Overview
Procurex.ai ("we," "our," or "the Platform") operates a peer-based procurement and capital intelligence platform that benchmarks SMB purchasing costs and financing terms against anonymized market data using sigma-based ratings. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at procurex.ai.
Your trust is the foundation of our platform. Because Procurex.ai relies on contributed procurement data to generate benchmarks and sigma ratings, we take extraordinary measures to anonymize, aggregate, and protect every data point you share.
By accessing or using Procurex.ai, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately. This policy should be read alongside our Terms of Service and Security Policy.
Information We Collect
Account & Profile Information
When you register for Procurex.ai, we collect information necessary to create and manage your account:
- Full name, email address, and phone number
- Company name, industry, size, and business address
- Job title and role within your organization
- Authentication credentials (passwords are hashed and salted)
Procurement & Financial Data
To power our benchmarking engine and sigma-based ratings, you may contribute:
- Purchase orders, invoices, and line-item pricing data
- Supplier names, contract terms, and payment schedules
- SKU-level cost data uploaded via our Data Upload & Ingestion tools
- Financing terms, interest rates, and capital facility details shared through Financing & Capital Intelligence
Usage & Technical Data
We automatically collect certain information when you interact with the Platform:
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Browser type, OS, screen resolution | Platform optimization |
| Log Data | IP address, access times, pages viewed | Security & analytics |
| Interaction Data | Features used, reports generated, searches | Product improvement |
| Performance Metrics | Load times, error rates, API latency | Reliability monitoring |
How We Use Your Data
We process your information for the following purposes, each grounded in a lawful basis:
Core Platform Services
- Benchmark Generation: Your contributed procurement data is anonymized and aggregated to produce market benchmarks visible in the Benchmark Statistics Explorer
- Sigma Ratings: We calculate sigma-based ratings that compare your purchasing costs against anonymized peer data, delivered through Sigma Ratings & Snapshots
- Savings Identification: Our AI engine analyzes your data to surface actionable Savings Opportunities
- Trend Analysis: Historical data powers Trend Analysis to help you anticipate market shifts
- AI Briefings: Personalized AI Briefings & Insights are generated from your data patterns
Platform Operations
- Account authentication, authorization, and user role management
- Customer support and communication
- Platform security, fraud prevention, and abuse detection
- Report generation and PDF export functionality
Improvement & Research
- Improving our SKU Catalog & Matching algorithms
- Enhancing Pricing Rules Engine accuracy
- Training and refining our AI models (using only anonymized, aggregated data)
- Conducting anonymized market research and publishing industry reports
Data Anonymization & Benchmarking
Anonymization is at the heart of Procurex.ai's value proposition. We employ rigorous techniques to ensure that contributed procurement data cannot be traced back to any individual organization:
No benchmark, sigma rating, or market insight published on Procurex.ai ever reveals the identity of a contributing organization. All outputs are derived from anonymized, aggregated datasets with a minimum cohort size of 5 contributors per data point.
Our Anonymization Process
- Data Ingestion: Raw procurement data is uploaded through our secure Data Upload & Ingestion pipeline
- Identifier Stripping: All company-identifying fields (names, addresses, account numbers) are removed immediately upon ingestion
- Tokenization: Supplier and buyer identifiers are replaced with irreversible cryptographic tokens
- Aggregation: Individual data points are combined into statistical distributions (means, medians, standard deviations) before any benchmark is computed
- K-Anonymity: We enforce a minimum threshold of contributors per category to prevent re-identification through small-group inference
- Differential Privacy: Statistical noise is added to outputs where cohort sizes approach minimum thresholds
Contribution Tracking
Your Contribution Ledger tracks what data you've shared and when, giving you full visibility into your contributions. However, the ledger is visible only to you — no other user or administrator can see which specific data points you contributed to the anonymized pool.
Data Sharing & Third Parties
We are committed to minimizing data sharing. Your information is never sold. We share data only in the following limited circumstances:
| Recipient | Data Shared | Purpose | Safeguards |
|---|---|---|---|
| Platform Users | Anonymized benchmarks & sigma ratings only | Core platform functionality | Anonymized |
| Cloud Infrastructure | Encrypted data at rest and in transit | Platform hosting & operations | Encrypted |
| Analytics Providers | Aggregated usage metrics (no PII) | Platform improvement | Anonymized |
| Legal Authorities | As required by law | Legal compliance | As Required |
| Business Transfers | Account & platform data | Merger, acquisition, or asset sale | Contractual |
All third-party service providers are bound by data processing agreements that require them to protect your data to the same standards we maintain. We conduct regular audits of our vendor ecosystem.
Data Security
We implement comprehensive security measures to protect your data. For full details, please review our Security Policy. Key measures include:
- Encryption: AES-256 encryption at rest; TLS 1.3 in transit
- Access Controls: Role-based access control (RBAC) with principle of least privilege, managed through our User & Role Management system
- Authentication: Multi-factor authentication (MFA) support, session management, and token-based API access
- Infrastructure: SOC 2 Type II compliant cloud infrastructure with geographic redundancy
- Monitoring: 24/7 intrusion detection, anomaly monitoring, and automated threat response
- Penetration Testing: Regular third-party security assessments and vulnerability scanning
- Incident Response: Documented incident response plan with 72-hour breach notification commitment
Data Retention
We retain your data only as long as necessary to fulfill the purposes described in this policy:
| Data Category | Retention Period | After Deletion |
|---|---|---|
| Account Information | Duration of account + 30 days | Permanently deleted |
| Raw Procurement Data | 36 months from upload | Purged from all systems |
| Anonymized Benchmarks | Indefinite (non-identifiable) | N/A — cannot be linked to you |
| Usage Logs | 12 months | Aggregated then deleted |
| Support Communications | 24 months from resolution | Permanently deleted |
When you delete your account, we initiate a 30-day grace period during which you can recover your account. After this period, all personally identifiable data is permanently and irreversibly deleted. Anonymized data that has already been incorporated into aggregate benchmarks remains in the system, as it cannot be traced back to you.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of all personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data in certain circumstances
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment (CCPA)
To exercise any of these rights, contact our Data Protection Officer at privacy@procurex.ai. We will respond to verified requests within 30 days. For complex requests, we may extend this period by an additional 60 days with notice.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. Procurex.ai does not sell personal information.
European Economic Area Residents (GDPR)
If you are located in the EEA, our legal bases for processing include: performance of contract (account services), legitimate interests (platform improvement, security), consent (marketing communications), and legal obligation (regulatory compliance). You have the right to lodge a complaint with your local supervisory authority.
Cookies & Tracking Technologies
Procurex.ai uses cookies and similar technologies to enhance your experience:
| Cookie Type | Purpose | Duration | Required |
|---|---|---|---|
| Essential | Authentication, security, session management | Session / 30 days | Required |
| Functional | User preferences, dashboard layout, language | 1 year | Optional |
| Analytics | Usage patterns, feature adoption, performance | 2 years | Optional |
You can manage your cookie preferences at any time through our cookie consent banner or your browser settings. Disabling non-essential cookies will not affect core platform functionality. We do not use advertising or cross-site tracking cookies.
International Data Transfers
Procurex.ai operates globally, and your data may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers from the EEA to third countries
- Data Processing Agreements: All sub-processors are bound by contractual obligations equivalent to this policy
- Adequacy Decisions: Where available, we rely on adequacy decisions by relevant data protection authorities
- Encryption: All data in transit between regions is encrypted using TLS 1.3
Children's Privacy
Procurex.ai is a business-to-business platform designed for use by professionals and organizations. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last Updated" date at the top of this page
- We will notify you via email and/or an in-platform notification at least 30 days before material changes take effect
- For significant changes affecting how we process procurement data, we will seek renewed consent where required
- Previous versions of this policy will be archived and available upon request
We encourage you to review this policy periodically. Your continued use of Procurex.ai after changes become effective constitutes acceptance of the revised policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Data Protection team:
Data Protection Officer
Email: privacy@procurex.ai
Subject Line: Privacy Inquiry — [Your Company Name]
We aim to respond to all privacy-related inquiries within 5 business days. For data subject access requests (DSARs), we will acknowledge receipt within 48 hours and fulfill the request within 30 calendar days.
For general platform support, please visit our Dashboard and use the in-app support feature, or email support@procurex.ai.