audit of data retention policy compliance is conducted, including specific checks on AI-related data handling.
9.2 AI System Monitoring
Continuous monitoring of AI system performance, including checks for bias and accuracy.
9.3 Reporting
Audit results, including AI system performance and compliance, are provided to management, DPO, and relevant regulatory bodies if required.
10. Staff Training
10.1 Training Program
All employees working with personal data undergo mandatory training on this policy and data protection requirements in all jurisdictions where Proofly operates.
11. International Data Transfers and Applicable Law
11.1 Compliance with International Laws
Proofly complies with all applicable international laws for data transfers, including the use of Standard Contractual Clauses for transfers of personal data to third countries.
11.2 Applicable Data Protection Laws
'Applicable Data Protection Laws' include, but are not limited to, the General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA), the EU AI Act, the data protection laws of the UAE, Saudi Arabia, and any other applicable laws in the jurisdictions where Proofly operates.
12. Duration and Survival
This Data Retention Policy will remain in effect for the duration of the User Agreement and for a period of 3 years after its termination to allow for the proper handling of any remaining personal data.
13. Confidentiality of User Data
Proofly does not publish or share any user data transmitted to us for deepfake detection. Users agree that the data they provide does not constitute personal data and is confidential. Proofly takes all necessary measures to protect the confidentiality and security of user data in accordance with this Data Retention Policy and applicable data protection laws.
14. Policy Updates
14.1 Regular Review
Policy is reviewed annually or upon significant changes in data processing
14.2 Update Procedure
Changes are approved by DPO and company management
15. Contact Us
For questions related to this policy, please contact the DPO: dpo@proofly.ai
Date: 08.01.2025