Privacy Policy for ProcureFlow

Last Updated: 16 June 2026

Introduction Welcome to ProcureFlow. We are committed to protecting your privacy and your personal information. This policy explains how we collect, use, share, and safeguard information across (1) our marketing website at procureflow.ai, and (2) the ProcureFlow procurement platform that we provide to enterprise customers and their authorised users.

Who This Policy Covers

  • Website Visitors: anyone who browses procureflow.ai or contacts us through it.
  • Enterprise Platform & App Users: employees and authorised users of an organisation that subscribes to the ProcureFlow platform, whether they access it through our web application or our mobile app, together with the supplier and vendor contacts whose details are entered into the platform.

1. Marketing Website Visitors

Information We Collect We collect the following personal information from you:

  • Name: To identify you and personalise our communication.
  • Email Address: To communicate with you regarding your inquiries and our services.
  • Company Name: To understand the professional context of your needs and inquiries.

How We Collect Your Information We collect your information through the contact form available on our contact page. You provide this information voluntarily to inquire about our services.

Use of Your Information The information you provide is used to:

  • Reach out to you to discuss your needs related to our procurement solutions.
  • Provide you with information about our services and offerings.
  • Enhance our services based on the feedback and interactions we have with you.

2. Enterprise Platform & App Users

This section applies whether you access the ProcureFlow platform through our web application or our mobile app.

Our Role: Controller and Processor For our marketing website, ProcureFlow acts as the data controller. For the platform, your organisation is the data controller and ProcureFlow acts as a data processor, processing personal data on your organisation's behalf and in accordance with its instructions, our services agreement, and any applicable Data Processing Addendum.

Information We Collect on the Platform

  • Account & identity data: your name, work email address, contact number, job title and role, and the organisation you belong to.
  • Authentication data: sign-in via single sign-on through your organisation's identity provider or, where your organisation enables it, an email and password. Passwords are never stored in plain text; only salted hashes are retained. On our mobile app, your sign-in session is stored securely on your device.
  • Procurement & business data you submit: purchase requests, purchase orders, requests for quotation (RFQs), supplier and vendor records, supplier and vendor contact details, quotations, approvals, comments and remarks, and any documents or attachments you upload.
  • Logs: audit logs and email logs that record actions taken within the platform for security and traceability.

How We Collect It

  • Directly from you as you use the platform.
  • From your organisation when it provisions or manages your account.
  • Automatically through your use of the platform, including cookies and analytics.
  • From your identity provider when you sign in via single sign-on.

How We Use Platform Data

  • Operate and provide the platform and its procurement workflows.
  • Authenticate users and secure accounts.
  • Power AI-assisted features within the platform.
  • Send transactional and notification emails, such as approval requests, RFQ invitations, and reminders.
  • Troubleshoot, maintain, and improve the service.
  • Maintain audit trails and meet our security, legal, and regulatory obligations.
  • Provide customer support.

Artificial Intelligence Processing Certain features use third-party AI providers to process the data you submit, solely to generate the output you requested. These providers are contractually restricted from using your data to train their models.

Cookies & Analytics The platform uses cookies that are strictly necessary to keep you signed in and to maintain your session. We also use analytics tools to understand how you interact with the platform and to improve it, which may include recording in-platform interactions. Details of the tools we use are available on request.

Service Providers We use a limited number of trusted third-party service providers to help us host, operate, and deliver the platform. They process data only on our behalf, only as needed to provide their services to us, and under appropriate confidentiality and data-protection obligations. A list of our current service providers is available on request. We do not sell your personal data.

Sharing Within Your Organisation Procurement is collaborative. Information you enter, such as requests, approvals, and comments, is visible to other authorised users within your organisation in line with their roles and permissions.

Data Retention We retain platform data for as long as your organisation's account is active and as needed to provide the service. On termination, we delete or return personal data in accordance with our agreement with your organisation and applicable law.

International Transfers & Hosting The platform and its data are hosted on secure cloud infrastructure, which may store and process data in one or more regions. Where personal data is transferred across borders, we put appropriate safeguards in place as required by applicable law.

Your Rights as a Platform User Because your organisation controls the personal data held in the platform, please direct requests to access, correct, or delete your data to your organisation, and we will support those requests as its processor. Subject to applicable law, including Singapore's Personal Data Protection Act (PDPA) and, where it applies, the EU/UK General Data Protection Regulation (GDPR), you may have rights to access, correct, delete, or restrict the processing of your personal data.

Applies to Both Website Visitors and Platform Users

Data Security We are committed to ensuring that your information is secure. To prevent unauthorised access, use, or disclosure, we have implemented robust security measures, including encryption of data in transit and at rest, role-based access controls, audit logging, and storage in secure, encrypted databases. We adhere to stringent security standards and are ISO 27001 certified, which demonstrates our commitment to managing and protecting data responsibly.

Sharing of Information Other than with the service providers described above and within your own organisation, we do not share your personal information with third parties, except as required by law.

Changes to This Policy This policy is provided in good faith and to the best of our knowledge. We reserve the right to update or amend it at any time, and any changes will be posted on this page.

Contact Us If you have any questions or concerns about this privacy policy or the handling of your personal information, please contact us via our website form.

Address 71 Ayer Rajah Crescent, #05-23, Singapore 139951