Privacy Policy

1. Information We Collect

1.1 Account Information

When you create a PROCUROS account, we collect:

• Name and email address
• Organization name and type
• Preferred procurement framework
• Password (encrypted and never stored in plain text)
• Account creation timestamp

1.2 Usage Information

To improve our services, we collect:

• Tool usage statistics (which tools you use and how often)
• Session duration and frequency
• Feature engagement metrics
• Error logs and system diagnostics
• Browser type, device information, and IP address

1.3 Document Processing Data

Important: Zero Data Retention Policy

When you upload or process documents through PROCUROS:

• Documents are processed in-session only
• All uploaded files are automatically deleted after processing
• Generated outputs are not stored on our servers
• RAG (Retrieval Augmented Generation) embeddings are session-scoped and purged immediately
• We retain no copies of your procurement documents or sensitive data

1.4 Payment Information

For paid subscriptions:

• Payment processing is handled by PesaPal (we never see or store your payment information)
• We receive only transaction confirmations and subscription status
• Billing address and organization details for invoicing

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

• Authenticate your account and manage access
• Process your requests through our AI-powered tools
• Provide framework-specific procurement guidance
• Generate compliant bid documents and reports
• Track usage limits based on your subscription tier

2.2 Platform Improvement

• Analyze usage patterns to improve tool accuracy
• Identify and fix technical issues
• Develop new features based on user needs
• Enhance AI model performance and framework compliance

2.3 Communication

• Send service-related notifications and updates
• Provide customer support and respond to inquiries
• Share important changes to our terms or policies
• Send promotional emails (only if you've opted in)

2.4 Compliance and Safety

• Prevent fraud and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations and court orders
• Protect our rights and those of our users

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in these limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist in operating our platform:

• Firebase (Google) - Authentication and database services
• Pinecone - Vector database for session-based RAG (no permanent storage)
• OpenAI - AI processing (data sent only during active sessions)
• PesaPal - Payment processing (they handle all payment data)
• Email service providers - Transactional and marketing emails

All service providers are contractually obligated to protect your data and use it only for specified purposes.

3.2 Legal Requirements

We may disclose information if required by law or in good faith belief that such action is necessary to:

• Comply with legal processes or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Investigate fraud or security issues

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption - All data in transit is encrypted using TLS 1.3
• Authentication - Multi-factor authentication available for all accounts
• Access Controls - Strict role-based access to systems and data
• Regular Audits - Periodic security assessments and penetration testing
• Automatic Deletion - Uploaded documents and processed data are automatically purged
• Monitoring - 24/7 security monitoring and incident response

5. Your Rights and Choices

You have the following rights regarding your personal information:

5.1 Access and Portability

• Request a copy of your personal data in machine-readable format
• Export your account data and usage history

5.2 Correction and Updates

• Update your account information at any time through your settings
• Request correction of inaccurate or incomplete data

5.3 Deletion

• Delete your account and associated data at any time
• Request deletion of specific information (subject to legal retention requirements)
• Note: Due to our zero data retention policy, processed documents are already automatically deleted

5.4 Marketing Preferences

• Opt out of promotional emails via unsubscribe links
• Manage communication preferences in your account settings
• Note: You cannot opt out of essential service communications

5.5 Do Not Track

We respect browser "Do Not Track" signals. When enabled, we will not track your usage for analytics purposes (though essential cookies remain necessary for service functionality).

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for detailed information.

Types of Cookies We Use:

• Essential Cookies - Required for authentication and core functionality
• Analytics Cookies - Help us understand usage patterns (Firebase Analytics)
• Preference Cookies - Remember your settings and choices

We do not use advertising or tracking cookies from third parties.

7. International Data Transfers

PROCUROS operates globally. Your information may be transferred to and processed in countries other than your own. We ensure adequate safeguards are in place:

• Data processed in accordance with GDPR standards regardless of location
• Standard contractual clauses with all international service providers
• Regular compliance reviews and audits

8. Children's Privacy

PROCUROS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you via email (if you have an account)
• We will display a prominent notice on our platform
• For significant changes, we may require your consent to continue using PROCUROS

We encourage you to review this policy periodically.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

11. Additional Rights for EU Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Object - Object to processing based on legitimate interests
• Right to Restrict Processing - Request limitation of processing in certain circumstances
• Right to Lodge a Complaint - File a complaint with your local data protection authority
• Right to Withdraw Consent - Withdraw consent for processing at any time