Privacy Policy

We collect information you provide directly to us, such as when you: • Create an account or organization profile • Upload RFP documents and procurement data • Submit bids, proposals, or pricing information • Contact us for support or inquiries • Subscribe to our newsletters or updates Types of information collected include: • Personal identifiers (name, email address, phone number) • Organization details (company name, address, tax ID) • Payment information (processed securely through our payment partners) • Usage data and analytics • Communication preferences

We use the information we collect to: • Provide, maintain, and improve our Services • Process transactions and send related information • Send technical notices, updates, security alerts, and support messages • Respond to your comments, questions, and provide customer service • Monitor and analyze trends, usage, and activities • Detect, investigate, and prevent fraudulent transactions and abuse • Personalize and improve your experience • Comply with legal obligations and enforce our terms We use advanced AI and machine learning to analyze procurement patterns and provide intelligent recommendations while maintaining strict data privacy standards.

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following situations: • With your consent or at your direction • With trusted service providers who assist us in operating our platform • With organizations you collaborate with on the platform • To comply with legal obligations or respond to lawful requests • To protect the rights, property, or safety of ProcureAI, our users, or others • In connection with a merger, acquisition, or sale of assets All third parties are contractually obligated to maintain the confidentiality and security of your information.

We implement industry-standard security measures to protect your information: • End-to-end encryption for all data transmissions (TLS/SSL) • Encryption at rest for all stored data (AES-256) • Regular security audits and penetration testing • SOC 2 Type II certification • ISO 27001 compliance • Multi-factor authentication (MFA) support • Regular automated backups with point-in-time recovery • Strict access controls and audit logging • 24/7 security monitoring and incident response We maintain a comprehensive incident response plan and will notify affected users within 72 hours of any data breach discovery.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) for EU data transfers • Privacy Shield framework compliance (where applicable) • Data localization options for enterprise customers • Transparent data residency policies We comply with GDPR, CCPA, and other applicable data protection regulations globally.

You have the following rights regarding your personal information: • Access: Request a copy of your personal data • Correction: Update or correct inaccurate information • Deletion: Request deletion of your personal data • Portability: Receive your data in a machine-readable format • Restriction: Limit how we process your information • Objection: Object to certain processing activities • Withdrawal: Withdraw consent at any time To exercise these rights, contact us at privacy@procureai.com. We will respond to requests within 30 days.

We retain your information for as long as necessary to: • Provide our services to you • Comply with legal obligations • Resolve disputes and enforce agreements • Maintain business records for analysis Typical retention periods: • Active account data: Duration of account plus 30 days • Transaction records: 7 years (for compliance) • Support tickets: 3 years • Marketing data: Until consent withdrawn • Anonymized analytics: Indefinitely You may request deletion of your data at any time, subject to legal retention requirements.

ProcureAI is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

California residents have additional rights under the California Consumer Privacy Act (CCPA): • Right to know what personal information is collected • Right to know whether personal information is sold or disclosed • Right to say no to the sale of personal information • Right to equal service and price We do not sell personal information and will not discriminate against you for exercising your privacy rights.

We may update this Privacy Policy from time to time. We will notify you of any changes by: • Posting the new Privacy Policy on this page • Updating the "Last updated" date • Sending email notification for material changes • Requesting consent where required by law We encourage you to review this Privacy Policy periodically for any updates.