← Back to Pruvn
Privacy Policy
Last updated: April 7, 2026 · Effective: April 7, 2026
Pruvn ("the App", "the Platform", "the Service") is a product of PruvnLabs, a department of Whizzybase Technologies Private Limited, a company incorporated under the laws of India (CIN pending), with its registered office in Jammu, India ("the Company", "we", "us", "our"). Our websites include pruvnlabs.com and related subdomains.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Pruvn application (available on Android, iOS, and web), our websites, APIs, browser extensions, and related services. Please read this policy carefully. By using our Service, you consent to the practices described herein.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Phone number (for OTP-based authentication), name, email address (optional), profile preferences.
- User-Generated Content: Claims you submit for fact-checking, community notes you write, reports you file, feedback you provide.
- Organization Data: If you register as a fact-checking organization, we collect your organization name, website, contact email, IFCN certification status, and branding assets (logo, colors).
- Admin Credentials: For admin panel users, we collect username, password (stored as bcrypt hash, never in plain text), email address, and role information.
1.2 Information Collected Automatically
- Device Information: Device type, operating system, browser type, screen resolution, unique device identifiers.
- Usage Data: Pages viewed, stories read, searches performed, features used, time spent, interaction patterns.
- Location Data: Approximate location (city/region level) derived from IP address. Precise GPS location is only collected if you explicitly grant permission for location-based story filtering, and can be revoked at any time.
- Log Data: IP address, access times, referring URLs, error logs.
- Cookies and Local Storage: Authentication tokens, user preferences, feed cache, language settings. We do not use third-party advertising cookies.
1.3 Information from Third Parties
- Social Media: If you interact with our Chrome extension on Twitter/X, we access publicly available tweet content (text, author, timestamp, media URLs) that you explicitly choose to add as evidence or create stories from. We do not access your social media accounts or private messages.
- WhatsApp: If you interact with our WhatsApp bot, we receive the messages you send to us. We do not access your contacts, groups, or other conversations.
2. How We Use Your Information
| Purpose | Legal Basis |
|---|
| Provide, maintain, and improve the Service | Contractual necessity |
| Authenticate your identity (OTP login) | Contractual necessity |
| Process and respond to claims you submit | Contractual necessity |
| Personalize your feed based on preferences and location | Legitimate interest / Consent |
| Send notifications about your claims and stories | Contractual necessity |
| Analyze usage patterns to improve the platform | Legitimate interest |
| Detect and prevent fraud, abuse, and security threats | Legitimate interest / Legal obligation |
| Comply with legal obligations (IT Act 2000, court orders) | Legal obligation |
| Communicate service updates and policy changes | Legitimate interest |
We do NOT:
- Sell your personal data to third parties.
- Use your data for targeted advertising.
- Share your phone number or personal details with other users without your consent.
- Train AI models on your private data. Our AI features use your submitted content only to provide the fact-checking service you requested.
3. How We Share Your Information
We may share your information only in the following circumstances:
- With fact-checking organizations: Claims you submit may be shared with verified fact-checking organizations on the Pruvn network for investigation. Your name and phone number are not shared unless required for follow-up (with your consent).
- Published content: Stories, community notes, and fact-checks you contribute are publicly visible by design. Do not include personal information in public contributions.
- Service providers: We use third-party services for hosting (shared hosting providers), AI processing (Groq API for summarization), SMS delivery (for OTP), and analytics. These providers process data only on our behalf under contractual obligations.
- Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request, including under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.
4. Data Retention
- Account data: Retained for as long as your account is active. You may request deletion at any time.
- Published stories and fact-checks: Retained indefinitely as part of the public fact-checking record, even after account deletion.
- Claims: Retained for up to 2 years after resolution, then anonymized or deleted.
- Usage logs: Retained for 90 days, then aggregated and anonymized.
- Admin session tokens: Expire after 12 hours.
- User session tokens: Expire after 30 days.
5. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Passwords stored using bcrypt hashing (never in plain text).
- All data transmitted over HTTPS/TLS encryption.
- Session tokens with expiration and single-session enforcement for admin accounts.
- Account lockout after 5 failed login attempts (15-minute cooldown).
- Role-based access control with organization-level data isolation.
- Regular security audits and vulnerability assessments.
- Input sanitization and parameterized queries to prevent injection attacks.
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
6. Your Rights
6.1 All Users
- Access: Request a copy of the personal data we hold about you.
- Correction: Update or correct inaccurate personal data.
- Deletion: Request deletion of your account and associated data.
- Portability: Request your data in a machine-readable format.
- Withdraw Consent: Withdraw consent for optional data processing (e.g., location tracking) at any time.
6.2 European Economic Area (EEA) / UK Residents (GDPR)
If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal basis for processing is outlined in Section 2. For cross-border transfers, we rely on Standard Contractual Clauses.
6.3 California Residents (CCPA/CPRA)
California residents have the right to know what personal information is collected, request deletion, opt out of the sale of personal information (we do not sell personal data), and not be discriminated against for exercising these rights. To exercise your rights, contact us at the address below.
6.4 Indian Residents (DPDPA 2023)
Under the Digital Personal Data Protection Act, 2023, you have the right to access, correct, and erase your personal data. You may nominate another person to exercise your rights in case of death or incapacity. We process data of minors only with verifiable parental consent.
7. Children's Privacy (COPPA and GDPR Compliance)
7.1 Age Requirements
- Users in the United States must be at least 13 years old to create an account, in compliance with the Children's Online Privacy Protection Act (COPPA).
- Users in the European Economic Area (EEA) and United Kingdom must be at least 16 years old to create an account, in compliance with the General Data Protection Regulation (GDPR) Article 8.
- Users in India must be at least 18 years old to create an account for features involving personal data processing, in compliance with the Digital Personal Data Protection Act (DPDPA), 2023.
- In all other jurisdictions, users must meet the minimum age of digital consent as defined by their local law, or be at least 13 years old, whichever is higher.
7.2 No Knowing Collection from Children
We do not knowingly collect, use, or disclose personal information from children below the applicable minimum age. Our account registration process includes an age verification step. We do not use persistent identifiers to track children across services.
7.3 Browsing Without an Account
Anyone, including children, may browse published fact-checked stories on Pruvn without creating an account. Browsing does not require providing personal information. We do not collect personal data from unauthenticated users beyond standard server logs (IP address, user agent) which are retained for 90 days for security purposes only and are not used to identify individual minors.
7.4 Parental Rights
If you are a parent or guardian and believe your child has created an account or provided personal information to Pruvn without your consent:
- Contact us immediately at privacy@pruvnlabs.com with the subject line "Child Data Deletion Request".
- We will verify your identity and parental relationship.
- We will delete the child's account and all associated personal data within 48 hours of verification.
- We will confirm deletion to you in writing.
7.5 Content Moderation
While Pruvn is a fact-checking platform that deals with news content (which may include sensitive topics), we do not specifically curate content for children. Parents and guardians are advised to supervise minors' access to news content on the platform. Fact-checked stories may cover topics including violence, political misinformation, health misinformation, and other subjects that parents may consider inappropriate for young readers.
7.6 School and Educational Use
If Pruvn is used in an educational setting, the educational institution is responsible for obtaining parental consent as required under COPPA and applicable law. We offer educational accounts upon request. Contact education@pruvnlabs.com for details.
8. International Data Transfers
Your data may be processed on servers located in India and other countries. By using our Service, you consent to the transfer of your data to countries that may have different data protection laws than your country of residence. We ensure appropriate safeguards are in place for such transfers.
9. Third-Party Services
Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies. Third-party services we use include:
- Groq API: For AI-powered text summarization (text sent for processing, not stored by Groq beyond the request).
- SearXNG: Self-hosted search aggregation (queries processed on our own servers).
- SMS Gateway: For OTP delivery (phone number shared with SMS provider).
10. Cookie Policy
We use essential cookies and local storage for:
- Authentication: Session tokens to keep you logged in (pv_token, pv_admin_token).
- Preferences: Language, feed filters, display settings, cookie consent choice.
- Performance: Feed caching to reduce server load and improve speed.
We do not use third-party tracking cookies or analytics cookies. When you first visit Pruvn in a web browser, a cookie consent banner will appear allowing you to accept all cookies or limit to essential cookies only. Your choice is stored in your browser's local storage. The Pruvn mobile app (via Shift2App) does not use browser cookies and does not show a cookie consent banner.
11. Advertising
Pruvn may display advertisements within the Service. These advertisements:
- Are not personalized based on your personal data, browsing history, or profile information.
- Are not age-restricted. The same advertisements are shown to all users regardless of age.
- May be served through third-party ad networks. These networks may use their own cookies and tracking mechanisms, which are governed by their respective privacy policies. When you consent to non-essential cookies via our cookie banner, you consent to these third-party ad cookies.
- If you select "Essential Only" on our cookie banner, we will attempt to serve ads without third-party tracking cookies.
We do not sell your personal data to advertisers. Advertising revenue helps us keep the core fact-checking service free for consumers and organizations.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on our website or within the app. The "Last updated" date at the top indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Grievance Officer (India)
In accordance with the Information Technology Act, 2000 and the rules made thereunder, the name and contact details of the Grievance Officer are:
Grievance Officer
Whizzybase Technologies Private Limited
Department: PruvnLabs
Email: grievance@pruvnlabs.com
Address: Jammu, Jammu & Kashmir, India
We will acknowledge your complaint within 24 hours and resolve it within 15 days from the date of receipt, in accordance with applicable law.
14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Email: privacy@pruvnlabs.com
- Website: pruvnlabs.com
- Registered Entity: Whizzybase Technologies Private Limited
- Department: PruvnLabs
- Address: Jammu, Jammu & Kashmir, India