ProcureZap Privacy Policy

This Privacy Policy describes how ProcureZap ("ProcureZap," "we," "us," or "our") collects, uses, shares, and protects your information when you use our AI-powered intelligent sourcing platform (the "Services" or "Platform").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

We collect information that you provide directly to us, information collected automatically, and information from third-party sources.

1.1 Information You Provide

When you register for an account, use our Services, or communicate with us, we may collect:

• Account Information: Name, email address, work location, postal address, phone numbers, job title, and company name
• Profile Information: User preferences, settings, and demographic information
• Vendor and Procurement Data: Vendor details, RFP documents, proposals, quotations, bid submissions, pricing information, contract terms, project specifications, technical requirements, compliance certifications, insurance documentation, and performance history
• Evaluation and Decision Data: Scoring criteria, weighted assessments, vendor selection rationale, approval decisions, and audit documentation
• Communication Content: Messages, comments, feedback, survey responses, and correspondence sent through the Platform
• Payment Information: Billing details, payment card information, and transaction history (processed securely through third-party payment processors)
• Support and Feedback: Information provided when you contact customer support or submit feedback

1.2 Information Collected Automatically

When you access our Services, we automatically collect certain information about your device and usage:

• Device Information: IP address, device identifiers, browser type and version, operating system, hardware model, and mobile network information
• Usage Data: Pages viewed, features accessed, actions taken, time spent on pages, links clicked, search queries, and interaction patterns
• Location Data: General geographic location based on IP address (we do not collect precise GPS location unless you explicitly enable location services)
• Log Data: Server logs, error reports, system performance data, and diagnostic information
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to recognize users, remember preferences, and analyze platform usage

1.3 Information from Third Parties

• Integration Partners: When you connect third-party services (accounting software, ERP systems, document management platforms), we receive information authorized by you
• Public Records: We may supplement vendor information with publicly available data such as business licenses, safety records, compliance certifications, and litigation history
• Employer Information: Your employer may provide information about your role, permissions, and organizational structure

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Improve Our Services

• Operate, maintain, and deliver the features and functionality of the Platform
• Process and manage RFPs, quotations, vendor evaluations, and procurement workflows
• Enable communication between your organization and vendors
• Generate reports, analytics, dashboards, and spend visibility insights
• Facilitate approval workflows, compliance tracking, and audit trails
• Personalize your experience and deliver relevant content
• Improve, test, and develop new features, products, and services

2.2 AI and Machine Learning

• Train and improve our AI algorithms for document processing, data extraction, vendor matching, risk assessment, and intelligent recommendations
• Provide AI-powered insights, scoring suggestions, and spend optimization recommendations
• Automate processing of procurement documents (RFPs, proposals, contracts, compliance certificates)
• Create de-identified, aggregated data for research, analytics, and platform improvement

2.3 Communication and Support

• Send you service-related emails, account alerts, and security notifications
• Respond to your inquiries, support requests, and feedback
• Send newsletters, updates, and promotional materials (you may opt out at any time)
• Provide onboarding assistance, training materials, and user guides

2.4 Security, Fraud Prevention, and Compliance

• Detect, prevent, and address technical issues, security vulnerabilities, and fraudulent activity
• Monitor and analyze platform usage to identify suspicious behavior
• Verify vendor credentials, compliance certifications, and insurance documentation
• Enforce our Terms of Service and protect user rights
• Comply with applicable laws, regulations, legal processes, and governmental requests
• Maintain records required for audit, tax, and regulatory purposes

3. How We Share Your Information

We do not sell your personal or business information. We may share information in the following circumstances:

3.1 With Your Consent

We share information when you direct us to do so or provide explicit consent.

3.2 Within Your Organization

Information is shared with authorized users within your organization based on role-based access controls and permissions you configure.

3.3 With Vendors (As You Direct)

When you issue RFPs, communicate with vendors, or award contracts through the Platform, we share relevant project information, specifications, and requirements as directed by you. Vendors only receive information necessary to respond to your procurement requests.

3.4 Service Providers and Partners

We engage trusted third-party service providers to support our operations, including:

• Cloud hosting and infrastructure providers (e.g., AWS, Microsoft Azure, Google Cloud)
• Payment processors for billing and subscription management
• Email and communication service providers
• Analytics providers to understand platform usage and performance
• Security and monitoring services to protect against threats
• Customer support and CRM platforms

3.5 Legal Requirements and Protection

We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or governmental requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of ProcureZap, our users, or others
• Detect, prevent, or address fraud, security issues, or technical problems
• Respond to claims of illegal activity or violations of third-party rights

4. Data Security

We implement administrative, technical, and physical security measures designed to protect your information from unauthorized access, loss, misuse, alteration, and destruction.

Our Security Measures Include:

• Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Role-based access controls, multi-factor authentication, and least-privilege principles
• Secure Infrastructure: Secure cloud hosting with redundancy, regular backups, and disaster recovery plans
• Monitoring and Logging: Continuous security monitoring, intrusion detection, audit logging, and vulnerability scanning
• Employee Security: Background checks, security training, confidentiality agreements, and limited access to sensitive data
• Compliance: Regular security audits and adherence to industry standards (SOC 2 Type II, ISO 27001)

5. Your Privacy Rights and Choices

Depending on your location, you may have certain rights regarding your personal information.

5.1 Access and Portability

You have the right to request access to the personal information we hold about you and receive it in a structured, commonly used, and machine-readable format.

5.2 Correction and Update

You may update or correct inaccurate or incomplete information through your account settings or by contacting us.

5.3 Deletion

You may request deletion of your personal information, subject to certain exceptions (legal obligations, contractual requirements, dispute resolution, security purposes).

5.4 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell personal information)
• Right to Limit: Limit the use and disclosure of sensitive personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

5.5 European Residents (GDPR Rights)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectification, erasure, and data portability
• Right to restrict processing and object to processing (including automated decision-making and profiling)
• Right to withdraw consent
• Right to lodge a complaint with your local data protection authority

6. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: