Proa

Last updated June 4, 2026

Security

How Proa protects personal finance data without overstating controls.

Infrastructure

Proa runs on AWS infrastructure with managed authentication, API, database, storage, and logging services.

Report files are stored in private S3 storage with public access blocked and a default 90-day lifecycle policy for report objects.

Data minimization

Proa is removing optional analytics and advertising tracking from the launch scope.

AI report prompts should not include your name, email, login details, passwords, or secrets.

Proa AI is designed to use only the data sources you enable and only the context needed for the current question, report, or proposal.

Assistant requests should not include passwords, secrets, identity documents, seed phrases, private keys, or personal notes you do not want processed by AI providers.

AI logs

Proa limits operational logs for AI features to service metadata such as request identifiers, status, model, token usage, estimated cost, latency, and errors.

Proa does not intentionally write chat prompts or detailed financial context to application logs.

Payments

Payments are handled by Stripe. Proa does not need to store full card details.

Account protection

Keep your email account secure, use strong authentication where available, and contact privacy@getproa.app if you suspect unauthorized account access.

Responsible disclosure

Security reports can be sent to privacy@getproa.app. Please include enough detail to reproduce the issue and avoid accessing other users' data.