Privacy Policy
Last updated: April 2026
This Privacy Policy applies to all websites operated by ProvenStackAI, including prostackai.io, growthavatar.com, and provenstackai.com (collectively referred to as "our sites"). We are committed to protecting your privacy and handling your personal information responsibly in accordance with the Protection of Personal Information Act (POPIA) of South Africa and the General Data Protection Regulation (GDPR) of the European Union.
1. Who We Are
Our sites are owned and operated by ProvenStackAI, a sole proprietorship based in South Africa. We focus on AI-related products, tools, and content. If you have any questions about this policy or how we handle your data, please contact us at:
Email: Please contact us using the contact form on our Contact Page.
2. What Information We Collect
Information You Provide Directly
- Name and email address when you subscribe to our newsletter or create a member account
- Messages or inquiries submitted through our contact form
- Payment information if you purchase a paid subscription (processed securely by our payment provider — we do not store your card details)
Information Collected Automatically
- Session data — when you visit our sites, a strictly necessary session cookie (named
s7) is set by our content management system (Ghost) to manage your login session if you are a member. This cookie is essential for the site to function correctly and does not track you across other websites. - Analytics data — we use Umami Analytics, a privacy-focused, open-source analytics tool that we self-host on our own server. Umami does not use cookies and does not collect any personally identifiable information. It tracks aggregate data such as page views, visitor counts, device types, browser types, countries, and referral sources. No personal data is stored or transmitted to third parties.
3. Cookies
We use a minimal number of cookies on our sites. Here is a full breakdown:
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
s7 |
Ghost CMS session management — keeps you logged in as a member | Strictly Necessary | Session |
We do not use advertising cookies, tracking cookies, or any third-party marketing cookies. Because our only cookie is strictly necessary for the site to function, we are not required to obtain consent for it under GDPR or POPIA. We display a cookie notice on our sites in the interest of full transparency.
4. How We Use Your Information
We use the information we collect for the following purposes:
- To deliver content and manage your membership or subscription
- To send you newsletters or updates you have subscribed to
- To respond to your inquiries or support requests
- To analyse aggregate site performance and improve our content (via Umami Analytics)
- To comply with our legal obligations under POPIA and GDPR
We do not sell, rent, or trade your personal information to any third parties.
5. Legal Basis for Processing (GDPR)
For users in the European Union, we process your personal data on the following legal bases:
- Contract — to fulfil a subscription or membership you have entered into
- Legitimate interests — to analyse site performance using privacy-friendly analytics
- Legal obligation — to comply with applicable laws and regulations
- Consent — where you have explicitly opted in, such as subscribing to our newsletter (you may withdraw consent at any time)
6. Third-Party Services
We use the following trusted third-party services to operate our sites. Each has its own privacy policy governing how they handle data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Ghost | Content management system | ghost.org/privacy |
| DigitalOcean | Website hosting | digitalocean.com/legal/privacy-policy |
| Mailgun | Email delivery for newsletters and notifications | mailgun.com/privacy-policy |
| Umami Analytics | Privacy-friendly, self-hosted website analytics | umami.is/privacy |
Our Umami Analytics instance is self-hosted on our own server in our DigitalOcean environment. No analytics data is shared with Umami Software or any other third party.
7. Data Retention
We retain your personal data only for as long as necessary:
- Member account data — retained for as long as your account is active, and deleted within 30 days of account closure upon request
- Newsletter subscriber data — retained until you unsubscribe
- Contact form inquiries — retained for up to 12 months
- Analytics data — aggregate, non-personal data retained indefinitely for performance analysis
8. Data Security
We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, or misuse. Our servers are hosted on DigitalOcean infrastructure with SSL/TLS encryption on all connections. Access to our systems is restricted to authorised personnel only.
9. Your Rights
Depending on your location, you have the following rights regarding your personal data:
Under POPIA (South Africa):
- The right to know what personal information we hold about you
- The right to request correction of inaccurate information
- The right to request deletion of your personal information
- The right to object to the processing of your personal information
- The right to lodge a complaint with the Information Regulator of South Africa
Under GDPR (European Union):
- The right of access to your personal data
- The right to rectification of inaccurate data
- The right to erasure ("right to be forgotten")
- The right to restriction of processing
- The right to data portability
- The right to object to processing
- The right to lodge a complaint with your local supervisory authority
To exercise any of these rights, please contact us at privacy@prostackai.com. We will respond within 30 days.
10. Newsletter and Email Communications
If you subscribe to our newsletter, you will receive periodic emails with content updates and announcements. You can unsubscribe at any time using the unsubscribe link included in every email we send. We use Mailgun to deliver emails on our behalf.
11. Children's Privacy
Our sites are not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@prostackai.com and we will delete it promptly.
12. International Data Transfers
Our servers are located within DigitalOcean's infrastructure. If you access our sites from outside South Africa, your data may be transferred internationally. We take steps to ensure that any such transfers comply with applicable data protection laws.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:
Email: Please contact us using the contact form on our Contact Page.
We are committed to resolving any privacy concerns promptly and transparently.