Subprocessors | ProcureLabs

About This Page

This page lists all third-party service providers (subprocessors) that ProcureLabs Pte. Ltd. engages to process personal data on behalf of our customers. We carefully select subprocessors that maintain high security and privacy standards.

For subprocessors that require explicit consent (marked below), you can manage your preferences in the Privacy Settings section of your account.

Current Subprocessors

OpenAI

AI-powered features including chat assistance, insights generation, and organization DNA extraction

Consent Required

Data Processed

•Chat messages and queries
•Context data provided during AI interactions
•Organization profile information (for DNA extraction)

Location

United States

Certifications

SOC 2 Type IIISO 27001

DPA Status

DPA Signed

Supabase

Database hosting, authentication services, and file storage

Data Processed

•User account information
•All application data
•Session and authentication tokens
•Uploaded files and documents

Location

Singapore (AWS ap-southeast-1)

Certifications

SOC 2 Type IIHIPAA (optional)

DPA Status

DPA Signed

Vercel

Application hosting and content delivery network (CDN)

Data Processed

•IP addresses (for request routing)
•Request metadata (for analytics)
•Edge function execution data

Location

Global (Edge Network)

Certifications

SOC 2 Type IIISO 27001

DPA Status

DPA Signed

Change Notification Policy

We will notify you of any changes to our subprocessor list:

New Subprocessors: At least 30 days advance notice via email
Removed Subprocessors: Notification within 30 days of removal
Material Changes: Immediate notification for changes affecting data processing scope

You may object to any new subprocessor by contacting us within the notice period. If we cannot address your concerns, you may terminate your subscription without penalty.

Data Protection Agreements

We have executed Data Processing Agreements (DPAs) with all subprocessors that process personal data. These agreements ensure that:

Subprocessors process data only on our instructions
Appropriate technical and organizational security measures are in place
Subprocessors assist with data subject rights requests
Data is deleted or returned upon termination of services
Subprocessors submit to audits and inspections

International Data Transfers

Some of our subprocessors are located outside the European Economic Area (EEA). For these transfers, we rely on:

Standard Contractual Clauses (SCCs) - EU-approved transfer mechanisms
UK International Data Transfer Agreement (IDTA) - For UK data
Supplementary Measures - Additional safeguards where required by Schrems II

Questions?

If you have questions about our subprocessors or data processing practices, please contact:

Data Protection Officer: support@procure-labs.com

Privacy Team: support@procure-labs.com