Privacy Policy

Effective date: March 29, 2026

1. Who We Are

PROOF ("we," "us," or "our") operates the verified effort loyalty platform at verifiedeffort.com and the application at proof.verifiedeffort.com. PROOF is operated by PROOF Verified Effort, Inc., based in California, United States.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, platform, and related services (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When you create a PROOF account, we collect:

  • Email address
  • Name (as provided by you or your connected fitness platform)
  • Password (stored in hashed form only)

2.2 Fitness Platform Data

When you connect a fitness platform to PROOF (currently Strava; additional integrations planned), we receive activity data from that platform through their authorized API. This data may include:

  • Activity type (e.g., cycling, running, swimming, walking)
  • Distance, duration, and pace/speed
  • GPS route data (used for verification, then discarded — see Section 5)
  • Date and time of activity
  • Activity title and description
  • Total elevation gain
  • Heart rate data (average and maximum, when recorded by your device)
  • Power data (average and weighted-average watts, when a power meter is paired)
  • Energy expended in kilojoules (when computable from power data)
  • Your fitness platform's native intensity score, where one is published
  • Your fitness platform profile information (athlete ID, profile name, profile photo URL)

We only access data you have explicitly authorized through the OAuth consent flow provided by each fitness platform. You can revoke this access at any time (see Section 7).

Forward-purpose declaration. We capture all of the activity-data fields above on every recorded activity, even though our current PROOF Miles calculation (methodology v1.0) only uses distance and elevation. The remaining fields — heart rate, power, kilojoules, and intensity scores — are stored to support enriched effort calculation in future releases (intensity-aware PROOF Miles, dimension-specific challenges, athlete specializations). You can review the full methodology, including the forward roadmap, at our PROOF methodology page. Disconnecting a fitness platform stops new data of any of these types from being received.

2.3 Brand Program Data

When you join a brand's loyalty program through PROOF, we collect and generate:

  • Your connection to specific brand programs
  • PROOF miles (PM) earned — our effort-normalized unit
  • Your PROOF tier and brand-specific tier
  • Reward thresholds reached and discount codes issued

2.4 Usage Data

We automatically collect standard usage data when you interact with the Service, including IP address, browser type, device information, pages visited, and referring URL. We use Vercel Analytics for aggregated, privacy-friendly website analytics.

3. How We Use Your Information

We use the information we collect to:

  • Verify that athletic activities are real and recorded by the athlete's fitness device or app
  • Convert verified activities into PROOF miles using our PROOF Effort Index (PEI)
  • Calculate and maintain your PROOF tier and active status
  • Credit your effort to brand loyalty programs you have joined
  • Generate and deliver rewards (e.g., discount codes) on behalf of brands
  • Send you transactional notifications about your account and earned rewards
  • Detect and prevent fraudulent activity submissions
  • Improve and maintain the Service

We do not use your data for advertising. We do not sell your data. We do not use your fitness data to train artificial intelligence or machine learning models.

4. How We Share Your Information

4.1 With Brands You Join

When you join a brand's loyalty program through PROOF, that brand receives limited data necessary to operate their program:

  • Your PROOF tier and active status
  • Brand-specific PROOF miles earned (only for sports in that brand's allowlist)
  • Reward milestones reached
  • Your email address (for program communications you have opted into)

Brands do not receive your raw GPS data, your full activity history, or data from other brand programs you have joined. Each brand only sees effort relevant to their own program.

4.2 With Fitness Platforms

We do not share your data back to Strava or other connected fitness platforms beyond what is required for the API connection to function.

4.3 With Third Parties

We do not sell, rent, lease, or license your personal data to any third party, including advertisers or data brokers. We may share data with service providers who help us operate the Service (e.g., hosting, email delivery), but only under strict contractual obligations to protect your data and use it solely for providing services to PROOF.

4.4 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention and GPS Data

We retain your account information and PROOF miles history for as long as your account is active. Activity records (type, distance, date, verified PM) are retained as part of your effort ledger.

GPS route data is used during the verification process to confirm that an activity is real and recorded by your fitness device or app. We do not store full GPS route coordinates long-term. Once verification is complete, we retain only the verification result (verified or not) and aggregate activity data (distance, sport type, duration).

If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it. Anonymized and aggregated data that cannot be used to identify you may be retained for analytics purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/SSL), encrypted storage of sensitive credentials, and access controls limiting who can access personal data within our organization. OAuth tokens used to connect fitness platforms are stored securely and refreshed according to each platform's requirements.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Portability

You may request a copy of the personal data we hold about you by contacting us at team@verifiedeffort.com.

7.2 Correction

You may update your account information at any time through the Service. If you believe any data we hold is inaccurate, contact us and we will correct it.

7.3 Deletion

You may delete your PROOF account at any time. Upon deletion, we will remove your personal data within 30 days. You may also request deletion of specific data by contacting us at team@verifiedeffort.com.

7.4 Disconnect Fitness Platforms

You may disconnect any connected fitness platform at any time through your PROOF account settings. You may also revoke PROOF's access directly through the platform's own settings:

  • Strava: Settings → My Apps → PROOF → Revoke Access

Disconnecting a fitness platform stops new activity data from being sent to PROOF. Activity data already verified and credited to your account remains part of your effort history unless you request its deletion.

7.5 Communication Preferences

You may opt out of promotional emails at any time by clicking the unsubscribe link in any email or updating your preferences in your account settings. Transactional emails related to your account and earned rewards may still be sent as necessary for the operation of the Service.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose about you
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights
  • Correct inaccurate personal information
  • Limit use and disclosure of sensitive personal information

To exercise any of these rights, contact us at team@verifiedeffort.com. We will respond to verifiable requests within 45 days as required by California law.

9. International Data Transfers

PROOF is based in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

For users in the European Economic Area (EEA) or United Kingdom, we process data in compliance with GDPR requirements, including maintaining appropriate legal bases for processing and providing data subject rights as required by Articles 15–22 of the GDPR.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at team@verifiedeffort.com.

11. Third-Party Fitness Platform Terms

Your use of connected fitness platforms is governed by their respective terms and privacy policies. We encourage you to review these:

PROOF's access to your fitness data is subject to the terms of each platform's API agreement. We do not access data beyond the scope of the permissions you grant during the OAuth authorization process.

12. Cookies and Tracking

The PROOF website uses minimal cookies necessary for the Service to function (such as session cookies for authentication). We use Vercel Analytics for aggregated website analytics, which does not use cookies or track individual users. We do not use third-party advertising cookies or trackers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service prior to the change becoming effective. The "Effective date" at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

PROOF Verified Effort, Inc.
Email: team@verifiedeffort.com

This policy is designed to meet the requirements of the Strava API Agreement, the California Consumer Privacy Act (CCPA/CPRA), and the General Data Protection Regulation (GDPR).