Privacy
Last updated: 11 June 2026
This notice explains how Redproof handles personal data on this website (redproof.eu). It is short because this site does very little: no cookies, no analytics, and no tracking. We only receive personal data when you choose to contact us.
Who we are
Redproof is a trade name of Sam Rostami, an independent security tester based in the Netherlands, providing independent adversarial testing of AI/LLM systems. Sam Rostami (trading as Redproof) is the data controller for personal data processed through this website. For any privacy question, contact [email protected].
What we collect
This website sets no cookies and runs no analytics or advertising scripts. We receive personal data when you email us or book a call through our scheduling page — we then process your name, email address, your message or chosen meeting time, and anything else you provide.
Why, and on what legal basis
- To answer your enquiry and discuss a possible engagement — taking steps at your request prior to a contract, and our legitimate interest in responding (GDPR Art. 6(1)(b) and (f)).
If we go on to work together, the engagement itself is governed by separate signed agreements (including a Data Processing Agreement), not by this notice.
Hosting, email, and scheduling
The site is served by our hosting/CDN provider, which may process standard server logs (e.g. IP address, request metadata) to deliver and secure the site. Email you send us is handled by our email provider. Call bookings are handled by Cal.com, our scheduling provider, which processes the details you submit to arrange a meeting. Where a provider processes data outside the EEA, appropriate safeguards (such as Standard Contractual Clauses) apply.
Retention
We keep correspondence only as long as needed to handle your enquiry and for our reasonable business records, then delete it.
Your rights
You can ask us to access, correct, erase, restrict, or port your personal data, or object to processing — just email [email protected]. You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens.
Changes
We may update this notice; the date above reflects the latest version.