Privacy Policy

CallbackProof stores the minimum data needed to document vendor-change verification work: firm and user account details, client and vendor names and business contact details, verification case records, and evidence files your firm uploads.

We never store full bank account numbers — only the last 4 digits. Evidence files are kept in private storage and shared only via short-lived signed links. Public intake submissions are rate-limited and we store only a salted hash of the submitter's IP address.

We use Supabase (hosting and database), Resend (transactional email) and Lemon Squeezy (payments; we never see card data). We do not sell personal information.

Depending on where you and your clients are located, GDPR and/or CCPA may apply. Contact us to access, correct, export or delete personal data, subject to the firm's retention obligations for its verification records.

The full policy is published before launch. See the legal draft for details.