A concise view of how ExemptProof handles data

Last updated April 11, 2026. This policy covers the account, certificate, and audit information used to run ExemptProof as a production business application.

Information We Collect

ExemptProof collects account details, organization details, uploaded documents, certificate metadata, audit activity, and technical information such as IP address and browser data needed to operate and secure the service.

How We Use Information

We use information to provide the service, authenticate users, validate uploaded records, support exports and audit trails, communicate about the account, and protect the platform from abuse or unauthorized access.

How Information Is Shared

We do not sell personal information. We may share data with infrastructure, storage, email, and analytics vendors that help us operate ExemptProof, or when disclosure is required by law, regulation, or legal process.

Retention

Customer data is retained for as long as your organization keeps it in ExemptProof, subject to backups, legal requirements, and operational retention periods. You can request account deletion, but shared organizational records are preserved unless separately deleted by an authorized organization administrator.

Security

We use reasonable administrative, technical, and organizational safeguards to protect stored information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your Choices

You can update account details, manage organization access, and request password resets through the service. If you want to delete your account, ExemptProof will remove your memberships when safe and will block deletion if you are the sole owner of an organization.

Contact

Questions about this Privacy Policy can be sent to privacy@exemptproof.com.