Privacy Policy

Effective date: April 18, 2026

1. Overview

ProofPM ("we," "us," "the Platform") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. ProofPM is operated by Mahesh Kalbhor as a sole proprietorship based in Atlanta, Georgia.

2. Data We Collect

Information you provide

  • Account data: Name, email address, and password when you register.
  • Profile data: Job title, company, location, website, bio, career transition goals. All optional.
  • Assessment data: Your responses to the AI PM Readiness Assessment and resulting scores.
  • Payment data: Processed by Stripe. We do not store credit card numbers. We receive transaction confirmation, plan type, and billing dates from Stripe.
  • User content: Posts, comments, and messages you submit on the platform.
  • Communication data: Emails you send us and newsletter subscription preferences.

Information collected automatically

  • Usage data: Pages visited, features used, time spent, and navigation patterns. Collected via PostHog (when enabled) with anonymized identifiers.
  • Device data: Browser type, operating system, screen resolution, and language preference.
  • Log data: IP address, access times, and referring URLs. Retained for 90 days for security purposes.

3. How We Use Your Data

  • Deliver the service: Run your assessment, generate your roadmap, display your learning progress, and provide platform features.
  • Personalize your experience: Recommend resources based on your assessment results and activity. You can disable this in settings.
  • Process payments: Manage subscriptions, process refunds, and send billing-related emails.
  • Send communications: Welcome emails, newsletter (opt-in), content alerts, and cohort updates. You control all notification preferences in settings.
  • Improve the Platform: Analyze aggregate usage patterns to improve content, features, and performance. Individual data is never sold.
  • Prevent abuse: Detect and prevent fraud, spam, and terms of service violations.

4. Data We Do Not Collect or Sell

  • We do not sell your personal data to third parties. Ever.
  • We do not use your data to train AI or machine learning models.
  • We do not share your assessment results, profile, or activity with employers or recruiters unless you explicitly opt in to a future feature that enables this.
  • We do not use tracking pixels from ad networks (no Facebook Pixel, no Google Ads remarketing).

5. Third-Party Services

We use the following third-party services to operate the Platform:

ServicePurposeData shared
VercelHosting and deploymentServer logs, IP addresses
StripePayment processingPayment info, email, name
ResendTransactional emailEmail address, name
PostHogProduct analyticsAnonymized usage events
Google OAuthAuthentication (optional)Email, name, profile picture

Each service has its own privacy policy. We select services that meet industry-standard security practices.

6. Data Retention

  • Account data: Retained while your account is active and for 30 days after deletion to allow recovery.
  • Assessment data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Payment records: Retained for 7 years as required by tax and financial regulations.
  • Server logs: Retained for 90 days, then automatically purged.
  • Analytics data: Anonymized and aggregated. Individual event data retained for 12 months.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access:Request a copy of all data we hold about you. Available via the "Download My Data" button in settings.
  • Correction: Update inaccurate data via your profile settings at any time.
  • Deletion: Request deletion of your account and associated data. Available via settings or by emailing us.
  • Portability: Export your data in a machine-readable format (JSON).
  • Opt out of analytics: Disable usage tracking in your privacy settings.
  • Unsubscribe: Manage all email preferences in settings, or use the unsubscribe link in any email.

We respond to all data requests within 30 days. For GDPR and CCPA requests, email maheka@gmail.com.

8. Cookies

ProofPM uses minimal cookies:

  • Session cookie: Required for authentication. Expires when you close your browser or after 30 days.
  • Theme preference: Stores your light/dark mode choice. Local storage, not transmitted to servers.
  • Analytics cookie: PostHog identifier for usage analytics. Can be disabled in privacy settings.

We do not use advertising cookies, cross-site tracking cookies, or third-party cookie-based retargeting.

9. Security

We implement industry-standard security measures: passwords are hashed with bcrypt, connections are encrypted via TLS, payment processing is handled by PCI-compliant Stripe, and access to production systems is restricted. We conduct regular security reviews. While no system is 100% secure, we take reasonable steps to protect your data. If we discover a breach that affects your personal data, we will notify you within 72 hours.

10. Children

ProofPM is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this policy as our practices or legal requirements change. Significant changes will be communicated via email to registered users at least 14 days before taking effect. The effective date at the top of this page reflects the latest version.

12. Contact

Questions about this privacy policy or your data? Email maheka@gmail.com.

ProofPM is operated by Mahesh Kalbhor. Atlanta, Georgia, United States.