Thank you for visiting Proby. We take your privacy seriously and explain how personal data is collected, used, and protected in this policy.
This policy covers two core situations.
- Website and business usage: website visits, demo requests, inquiries, account sign-up, and marketing communications
- Research participation (general public): when Proby directly recruits participants or when participants join qualitative research run by a client
Proby is an AI-powered qualitative research platform and may process participant opinions, responses, and recordings. Participant-specific handling is detailed in Section 3 below.
Table of Contents
- Introduction and Contact Information
- Information We Collect (Website Visitors, Customers, and Service Users)
- Research Participant Privacy (Sections 3.1 to 3.5)
- How We Use Information (Website Visitors, Customers, and Service Users)
- Cookies and Similar Technologies
- Sharing Information with Third Parties
- Data Storage, Transfer, and Hosting
- Data Retention Periods
- Data Deletion Process and Methods
- Your Rights and Choices
- Security Measures
- Children’s Data
- Changes to This Policy
- Questions, Concerns, or Complaints
1. Introduction and Contact Information
Proby provides AI-based qualitative research services. This policy applies to personal data collected from website visitors, prospective customers, existing customers, and research participants.
If you have questions about this policy or your personal data, contact us using the information below.
- Privacy contact department: Proby Privacy Team
- Data protection officer (CPO): designated responsible lead (details available upon request), contact hello@proby.io
- Email: hello@proby.io
- Rights and access requests: hello@proby.io
- Phone/written contact: after email intake, we may provide verified response channels as needed
- Where local representative designation is required by law (for example, EU/UK contexts), related details will be published in this policy or a supplemental notice
2. Information We Collect (Website Visitors, Customers, and Service Users)
2.1 Contact Information
- Name, job title, company name, and business email
- Information provided when requesting a demo, subscribing, creating an account, or contacting us
2.2 Technical and Usage Data
- IP address, browser type, operating system, and device details
- Visited pages, clicked links, access time, and service logs
- Data collected via cookies, web beacons, and similar technologies
2.3 Marketing and Communication Preferences
- Newsletter subscriptions, webinar registrations, and marketing preferences
- B2B contact data obtained from third parties or public sources (for example, LinkedIn or event registrations)
2.4 Required vs Optional Data
- Required data: minimum information needed for account creation, service delivery, security checks, and payment processing
- Optional data: newsletter preferences, webinar registrations, and marketing preference settings
- If required data is not provided, account creation or certain features may be unavailable
2.5 California Notice at Collection Summary
- Categories collected: identifiers, commercial information, internet/network activity, and audio/video data for research participation
- Purposes: service delivery, security and fraud prevention, customer support, analytics and improvement, and legal compliance
- Proby does not sell personal information and does not share personal information for cross-context behavioral advertising
- Category-level retention details are described in Section 8
3. Research Participant Privacy (General Public)
Proby may process participant personal data while conducting qualitative research (for example, interviews, focus groups, and surveys). This policy also applies when participants are recruited by clients but data is processed on Proby’s platform.
3.1 Data Categories (When Proby Recruits Directly)
- Recruiting and screening: name, contact details (email or phone), gender, age group, job, income, and screening responses
- Participant identification: contact details, nickname, or participant ID
- Interview and survey content: audio, video (if applicable), text responses, and survey answers
- Incentive payment data: account or payment details when compensation is provided
- Sensitive data: collected only when legally required and with separate consent, limited to the minimum scope
- Automatically collected data: device, IP, and session metadata from platform usage
3.2 Purposes of Participant Data Use
- Research execution: interview operations, response analysis, aggregation, and reporting
- Participant operations: recruiting, screening, scheduling, and compensation handling
- Quality and security: service quality improvement, abuse prevention, and dispute handling within legal limits
- Participant personal data is not used for independent marketing or sold to third parties
- Without separate explicit consent, participant personal data is not used to train external public models or for ad targeting
3.3 Client-Recruited Projects (When Proby Only Runs the Interview Layer)
- In this model, the client recruits and screens participants and Proby provides the interview platform
- Participant names, direct contacts, and screening responses remain with the client unless minimally required for operations
- Proby may process interview-session data such as recordings, transcript/chat responses, survey answers, and technical session metadata
- If the client asks Proby to send interview links, only minimum delivery data is used for that project purpose
- Retention and deletion follow Sections 8 and 9, or client contract terms when required
3.4 Sensitive Data and Unique Identifier Handling
- Proby does not generally collect unique national identifiers unless legally required
- When sensitive data processing is necessary, Proby applies separate notice/consent and data-minimization controls
- Sensitive data is not publicly disclosed and is deleted or anonymized when no longer required
3.5 Pseudonymized Data Processing
- Pseudonymized data may be processed for statistics, service reliability, and research quality management
- Controls include anti-reidentification safeguards, strict access controls, and purpose limitation
- Any data combination or additional pseudonymized-data processing follows applicable legal and governance procedures
4. How We Use Information (Website Visitors, Customers, and Service Users)
- To operate and maintain the website and services
- To respond to inquiries, provide demos, and support customers
- To send communications permitted by law or based on consent
- To analyze usage and improve product and user experience
- To ensure security, prevent fraud, fulfill contracts, and support legitimate business needs
4.1 Legal Bases for Processing
- Contract performance: account provisioning, service delivery, research operations, and support
- Legitimate interests: security monitoring, service reliability, performance analysis, and improvement
- Consent: marketing communications and sensitive-data processing where applicable
- Legal obligations: accounting/tax retention, dispute handling, and legal compliance
4.2 Automated Decision-Making and Profiling
- Proby does not generally use solely automated decision-making that produces legal or similarly significant effects
- AI classification, summarization, and recommendation features are assistive; final decisions are made by humans (including client teams)
7. Data Storage, Transfer, and Hosting
- Data may be stored on domestic or international infrastructure; primary processing infrastructure may reside in U.S. AWS regions
- For cross-border transfers, Proby may rely on safeguards such as Standard Contractual Clauses
- Details on transfer destinations, recipients, transferred data categories, and retention periods are available upon request
- Retention and deletion standards are described in Sections 8 and 9
7.1 Cross-Border Transfer Details
- Transfer destinations: the United States and other countries necessary for service delivery
- Transfer recipients (examples): AWS, Supabase, and contracted infrastructure/analytics/notification vendors
- Transfer purposes: service hosting, storage/backup, authentication, log/error analytics, and operational messaging
- Transferred categories: account, log, and research-operation data generated during use (project dependent)
- Timing and method: encrypted transmission over secure networks during service use
- Retention/use period: as defined in Section 8 and applicable contract/legal requirements
- Objection impact: you may raise transfer objections; however, some features may become unavailable
8. Data Retention Periods
Proby retains personal data until the relevant purpose is fulfilled or legal retention obligations expire.
8.1 Website Visitors and Customers
- Data is deleted when no longer needed, or upon withdrawal/deletion request where applicable
- Items subject to mandatory legal retention are stored for the required statutory period
8.2 Research Participants
- Recruiting and screening data: retained according to project rules, contract terms, or internal policies
- Interview and survey data: retained until project objectives are met, then per contract/policy duration
- Compensation data: may be retained for legally required accounting/tax periods
- Data irreversibly anonymized may be retained for statistical purposes
9. Data Deletion Process and Methods
When retention expires, purpose is completed, or consent is withdrawn, personal data is deleted without undue delay, unless longer legal retention is required.
9.1 Deletion Process
- Identify deletion targets and verify scope under internal governance
- Record deletion date, target data, and method
9.2 Deletion Methods
- Electronic files: secure and irreversible deletion
- Paper records: shredding or incineration
- Third-party hosted data: deletion requested and completion confirmed under contractual procedures
10. Your Rights and Choices
- Access and copy requests
- Correction requests
- Deletion requests
- Restriction or objection to processing
- Withdrawal of consent
- Data portability where legally applicable
- Rights requests are handled after identity verification within applicable legal timelines
- To exercise rights, contact: hello@proby.io
10.1 GDPR and UK GDPR Rights
- Access, rectification, erasure, restriction, portability, objection, and consent withdrawal rights
- You may lodge a complaint with your local supervisory authority where applicable
10.2 CCPA/CPRA Rights
- Rights to know, delete, and correct personal information, plus non-discrimination rights
- Rights to opt out of sale/sharing and to limit sensitive personal information use, where applicable
- Global Privacy Control (GPC) signals may be honored as valid opt-out requests
10.3 Korea PIPA Rights
- Rights to access, correct, delete, and request suspension of processing
- Identity verification is required before processing rights requests, and responses are provided within statutory timelines
- Authorized-agent requests may require documentation such as a signed authorization
11. Security Measures
Proby applies reasonable technical and organizational safeguards, including encryption, access control, logging, and monitoring.
No system is completely secure, and Proby continuously improves security controls.
- Access rights are minimized, access logs are retained, and periodic control reviews are performed
- If a personal-data incident occurs, Proby follows applicable legal notification/reporting obligations to users and competent authorities
12. Children’s Data
In Korea, processing personal data of children under age 14 requires consent from a legal guardian.
For U.S. COPPA contexts, services are not directed to children under age 13.
In the EU/UK, parental-consent thresholds generally apply in the 13–16 age range depending on local law.
If child data is collected unintentionally, we will delete it promptly once identified.
13. Changes to This Policy
We may update this policy to reflect legal, operational, or service changes.
If changes are material, we will provide notice through the website, email, or other appropriate channels.
14. Questions, Concerns, or Complaints
- Contact: hello@proby.io
- EU and UK residents may contact their local data protection authority (including the UK ICO)
- California residents may contact the California Privacy Protection Agency (CPPA) or California Attorney General
- Korea residents may contact PIPC (privacy.go.kr), KISA Privacy Infringement Center (privacy.kisa.or.kr / 118), or KOPICO (kopico.go.kr)