Login
Terms and Conditions and LicencesPrivacy Policy
FIPS 140-3
Common Criteria EAL5+

Products

  • ProvenHSM
  • Qualified Signature Creation Device (QSCD)
  • Software Developer Kit (SDK)
  • Security Applications
  • ProvenCore OS and TEE

Use Cases

  • Data Protection
  • PQC Migration
  • Key Management & Cloud KMS
  • Confidential Computing
  • Finance Innovation
  • eIDAS Signature and Identity Wallet
  • Multi-Party Computation (MPC)

Resources

  • Blog and Whitepapers
  • Security and Certifications
  • Integrations

Company

  • Careers
  • About

Privacy Policy

1. Data Controller

ProvenRun acts as the data controller for personal data collected via its website and services.

Address: 77 Avenue Niel, 75017 Paris, France

Contact (Privacy): contact@provenrun.com

2. Personal Data Collected

ProvenRun may collect the following categories of personal data:

  • Contact details: name, email address, company, job title
  • Professional information: role, organization, business related data voluntarily provided
  • Technical data: IP address, access logs, cookies, and similar identifiers
  • Communication records: enquiries, support requests, and related correspondence

ProvenRun applies data minimization principles and only collects personal data that is strictly necessary for the purposes described below.

Important notice: ProvenRun does not collect cryptographic keys, secrets, or sensitive customer security materials through the website or marketing services.

3. Purpose of Processing

Personal data is processed exclusively for legitimate business purposes, including:

  • Commercial and professional communications
  • Customer support and service delivery
  • Security monitoring, abuse detection, and fraud prevention
  • Compliance with legal, regulatory, and contractual obligations

Personal data is not processed for purposes incompatible with those described above, unless required or permitted by applicable law.

4. Legal Basis for Processing

Processing of personal data is based on one or more of the following legal grounds under the GDPR:

  • Legitimate interests (e.g., business communications, website security)
  • Consent (e.g., analytics cookies and similar technologies)
  • Performance of pre-contractual measures (e.g., responding to inquiries or requests)
  • Compliance with legal obligations

5. Data Security

ProvenRun implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Role based access control and least privilege principles
  • Secure infrastructure designed according to hardware backed trust and HSM security principles

While no system can guarantee absolute security, ProvenRun applies industry recognized best practices proportionate to the sensitivity of the data processed.

6. Data Retention

Personal data is retained only for as long as necessary for the purposes described above or as required by applicable law.

Indicative retention periods include:

  • Technical logs: up to 1 year
  • Commercial and contact data: up to 3 years after the last interaction

Data may be retained for longer periods where required for legal, regulatory, or dispute resolution purposes.

7. Data Sharing

Personal data may be shared only with:

  • Trusted service providers (e.g. hosting providers, IT service providers, analytics providers), acting as processors and bound by contractual data protection obligations
  • Public authorities, when disclosure is required by law or regulation

ProvenRun does not sell personal data to third parties.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), ProvenRun ensures that appropriate safeguards are in place, such as:

  • European Commission adequacy decisions, or
  • Standard Contractual Clauses (SCCs) or equivalent legal mechanisms

9. User Rights

In accordance with the General Data Protection Regulation (GDPR), users have the right to:

  • Access their personal data
  • Rectify or erase inaccurate or outdated data
  • Object to or restrict processing
  • Request data portability

Individuals also have the right to lodge a complaint with a competent supervisory authority, including the French data protection authority (CNIL).

To exercise these rights, users may contact: contact@provenrun.com

10. Cookies

The ProvenRun website uses cookies and similar technologies to ensure proper functioning, improve performance, and analyze usage.

  • Essential cookies are necessary for the operation of the website and do not require consent
  • Analytics cookies are used only with user consent via the website's cookie banner

Users can manage or withdraw their consent at any time through the cookie management tool or their browser settings.

11. Updates to this Policy

ProvenRun may update this Privacy Policy from time to time to reflect legal, technical, or business developments. The latest version will always be available on this page.

12. Applicable Law

This Privacy Policy is governed by French law and applicable European Union data protection regulations.