Security

Proa runs on AWS infrastructure with managed authentication, API, database, storage, and logging services.

Report files are stored in private S3 storage with public access blocked and a default 90-day lifecycle policy for report objects.

Proa is removing optional analytics and advertising tracking from the launch scope.

AI report prompts should not include your name, email, login details, passwords, or secrets.

Payments are handled by Stripe. Proa does not need to store full card details.

Keep your email account secure, use strong authentication where available, and contact privacy@getproa.app if you suspect unauthorized account access.

Security reports can be sent to privacy@getproa.app. Please include enough detail to reproduce the issue and avoid accessing other users' data.