proofrange@labs:~$ ./hire --real
ProofRange
  • Platform
  • How it works
  • Pricing
  • FAQ
  • LoginTry It Now
  • Platform
  • How it works
  • Pricing
  • FAQ
  • LoginTry It Now
ProofRange

ProofRange is a technical assessment service by CloudBreach, a cloud security company specialising in offensive security and hands-on training.

Quick Links

  • Home
  • About Us
  • Pricing
  • Contact Us

Other Pages

  • Terms & Conditions
  • Privacy Policy

© 2026 ProofRange, powered by CloudBreach

Privacy Policy

Your privacy is important to us. Please read our policy to understand how we handle your data.

Last updated: 8 July 2026

1. Introduction and Scope

This Privacy Policy explains how CloudBreach ("CloudBreach", "we", "us", or "our"), the company that operates the ProofRange platform ("ProofRange" or the "Platform"), collects, uses, discloses, and protects personal data. Our registered office is at 9A TINOY Street, 6036 Larnaca, Cyprus. Because we are established in Cyprus, we process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Cypriot data protection law. This Policy applies to visitors to our website, Authorised Users of the Platform, and Candidates who complete assessments.

2. Our Role: Controller and Processor

ProofRange is a business-to-business service. When an organisation (our "Customer") invites candidates or employees to complete assessments, that organisation determines the purposes of the processing and acts as the data controller of that personal data; we act as a data processor and process it on the Customer's documented instructions. For our website, our own account registration, billing, and communications, CloudBreach acts as the data controller. If you are a Candidate and wish to exercise your rights over assessment data, please contact the organisation that invited you, as it controls that data; we will assist that organisation as required.

3. Information We Collect

  • Account and profile data such as name, email address, company or team information, and role.
  • Assessment content such as questions assigned, answers and submissions, hands-on lab activity, and flags or scores.
  • Integrity and activity signals collected during assessments, such as keystroke and mouse activity, copy and paste events, tab or window switching, idle time, and, in stricter modes, full-screen exits. We do not use a webcam and do not collect biometric data.
  • Payment data, which is processed by our payment provider, Stripe. We do not store full card numbers.
  • Technical and usage data such as IP address, device and browser information, log data, and cookie identifiers.
  • Communications you send us, such as support or contact-form messages.

4. How We Use Information and Legal Bases

We use personal data to:

  • provide, operate, secure, and support the Platform (performance of a contract, or our and our Customer's legitimate interests);
  • deliver and grade assessments and generate evaluations and integrity indicators (performance of a contract, or legitimate interests in accurate, fair evaluation);
  • process payments and manage subscriptions (performance of a contract and compliance with legal obligations);
  • communicate with you, including service messages and, where permitted, product updates (legitimate interests or consent);
  • analyse and improve the Platform and prevent fraud and abuse (legitimate interests); and
  • comply with legal obligations and enforce our terms (legal obligation and legitimate interests).

5. Artificial Intelligence and Automated Evaluation

The Platform uses an automated evaluation feature, powered by a third-party artificial intelligence provider, to help generate assessment summaries, scores, and integrity indicators from assessment responses and activity signals.

We do not send personal data to the artificial intelligence provider. Before any data is submitted for automated evaluation, it is anonymised. In particular, a Candidate's name, email address, and other direct identifiers are never included; each attempt is labelled positionally within its assessment (for example "Candidate 1", "Candidate 2") so that distinct individuals remain distinguishable without exposing who they are. The information provided to the artificial intelligence provider therefore consists of assessment content and activity signals only.

Automated outputs are used as decision-support. They do not, on their own, make any hiring, employment, or similarly significant decision about an individual; such decisions remain with the Customer and are subject to human review. If you are a Candidate and have questions about how a Customer uses an automated evaluation, please contact that Customer.

6. Integrity Monitoring

To help Customers assess the integrity of an assessment, the Platform records the activity signals described above and derives an integrity indicator. This monitoring is limited to interaction within the assessment interface, does not involve a webcam or biometric data, and is intended to inform, not to automatically penalise. Customers are responsible for informing Candidates that assessments include this monitoring.

7. Cookies and Similar Technologies

We use cookies and similar technologies that are necessary to operate the Platform (for example to keep you signed in and to secure sessions) and, where applicable, to understand usage and improve the service. Some pages use a reCAPTCHA service to prevent abuse, which is subject to the provider's terms and privacy policy. You can control non-essential cookies through your browser settings; disabling essential cookies may affect functionality.

8. How We Share Information and Sub-processors

We do not sell personal data. We share personal data only as needed to provide the Services, including with service providers that act as our sub-processors under appropriate contractual safeguards:

  • Cloud hosting providers that host the Platform and its data.
  • Stripe for payment processing.
  • An artificial intelligence provider for automated evaluation, receiving anonymised data only, as described in Section 5.
  • A reCAPTCHA provider for abuse prevention on certain pages.

We may also disclose personal data where required by law, to enforce our terms, or to protect the rights, safety, and security of our users, the public, or CloudBreach. If we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to this Policy.

9. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an equivalent lawful transfer mechanism, to ensure that personal data receives a level of protection consistent with applicable law.

10. Data Retention

We retain personal data for as long as necessary to provide the Services, to comply with legal, accounting, or reporting obligations, and to resolve disputes. Assessment data processed on behalf of a Customer is retained in accordance with our agreement with that Customer and its instructions.

We treat deactivating and deleting an account differently. Deactivating an account blocks access to the Platform while retaining the account and its personal data, so that access can be restored later. Deleting an account triggers immediate anonymisation: we promptly remove or irreversibly anonymise direct identifiers, such as name and email address, so that the account and its history can no longer be attributed to an identifiable individual. Assessment records linked to the account, such as scores, submissions, activity signals, and evaluation outputs, are retained in anonymised form so that Customers keep the assessment and reporting records they rely on, without those records identifying the individual. Once data has been anonymised it is no longer personal data and is not subject to the retention limits or the erasure right that apply to personal data.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including encryption of data in transit, access controls, and session-security controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; we encourage you to use strong, unique credentials and to keep them confidential.

12. Your Rights

Subject to applicable law, you have the right to access, rectify, or erase your personal data; to restrict or object to certain processing; to data portability; and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority, in Cyprus the Office of the Commissioner for Personal Data Protection. To exercise your rights, contact us using the details below. If your request concerns assessment data controlled by a Customer, we will refer you to, or assist, that Customer.

We fulfil a valid erasure request, and any deletion of your account, through the immediate anonymisation described in Section 10: direct identifiers are removed or irreversibly anonymised, while anonymised assessment records may be retained and are no longer personal data. Where the personal data relates to assessments and CloudBreach acts only as a processor for a Customer, we carry out deletion or anonymisation on that Customer's instructions, and such requests should be directed to the Customer that controls the data.

13. Children's Privacy

The Services are intended for users who are at least 18 years of age and are not directed to children. We do not knowingly collect personal data from children. If we learn that we have collected such data, we will take steps to delete it.

14. Third-Party Links

The Platform may contain links to third-party websites or services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.

16. Contact Us

If you have any questions about this Privacy Policy or your personal data, or wish to exercise your rights, please email us at info@proofrange.io or write to CloudBreach, 9A TINOY Street, 6036 Larnaca, Cyprus. You can also contact us through our website.