Last updated June 4, 2026
Security
How Proa protects personal finance data without overstating controls.
Infrastructure
Proa runs on AWS infrastructure with managed authentication, API, database, storage, and logging services.
Report files are stored in private S3 storage with public access blocked and a default 90-day lifecycle policy for report objects.
Data minimization
Proa is removing optional analytics and advertising tracking from the launch scope.
AI report prompts should not include your name, email, login details, passwords, or secrets.
Proa AI is designed to use only the data sources you enable and only the context needed for the current question, report, or proposal.
Assistant requests should not include passwords, secrets, identity documents, seed phrases, private keys, or personal notes you do not want processed by AI providers.
AI logs
Proa limits operational logs for AI features to service metadata such as request identifiers, status, model, token usage, estimated cost, latency, and errors.
Proa does not intentionally write chat prompts or detailed financial context to application logs.
Payments
Payments are handled by Stripe. Proa does not need to store full card details.
Account protection
Keep your email account secure, use strong authentication where available, and contact privacy@getproa.app if you suspect unauthorized account access.
Responsible disclosure
Security reports can be sent to privacy@getproa.app. Please include enough detail to reproduce the issue and avoid accessing other users' data.