Who We Are
Statsnapp Technologies operates the Proof analytics platform at withproof.io. We are headquartered in Coimbatore, Tamil Nadu, India.
For any privacy-related questions or data requests, contact us directly at Founder@withproof.io. We respond to all enquiries including those from Google's, Meta's review and compliance teams.
What Data We Collect
Data is only collected when you explicitly authorise a connection via that platform's OAuth flow. We collect three categories of data across our integrations. Collected data is displayed primarily on your private authenticated Proof dashboard (dashboard.withproof.io). When enabled, the same aggregate metrics may also appear on a connected Proof device (in development). See §03 Display surfaces for details.
Account Data (all users)
Data
Why we collect it
Business email address
Used to identify your Proof account and send service notifications
Business name
Used to label your dashboard and confirm the correct profiles are linked
OAuth access tokens
Stored encrypted — used solely to authenticate API requests on your behalf
Google Business Profile
business.manage · read-only
Data
Why we collect it
Aggregate star rating
Displayed on your Proof dashboard and, when enabled, on a connected Proof device (in development)
Total review count
Used to track review milestones and the celebration tracker on your Proof dashboard and, when enabled, on a connected Proof device (in development)
Latest review text
Displayed on your dashboard — shown in real time, not stored after session ends
Reviewer display name
Shown alongside review text for context — not stored after session ends
New review event (via Cloud Pub/Sub)
Google publishes a notification to our Cloud Pub/Sub topic when a new review is posted — we then fetch only that review. We do not poll the API continuously.
Instagram Graph API · read-only
Data
Why we collect it
Follower count
Displayed on your Proof dashboard as a social growth metric and, when enabled, on a connected Proof device (in development)
Reach metrics (aggregate)
Used to power reach trend charts over 30 / 90 day windows
Post impressions (aggregate)
Shown alongside reach to indicate content visibility
Profile visit count
Displayed as an engagement signal
How We Use Your Data
- —To display your trust metrics, review activity, and social growth on your Proof dashboard and, when enabled, on connected Proof devices at your business location (see Display surfaces below) — the sole purpose of every data point we collect.
- —To transmit aggregate trust metrics to connected Proof devices over secure MQTT channels when that hardware is enabled on your account.
- —To send you service notifications (e.g. new review alerts, sync errors) via email where you've opted in.
- —To maintain your account and authenticate your platform connections via stored OAuth tokens.
- —We do not use your data for advertising, profiling, or any purpose beyond operating the Proof service you have authorised (dashboard and connected Proof devices).
- —We do not sell, license, or share your data with any third party for their own purposes.
Display surfaces
- Proof Dashboard (dashboard.withproof.io) — private, authenticated web interface for the business owner and authorized team members.
- Proof device — optional in-store hardware, currently in development. Shows aggregate metrics from connected platforms (e.g. Google star rating, review count, Instagram follower count). Visible to anyone in your premises. Real-time updates via MQTT over TLS. No OAuth tokens on device. Volatile memory only.
Google API Limited Use Disclosure
Proof's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements, train AI/machine learning models, or transfer data to third-party networks for tracking purposes.
Data Retention
We apply different retention rules depending on the sensitivity of the data and how it's used.
Review text & reviewer name
Not persisted. Displayed in your dashboard session only. Cleared when session ends or data refreshes.
Star rating & review count
Retained while account is active. Deleted within 24 hours of account closure.
Instagram aggregates
Retained to power trend charts. No individual post content stored.
OAuth tokens
Retained while connected. Deleted immediately upon disconnection or account closure.
Cloud Pub/Sub events (GMB)
Not stored by Proof. Events are consumed in transit — we fetch the review from the API and immediately discard the Pub/Sub message.
Account deletion
All data deleted within 1–2 business days of account cancellation or written request.
Proof device data
Aggregate metrics held in device memory only (volatile; clears on power cycle). No server-side logs of device transmissions are retained beyond real-time delivery, unless temporarily enabled for debugging—in which case logs are purged within 7 days. No OAuth tokens stored on the device. Upon the disconnection of any platform integration or total account cancellation, our servers immediately terminate the MQTT broadcast stream for that metric, causing the physical display to safely clear or obscure that data point on its next automated sync interval.
How We Collect It
All platform data is collected exclusively via official, merchant-authorised OAuth 2.0 flows. Proof employees cannot initiate or alter any merchant's platform authorisation.
- —Google Business Profile — via Google OAuth 2.0. We request access to the following scopes to authenticate your profile and safely map business metrics:
https://www.googleapis.com/auth/business.manage(read-only metric retrieval),openid,https://www.googleapis.com/auth/userinfo.profile, andhttps://www.googleapis.com/auth/userinfo.email. New review events are received via Google Cloud Pub/Sub (My Business Notifications API). - —Instagram — via Meta's Instagram Graph API OAuth flow (read-only). We access follower count, reach metrics (aggregate), post impressions (aggregate), and profile visit count. Requires an Instagram Professional Account (Business or Creator). Consumer/Personal accounts are not supported by Meta's active API framework.
What We Never Do
- —Execute unauthorized or automated write operations on your Google Business Profile or Instagram account.
- —Post, respond to, or flag reviews on your behalf.
- —Read private Instagram messages, story content, or follower identities.
- —Store raw review text or reviewer names beyond the active dashboard session.
- —Share any platform data with third parties for advertising, analytics resale, or profiling purposes.
- —When the Proof device is available, send OAuth tokens, review text, Instagram media, or private messages to it.
Security
- —All traffic between your browser, our servers, and connected platform APIs uses TLS 1.2 or higher.
- —OAuth tokens and credentials are encrypted at rest using industry-standard practices.
- —Cloud Pub/Sub communication with Google is secured via Google's own IAM permission system — only our service account (
mybusiness-api-pubsub@system.gserviceaccount.compublisher permission) can publish to our topic. - —Access to production systems is restricted to authorised Statsnapp Technologies personnel only.
- —MQTT between Proof servers and Proof devices uses TLS; devices authenticate with unique per-device credentials. No OAuth tokens transmitted to or stored on devices.
- —Aggregate metrics on a Proof device may be visible to customers/employees on your premises; device placement is the merchant's responsibility.
Your Rights
- —Revoke access anytime. Disconnect any integration from your Proof dashboard, or directly via each platform's settings: Google Account → Security → Third-party apps with account access → Remove Proof; Instagram app → Menu → Settings and privacy → Website permissions → Apps and websites → Active → Remove Proof.
- —Request data deletion. Visit /delete-data or email Founder@withproof.io. All linked data is permanently deleted within 1–2 business days of confirmation. You will receive a confirmation email when deletion is complete.
- —Access your data. Request a summary of what data Proof holds for your account at any time.
- —Eligibility. By creating a Proof account, you represent that you are at least 13 years old and, if under 18, have parental or guardian consent to use this service. Proof is designed for business use. We do not knowingly collect data from children under 13.
- —Legal basis & international users. By connecting your Instagram or other platform account, you consent to the data collection described in this policy. Users in the EU and California can exercise their data protection rights (access, correction, deletion) by contacting Founder@withproof.io or visiting /delete-data. We comply with applicable data protection laws in these jurisdictions.
- —DPDP Act (India). As an Indian-based company, we operate in compliance with India's Digital Personal Data Protection Act, 2023. You have the right to access, correct, and erase your personal data.
Third-Party Services
Proof connects to the following third-party platforms. Their own privacy policies govern how they handle data on their side:
- —Google Business Profile API — Google Privacy Policy · GBP API Terms
- —Google Cloud Pub/Sub— used exclusively for receiving new review event notifications from Google's My Business Notifications API. Governed by Google Cloud Data Processing Terms.
- —Instagram Graph API — Meta Privacy Policy
Cookies & Tracking
The withproof.io marketing site does not set cookies and does not use third-party analytics or advertising trackers. The Proof dashboard (dashboard.withproof.io) uses session cookies solely to keep you signed in. No cross-site tracking.
Changes to This Policy
We will notify you by email before making material changes to this privacy policy. The "Last updated" date at the top of this page is updated for all changes. Continued use of Proof after notification constitutes acceptance.
Also read
Questions or data requests?
Founder@withproof.ioWe respond to all privacy enquiries, data deletion requests, and API review team questions.
