Effective July 2026
ProofKit Privacy
ProofKit is a private beta product from Soultek Labs for brand campaign workflows, creator applications, fulfillment tracking, proof review, and approved proof publishing. This page describes the data ProofKit handles during the beta.
Account and login data
ProofKit uses invite-based access. It may store member and invite email addresses, role, organization, brand membership, invite status, acceptance timestamps, and session metadata. Email-code login stores short-lived hashed login codes and hashed rate-limit events. A first-party HttpOnly session cookie keeps signed-in users authenticated.
Creator profile data
Creator profiles may include display name, phone, shipping name, shipping address, region, country, social handles, interests, audience size, review status, credit capacity, reserved credits, and timestamps. This data is used for profile review, campaign eligibility, product fulfillment, proof work, and creator support.
Campaign, application, and fulfillment data
Brands create campaigns and offers with product details, requirements, deadlines, slots, credit cost, visibility settings, publishing settings, and internal workflow status. Creator applications may include selected offer, application notes, credit reservation, approval status, fulfillment status, shipping or tracking fields, due dates, activity history, and review timestamps.
Proof submissions and publishing
Proof submissions may include display name, proof text, submitted links, campaign association, selected offer, creator/application association, consent flag, review status, reviewer notes, activity events, and timestamps. Proof stays private unless it is approved, consent is present, the campaign is active, and widget publishing is enabled.
Role access and redaction
ProofKit uses role and brand-scoped access controls. Owners manage platform operations. Brand admins manage assigned brands. Reviewers receive limited review access and should not receive shipping/contact/social fields that are not needed for their review role. Creators can access their own profile, applications, work items, proof submissions, and credits.
Public pages and anti-abuse
Public campaign capture pages only open when a campaign is active and public capture is enabled. ProofKit may use Cloudflare Turnstile, hashed rate-limit events, and server logs to reduce abuse. Public widget output is limited to approved, consented proof from campaigns where publishing is enabled.
Third-party services
ProofKit may use Cloudflare Pages, Cloudflare Functions, Cloudflare D1, Cloudflare Turnstile, and Resend for hosting, private app APIs, database storage, bot checks, and transactional email. Soultek Labs does not sell ProofKit personal data and does not use ProofKit data for advertising profiles.
Features not enabled
ProofKit media uploads, payments, public signup, social OAuth, visitor IDs, advertising tracking, and third-party browser analytics are not enabled in the current private beta.
Retention and requests
ProofKit retains account, campaign, application, fulfillment, proof, and activity records while they are needed to operate and secure the private beta. Support requests for access, correction, or deletion will be evaluated against account security, campaign obligations, audit integrity, and applicable retention requirements.
Contact
Privacy and product questions can be sent to support [at] soulteklabs [dot] com.