Will you steal my startup idea?

No. We've analyzed 4,000+ ideas this month alone, from weekend projects to VC-backed startups. If we stole ideas, we'd have been exposed by now. We're a validation tool, not a venture studio.

Preuve uses passwordless authentication only. Sign-in works through one-time codes or magic links sent to your verified email. This eliminates credential stuffing, password reuse, brute force, and password-leak risk entirely.

ExploreSee what you get

All comparisons

Explore

Sample reports

Real reports on real ideas. See the output before you scan.

›

Blog

Validation guides, market sizing, and founder playbooks.

›

Reviews

5-star reviews from founders who validated their ideas.

›

Compare & Buy

Preuve vs IdeaProof

Side-by-side feature and data comparison.

›

Preuve vs IdeaBuddy

Validation vs business planning.

›

Lifetime deal

Pay once, validate ideas forever. From $499.

›

FreePlan before you build

All free tools

AI Generators

Startup Idea Generator

AI generates ideas based on your skills and budget.

›

Value Proposition Generator

Craft your pitch in 3 proven frameworks.

›

Business Model Canvas Generator

AI fills the 9-block canvas from your idea.

›

More Tools

Buyer Persona Generator

Know exactly who you are building for.

›

Business Name Generator

AI names with taglines and domain suggestions.

›

Validation Checklist

37 checks to pressure-test your idea.

›

B2BQualify before the first call

Teams product

Who it's for

Agencies & studios

Branded reports before the first call.

›

Accelerators & incubators

Screen applications with sourced market data.

›

Learn more

Use cases

See how each team type uses Preuve.

›

Teams product

Features, pricing, and setup for teams.

›

Your Idea Is Safe With Us

Q: Can your employees see my idea?

No. Your idea is processed entirely by AI. We don't have employees reviewing submissions. Access to production data requires multi-factor authentication and is logged for security audits.

Passwordless authentication. Server-validated JWTs. Encrypted at rest and in transit. Zero humans in the loop.

Last updated: April 26, 2026

The short version: Your idea is encrypted, isolated, and processed only by AI. No humans review submissions. We are a validation tool, not a competitor. You can delete your data anytime.

Passwordless

Magic-link / OTP only. No passwords to leak.

Encrypted

TLS 1.3 in transit, AES-256 at rest

SOC 2 Infrastructure

Supabase + Vercel, both SOC 2 Type II

You Control Your Data

Delete anytime from your account

Infrastructure Security

We build on enterprise-grade infrastructure from industry-leading providers:

Authentication: Supabase Auth (SOC 2 Type II) with passwordless magic-link / OTP sign-in only. We never set, store, hash, or transmit passwords because we never collect them. Session tokens are JWTs validated server-side on every authenticated API request.
Database: Supabase Postgres (SOC 2 Type II) hosted in the EU (eu-west-1, Ireland). Row-level security ensures users can only access their own data, enforced at the database level.
Hosting: Vercel (SOC 2 Type II). Edge network with automatic HTTPS, DDoS protection, and a CORS allowlist hardcoded to our production domains.
Payments: Stripe (PCI DSS Level 1) for new purchases. Legacy DodoPayments and Paddle subscriptions remain on their original processor. We never see or store card details.
AI Providers: Your idea is processed through enterprise APIs from Google (Gemini), Anthropic (Claude), and OpenAI (GPT). These providers do not use your data to train their models under their enterprise API terms. Requests may be routed through ZenMux and OpenRouter, LLM gateways with their own data handling policies.
Abuse Defenses: Server-side rate limiting on every public endpoint, with stricter limits on authentication endpoints. IP-based abuse detection auto-blocks after repeated alerts and is IPv6-aware to prevent rotation evasion. Disposable-email signups are blocked at the source.
Input & Output: Prompt-injection detection and input sanitization run on every report submission. Server-side paywall enforcement strips locked sections from API responses; locked content never leaves our server. Audit log wraps every API handler.

Who Sees Your Idea?

Zero humans. Your idea never crosses a human inbox, dashboard, or screen. AI processes it, generates your report, and that is it.

Your idea is:

Never shared with other users or sold to anyone
Processed by AI providers (Google, Anthropic, OpenAI) strictly to generate your report. These providers do not train on your data under their enterprise API terms
May be routed through ZenMux and OpenRouter, LLM gateways with their own data handling policies
Stored encrypted in your private account
Aggregate statistics (score distributions, risk rates) may appear in public research reports. Never individual ideas, names, or identifying details

Data Encryption

In transit: All data encrypted with TLS 1.3 (256-bit)
At rest: Database encrypted with AES-256
Isolation: Row-level security. Your data is logically separated from other users
No plaintext secrets: Sensitive data is never stored unencrypted

Your Control

You own your data. You can:

View: Access all your reports in your account
Delete: Remove individual reports or your entire account
Export: Download your analysis data

When you delete data, it is permanently removed from our systems.

Common Questions

Will you steal my idea?

No. We have analyzed 4,000+ ideas this month alone, from weekend projects to VC-backed startups. If we stole ideas, we would have been exposed by now. We are a validation tool, not a venture studio.

Your idea is private. I am a solo founder who can barely keep up with his own product. I definitely do not have time to steal yours.

- Vincent, Founder

Can your employees see my idea?

No. Your idea is processed entirely by AI. We do not have employees reviewing submissions. Access to production data requires multi-factor authentication and is logged for security audits.

Is my idea used to train AI?

Our AI providers (Google, Anthropic, OpenAI) operate under enterprise API terms that prohibit using your data for model training. Requests may be routed through ZenMux and OpenRouter, LLM gateways with their own data handling policies.

What if there is a data breach?

Supabase and Vercel both run formal incident response programs. Per GDPR Article 33, we notify affected users within 72 hours of confirming a breach that affects their data. Our delete-account endpoint immediately purges your data from Postgres and the auth tables on request, and refund-related data revocation is handled the same way.

Why no password?

Passwords are the most-attacked surface in any web app. By using one-time codes and magic links instead, we remove credential stuffing, password-reuse exposure, brute force, and password-leak risk in one move. You sign in by clicking a link we email you. That is the entire mechanism.

Found a vulnerability?

We take security reports seriously. If you have found a vulnerability in Preuve, email [email protected].

We respond within 24 hours on weekdays.
Please do not publicly disclose the issue until we have had a reasonable chance to fix it.
Avoid actions that would degrade service for other users (no DoS, no scraping, no testing on accounts that are not yours).
No bounty program yet, but we publicly credit responsible reporters once a fix is shipped, if you want the credit.

Questions about security? Contact us at [email protected]