Developer Privacy Notice (Docs Sandbox)

Privacy notice for software developers using the Provii docs sandbox at docs.provii.app

Public

Developer Privacy Notice (Docs Sandbox)

Effective Date: 13 April 2026 Last Updated: 13 April 2026 Version: 1.0

This notice supplements the Provii Privacy Policy and the Cookie Policy. It applies specifically to software developers, architects, and integration engineers who use the interactive sandbox at docs.provii.app. End-user privacy disclosures are covered by the main Privacy Policy.

1. Who we are

The Provii docs sandbox is operated by Maelstrom AI Pty Ltd ATF Maelstrom AI Holding Trust (ABN 61 633 823 792), trading as Provii.

Legal entityMaelstrom AI Pty Ltd ATF Maelstrom AI Holding Trust
ABN61 633 823 792
Registered addressPO Box 169, St Arnaud VIC 3478, Australia
Privacy contactprivacy@maelstrom.au
DPO contactprivacy@maelstrom.au (a formal Data Protection Officer has not been appointed; privacy enquiries are routed to the Privacy Officer)

For UK and EU developers, Maelstrom AI does not currently maintain an Article 27 representative; correspondence to privacy@maelstrom.au will reach the controller directly.

2. What information we collect

The docs sandbox is a pre-contractual onboarding surface. It is designed to need as little information about you as possible. Specifically:

  • session_id (pseudonymous). A random opaque identifier issued to your browser inside the strictly-necessary __Host-docs_session cookie. The session_id is not derived from your email, name, account, or device fingerprint, and is not correlated with any production verification data.
  • Hashed source IP. Your IP address is HMAC-SHA-256 hashed at ingest using the operational PII_HASH_KEY. The raw IP is not retained server-side beyond the duration of the originating request.
  • Cloudflare bot-protection cookies (__cf_bm, cf_clearance). Set by Cloudflare as our edge processor, these are strictly-necessary cookies for the bot-mitigation service the developer has implicitly requested by visiting a public API surface. See the Cookie Policy for full disclosure.
  • Request metadata routed through Cloudflare (user-agent, Cloudflare Bot Management signals). Used strictly for abuse prevention.
  • Sandbox credential allowlist entries. Sandbox-issued credentials are stamped environment: sandbox and synthetic: true and are tracked against the bearer for the credential lifetime cap (3 verifier plus 3 issuer credentials per bearer).

We do not collect your name, email address, phone number, payment details, or any other directly identifying information through the sandbox. We do not run analytics or advertising scripts on the docs sandbox surface.

The sandbox accepts only synthetic fixture identifiers as input. Any submission containing a real date of birth at /v1/register-test-issuer-client is rejected at the schema boundary and logged as suspicious.

3. How we use it

The information described in Section 2 is used solely to:

  • Maintain session continuity for your sandbox session (rate limiting, credential allowlist enforcement, attestation binding).
  • Enforce per-bearer quota and abuse controls (poll ceilings, credential mint caps, Cloudflare managed challenge re-verification on bearer rotation).
  • Detect and prevent automated abuse of the sandbox issuer and verifier APIs (Cloudflare Super Bot Fight Mode, Cloudflare managed challenge, WAF rules on /api/*).
  • Maintain operational telemetry and security audit logs as structured JSON log lines emitted via Cloudflare Workers Logs to Grafana Loki, with HMAC-SHA-256 redaction of sensitive identifiers performed by the gateway log_sanitizer module before any console.log emit. Telemetry retention is bounded by the retention periods described in Section 5.

We do not use sandbox data for marketing, profiling, automated decision-making with legal or similarly significant effect, or any cross-site tracking purpose.

4. Lawful basis

For developers in the UK and EEA, the lawful bases under the UK GDPR and EU GDPR are:

  • Article 6(1)(b). pre-contractual steps. The sandbox exists so a prospective controller or processor can evaluate Provii’s capabilities before entering a commercial relationship. By visiting docs.provii.app/api/* and initiating a session, you have taken steps at your own request that are pre-contractual in nature.
  • Article 6(1)(f). legitimate interests. Bot protection, rate limiting, and abuse prevention on a public developer-facing surface rest on the legitimate interest of operating the sandbox safely. The full balancing test is in Part 4 of the Legitimate Interest Assessment.

For developers in Australia, processing is handled in accordance with the Australian Privacy Principles (APPs), in particular APP 3 (collection only where reasonably necessary), APP 5 (notification of collection), and APP 11 (security of personal information).

We do not rely on consent for the processing described above. The sandbox does not set advertising or analytics cookies.

5. Retention

DataRetentionMechanism
__Host-docs_session cookie / session_id15-minute sliding TTL, 4-hour hard cap from first issuanceCookie expiry; KV TTL on docs-session:* entries
Sandbox credential allowlist (docs-cred-v:*, docs-cred-i:*)7 daysKV TTL
Challenge state (docs-chal:*)24 hoursKV TTL
Hashed source IPAuto-expired through the same audit pipeline as productionKV TTL
Audit and security telemetry90 days; critical security event logs are retained for up to 365 daysCloudflare Workers Logs shipped to Grafana Loki (90-day Loki tenant retention) + KV TTL

We do not retain raw IP addresses, fixture inputs, or any cookie value on the server beyond the lifetimes above.

6. Cross-border processing

Sandbox traffic is served through Cloudflare’s global network and is handled at the data centre nearest the developer. Cloudflare processes this data as our data processor under the Cloudflare Data Processing Addendum, which incorporates the European Commission’s Standard Contractual Clauses (Decision 2021/914, Module 2: controller to processor) for transfers out of the EEA, and the UK International Data Transfer Addendum for transfers out of the UK.

The supplementary technical and organisational measures described in Section 6 of the main Privacy Policy apply unchanged to the sandbox surface. The full sub-processor inventory is published at Sub-Processors, and the contractual scope for the docs sandbox is published at the DPA Docs Sandbox Addendum. The cross-border transfer risk for docs sandbox processing is documented in the Risk Register under entry RISK-2026-DOCS-L01 and is reflected in the Docs Sandbox DPIA at risk R-8.

7. Your rights

If the UK GDPR or EU GDPR applies to your processing, you have:

  • A right of access to the personal data we hold about you in connection with the sandbox.
  • A right to rectification of inaccurate data.
  • A right to erasure (“right to be forgotten”). Because the only retained data tied to a sandbox developer is a hashed IP and a session record, an erasure request can be honoured by KV-sweeping the requesting session_id and IP-hash bucket.
  • A right to restrict or object to processing, including profiling.
  • A right to data portability where processing is automated and based on consent or contract.
  • A right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner’s Office (ICO).

If the Australian Privacy Act applies, you have rights of access and correction under APPs 12 and 13, and a right to complain to the Office of the Australian Information Commissioner (OAIC).

To exercise any right above, contact privacy@maelstrom.au. We will respond within one calendar month for GDPR requests and within 30 days for OAIC requests.

8. Contact

Privacy enquiriesprivacy@maelstrom.au
Postal addressMaelstrom AI Pty Ltd ATF Maelstrom AI Holding Trust, PO Box 169, St Arnaud VIC 3478, Australia
Security disclosuressecurity@maelstrom.au

Document control

OwnerPrivacy Officer
Version1.0
Effective date13 April 2026
Last updated13 April 2026
Next review13 April 2027, or on material change to the docs sandbox processing
Related documentsPrivacy Policy, Cookie Policy, Legitimate Interest Assessment, Docs Sandbox DPIA, ROPA Activity 2.5 / 2.6, Sub-Processors, DPA Docs Sandbox Addendum, Data Retention Policy

Status: This notice is published in draft as part of the Phase 0A docs sandbox uplift. Final wording is pending legal counsel review before the docs sandbox is enabled for public production traffic.