Skip to main content

Privacy Policy

Effective date: April 10, 2026 | Last updated: April 10, 2026

1. Who We Are

WorkProof TX is a web application that helps Texas unemployment claimants track work search activities, generate TWC-compliant logs, and manage compliance deadlines. WorkProof TX is operated as an independent service and is not affiliated with, endorsed by, or connected to the Texas Workforce Commission (TWC) or any government agency.

For privacy questions, contact us through the in-app Help Center or email privacy@workprooftx.com.

2. Core Privacy Commitments

  • We do not collect or store Social Security Numbers (SSNs).
  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • We do not sell your personal information to any third party.
  • We do not share your data for cross-context behavioral advertising.
  • You can export or permanently delete all data tied to your account at any time.
  • SMS opt-in data and consent status are never shared with or sold to third parties.

3. Information We Collect

3a. Account Information

  • Email address (used for authentication and account recovery)
  • Full name (optional, for personalization and export headers)
  • County of residence (for county-specific compliance requirements)
  • Benefit year dates (to track your unemployment claim timeline)
  • Payment request day and cycle start (for payment reminders)

3b. Work Search Activity Data

  • Activity type, date, and description
  • Employer name, address, city, state, ZIP, and phone number
  • Contact person, contact method, and result
  • Job listing URL and prefill source (when using Quick Apply or share target features)

3c. Evidence Files

  • Screenshots, PDFs, or images you upload as proof of activities (Pro and Pro+ plans)
  • OCR text extracted from uploaded evidence (Pro+ plan, processed on-device or via secure API)

3d. Communication Preferences

  • Phone number in E.164 format (only if you opt in to SMS reminders)
  • SMS consent status and timestamp (for TCPA compliance)
  • Email and SMS reminder preferences
  • Push notification subscription tokens

3e. Billing Information

  • Subscription plan (Free, Pro, or Pro+) and status
  • Payment card details are collected and processed exclusively by Stripe. WorkProof TX does not store card numbers, CVVs, or full card details on our servers.

3f. Automatically Collected Data

  • IP address (for security logging and SMS consent audit records)
  • Browser user agent (for security logging)
  • Authentication metadata (login timestamps, session tokens)

4. How We Use Your Information

  • Provide core services: Activity logging, compliance tracking, deadline reminders, export generation, and account management.
  • Send notifications: Push, email, and SMS reminders based on your preferences and plan tier. SMS messages are only sent with your explicit prior consent.
  • AI-powered features: Activity description enhancement using AI (Pro+ plan). Your description text is sent to a local AI proxy for processing and is not stored after the response is returned.
  • Process payments: Manage subscriptions, process upgrades, and handle billing through Stripe.
  • Protect the service: Detect abuse, prevent unauthorized access, enforce rate limits, and maintain system reliability.
  • Comply with law: Respond to legal obligations, resolve disputes, and fulfill data rights requests.
  • Improve the product: Aggregate, anonymized usage patterns may be used to improve features. We do not build individual profiles for advertising.

5. Legal Basis for Processing

  • Contract performance: Processing your activity data, generating exports, and managing your account is necessary to provide the service you signed up for.
  • Consent: SMS reminders require your explicit opt-in consent under the TCPA. You can withdraw consent at any time by replying STOP or toggling off SMS in Settings.
  • Legitimate interest: Security logging, abuse prevention, and service reliability monitoring.
  • Legal obligation: Retaining billing records as required by tax and financial regulations.

6. SMS and Text Message Disclosures (TCPA)

  • WorkProof TX sends SMS reminders only to users who have explicitly opted in by providing a phone number and checking the consent checkbox in Settings.
  • Message types: payment day reminders, weekly goal reminders, and deadline alerts.
  • Message frequency: up to 3 messages per week depending on your reminder preferences.
  • Message and data rates may apply depending on your carrier and plan.
  • To opt out, reply STOP to any message or toggle off SMS reminders in Settings. You will receive a confirmation message and no further texts.
  • For help, reply HELP to any message or contact us through the in-app Help Center.
  • SMS opt-in consent is not a condition of purchase. You can use WorkProof TX without enabling SMS.
  • Your phone number and SMS consent status are never sold to or shared with third parties for marketing purposes.
  • All SMS consent events (opt-in, opt-out, STOP received) are logged with timestamp, phone number, and IP address for compliance auditing.

7. AI Feature Data Handling

  • The AI description writer (Pro+ plan) processes your activity description text to generate an enhanced version.
  • Text is sent to a locally hosted AI proxy server that routes through an authenticated AI model. No data is sent to third-party AI training pipelines.
  • Input text is not retained after the response is generated. Only the final enhanced description you choose to save is stored as part of your activity record.
  • AI features are optional and only activated when you explicitly click the enhance button.

8. Third-Party Service Providers

We share data with the following processors solely to operate the service. Each is bound by a data processing agreement.

  • Supabase Inc. — Database hosting, user authentication, file storage (PostgreSQL, Auth, Storage). Data region: US.
  • Stripe Inc. — Payment processing, subscription management, invoicing. Stripe collects and processes payment card details directly. WorkProof TX receives only subscription status, plan tier, and transaction metadata. See Stripe's Privacy Policy.
  • Resend Inc. — Transactional email delivery for reminders and account notifications. Receives recipient email address and message content.
  • Twilio Inc. — SMS delivery for text message reminders (Pro+ plan). Receives recipient phone number and message content. See Twilio's Privacy Policy.

We do not use advertising networks, analytics trackers, or social media pixels. No data is shared with or sold to data brokers.

9. Cookies and Local Storage

  • Authentication cookies: Session tokens set by Supabase Auth to keep you signed in. These are strictly necessary and cannot be disabled.
  • Local storage / IndexedDB: Draft activity forms are saved locally in your browser using IndexedDB for autosave functionality. This data stays on your device and is not transmitted to our servers unless you submit the form.
  • Service worker cache: Static assets may be cached locally for offline PWA functionality.
  • We do not use advertising cookies, third-party tracking cookies, or cross-site tracking technologies.

10. Data Retention

  • Activity records: Retained for the duration of your account plus 30 days after deletion request, to allow for recovery if needed.
  • Evidence files: Retained for the duration of your account. Permanently deleted within 30 days of account deletion.
  • Security logs: Retained for up to 90 days, then automatically purged.
  • SMS consent audit records: Retained for 5 years as required by TCPA compliance guidelines.
  • Billing records: Retained for 7 years as required by tax and financial regulations.
  • Notification logs: Retained for 90 days for debugging and delivery verification.
  • Account data: When you delete your account, all personal data is permanently removed within 30 days, except where retention is required by law.

11. Your Privacy Rights

Depending on your location, you may have the following rights under applicable privacy laws including the California Consumer Privacy Act (CCPA/CPRA), and similar state laws in Virginia, Colorado, Connecticut, Utah, and other states:

  • Right to know: Request a copy of the personal information we hold about you.
  • Right to delete: Request permanent deletion of your personal information. Use the Account tab in Settings or contact us.
  • Right to export: Download your activity data in CSV or PDF format using the Export page.
  • Right to correct: Update your personal information in Settings at any time.
  • Right to opt out of sale: We do not sell your personal information. No action is needed.
  • Right to non-discrimination: We will not discriminate against you for exercising any privacy right.
  • Right to limit use of sensitive information: We only use sensitive information (phone number, precise consent records) for the purposes you explicitly consented to.

We honor Global Privacy Control (GPC) signals. To exercise any right, use the in-app controls in Settings or contact privacy@workprooftx.com. We will verify your identity and respond within 45 days as required by law.

12. Children's Privacy

WorkProof TX is designed for adults who are filing unemployment claims with the Texas Workforce Commission. We do not knowingly collect personal information from anyone under the age of 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, contact privacy@workprooftx.com.

13. Data Security

  • All data transmitted between your browser and our servers is encrypted using TLS 1.3.
  • Data at rest is encrypted using AES-256 by our database provider (Supabase).
  • Authentication uses magic link (passwordless) via Supabase Auth with PKCE flow.
  • Row-level security (RLS) is enforced at the database level, ensuring users can only access their own data.
  • The AI proxy server requires a shared secret header for all requests and enforces rate limiting.
  • Admin access requires step-up authentication and is restricted to authorized email addresses.
  • Docker containers run as non-root users with read-only filesystems and no-new-privileges security options.

14. International Data Transfers

WorkProof TX primarily serves users in the United States. Our infrastructure providers (Supabase, Stripe, Resend, Twilio) process data in the United States. If you access WorkProof TX from outside the United States, your data will be transferred to and processed in the US. By using the service, you consent to this transfer.

15. Changes to This Policy

We may update this policy as our product evolves or legal requirements change. When we make material changes, we will update the effective date at the top of this page and, where practical, notify you via email or an in-app notification. We review this policy at least quarterly. Continued use of WorkProof TX after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

For privacy inquiries, data rights requests, or questions about this policy:

  • Email: privacy@workprooftx.com
  • In-app: Help Center (available when signed in)

We will acknowledge your request within 5 business days and provide a substantive response within 45 calendar days.