Your privacy is important to us. Please read our policy to understand how we handle your data.
Last updated: 8 July 2026
This Privacy Policy explains how CloudBreach ("CloudBreach", "we", "us", or "our"), the company that operates the ProofRange platform ("ProofRange" or the "Platform"), collects, uses, discloses, and protects personal data. Our registered office is at 9A TINOY Street, 6036 Larnaca, Cyprus. Because we are established in Cyprus, we process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Cypriot data protection law. This Policy applies to visitors to our website, Authorised Users of the Platform, and Candidates who complete assessments.
ProofRange is a business-to-business service. When an organisation (our "Customer") invites candidates or employees to complete assessments, that organisation determines the purposes of the processing and acts as the data controller of that personal data; we act as a data processor and process it on the Customer's documented instructions. For our website, our own account registration, billing, and communications, CloudBreach acts as the data controller. If you are a Candidate and wish to exercise your rights over assessment data, please contact the organisation that invited you, as it controls that data; we will assist that organisation as required.
We use personal data to:
The Platform uses an automated evaluation feature, powered by a third-party artificial intelligence provider, to help generate assessment summaries, scores, and integrity indicators from assessment responses and activity signals.
We do not send personal data to the artificial intelligence provider. Before any data is submitted for automated evaluation, it is anonymised. In particular, a Candidate's name, email address, and other direct identifiers are never included; each attempt is labelled positionally within its assessment (for example "Candidate 1", "Candidate 2") so that distinct individuals remain distinguishable without exposing who they are. The information provided to the artificial intelligence provider therefore consists of assessment content and activity signals only.
Automated outputs are used as decision-support. They do not, on their own, make any hiring, employment, or similarly significant decision about an individual; such decisions remain with the Customer and are subject to human review. If you are a Candidate and have questions about how a Customer uses an automated evaluation, please contact that Customer.
To help Customers assess the integrity of an assessment, the Platform records the activity signals described above and derives an integrity indicator. This monitoring is limited to interaction within the assessment interface, does not involve a webcam or biometric data, and is intended to inform, not to automatically penalise. Customers are responsible for informing Candidates that assessments include this monitoring.
We use cookies and similar technologies that are necessary to operate the Platform (for example to keep you signed in and to secure sessions) and, where applicable, to understand usage and improve the service. Some pages use a reCAPTCHA service to prevent abuse, which is subject to the provider's terms and privacy policy. You can control non-essential cookies through your browser settings; disabling essential cookies may affect functionality.
We do not sell personal data. We share personal data only as needed to provide the Services, including with service providers that act as our sub-processors under appropriate contractual safeguards:
We may also disclose personal data where required by law, to enforce our terms, or to protect the rights, safety, and security of our users, the public, or CloudBreach. If we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to this Policy.
Some of our service providers may process personal data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an equivalent lawful transfer mechanism, to ensure that personal data receives a level of protection consistent with applicable law.
We retain personal data for as long as necessary to provide the Services, to comply with legal, accounting, or reporting obligations, and to resolve disputes. Assessment data processed on behalf of a Customer is retained in accordance with our agreement with that Customer and its instructions.
We treat deactivating and deleting an account differently. Deactivating an account blocks access to the Platform while retaining the account and its personal data, so that access can be restored later. Deleting an account triggers immediate anonymisation: we promptly remove or irreversibly anonymise direct identifiers, such as name and email address, so that the account and its history can no longer be attributed to an identifiable individual. Assessment records linked to the account, such as scores, submissions, activity signals, and evaluation outputs, are retained in anonymised form so that Customers keep the assessment and reporting records they rely on, without those records identifying the individual. Once data has been anonymised it is no longer personal data and is not subject to the retention limits or the erasure right that apply to personal data.
We implement appropriate technical and organisational measures to protect personal data, including encryption of data in transit, access controls, and session-security controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; we encourage you to use strong, unique credentials and to keep them confidential.
Subject to applicable law, you have the right to access, rectify, or erase your personal data; to restrict or object to certain processing; to data portability; and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority, in Cyprus the Office of the Commissioner for Personal Data Protection. To exercise your rights, contact us using the details below. If your request concerns assessment data controlled by a Customer, we will refer you to, or assist, that Customer.
We fulfil a valid erasure request, and any deletion of your account, through the immediate anonymisation described in Section 10: direct identifiers are removed or irreversibly anonymised, while anonymised assessment records may be retained and are no longer personal data. Where the personal data relates to assessments and CloudBreach acts only as a processor for a Customer, we carry out deletion or anonymisation on that Customer's instructions, and such requests should be directed to the Customer that controls the data.
The Services are intended for users who are at least 18 years of age and are not directed to children. We do not knowingly collect personal data from children. If we learn that we have collected such data, we will take steps to delete it.
The Platform may contain links to third-party websites or services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.
If you have any questions about this Privacy Policy or your personal data, or wish to exercise your rights, please email us at info@proofrange.io or write to CloudBreach, 9A TINOY Street, 6036 Larnaca, Cyprus. You can also contact us through our website.