Privacy Policy

Last updated: January 17, 2026

1. Data Controller

ProcureLabs (“we”, “our”, “us”) is the data controller for personal data processed through this application. We are committed to protecting your privacy and handling your data in an open and transparent manner.

For any data protection inquiries, please contact our Data Protection Officer at support@procure-labs.com

2. Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Email address, full name, profile picture, organization name
  • Usage Data: Features accessed, session duration, preferences
  • Procurement Data: Spend data, supplier information, and other business data you upload
  • AI Interactions: Chat messages and queries with our AI assistants
  • Technical Data: IP address, browser type, device information for security and analytics

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide our services as agreed in our terms of service
  • Consent: For optional analytics, marketing communications, and AI-powered features
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

4. Third-Party Data Sharing

We share data with the following third-party service providers:

OpenAI

Powers our AI-assisted features. Data shared includes chat messages and context you provide. Subject to your explicit consent.

Supabase

Provides authentication and database services. Stores all account and application data. SOC 2 Type II certified.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right to Access

Export your data from Settings > Profile > Export Data

Right to Rectification

Update your profile information in Settings

Right to Erasure

Delete your account from Settings > Profile > Delete Account

Right to Portability

Download your data in JSON format from Settings

Right to Object

Manage consent preferences in Settings > Privacy

Withdraw Consent

Manage cookie and data processing preferences anytime

6. Data Retention

We retain your data for the following periods:

  • Account Data: Until you request deletion
  • Audit Logs: 7 years (regulatory compliance requirement)
  • Analytics Data: 365 days
  • Chat History: 90 days, or until account deletion

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest
  • Row-Level Security (RLS) for multi-tenant data isolation
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)
  • Multi-factor authentication for administrative access

8. Cookies

We use cookies and similar technologies for:

  • Essential: Authentication and security (required)
  • Analytics: Understanding usage patterns (optional)
  • Preferences: Remembering your settings (optional)

You can manage your cookie preferences through our cookie consent banner or in Settings.

9. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our service providers, to protect your data in accordance with GDPR requirements.

10. Updates to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through a notice in the application. Your continued use of the service after such updates constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Email: support@procure-labs.com

Data Protection Officer: support@procure-labs.com

← Back to Home