Privacy Policy

Effective date: 30 May 2026 · Operated by Thabiso Phale, Botswana · support@procure-flow.net

      Short version: Your procurement data never leaves your browser. We do not create
      user accounts, sell your data, or track you across websites. The only information our server receives
      is what is strictly needed to validate your license key and proxy AI requests to Anthropic.
    

1. Who We Are

ProcureAI ("we", "us", "our") is a browser-based procurement management tool operated by Thabiso Phale, based in Botswana. You can reach us at support@procure-flow.net.

2. What Data We Collect

We collect the minimum data necessary to operate the service:

Email address and license key — submitted when you activate a paid plan. Used solely to validate your license. Not stored in a database; validation is performed cryptographically on each request.
IP address — logged temporarily by our server for rate-limiting purposes (free-tier users: 30 AI requests per 24 hours). Purged automatically after 24 hours.
AI prompt content — when you use AI features, your prompt is forwarded to Anthropic's API on your behalf. We do not store, log, or read your prompt content.
Payment details — payments are made directly via international bank transfer or Payoneer. We do not collect or store card numbers, bank credentials, or payment processor tokens.

What we do NOT collect: We do not collect your suppliers, purchase orders, invoices, spend data, or any other procurement information you enter into the app. All such data is stored exclusively in your browser's localStorage and is never transmitted to our servers.

3. How Your Data Is Used

License key + email: to validate your subscription plan on each AI request
IP address: to enforce the free-tier rate limit, then auto-deleted after 24 hours
AI prompts: forwarded to Anthropic's API to generate responses; not retained by us

We do not use your data for advertising, profiling, or sale to third parties. Ever.

4. Third-Party Services

Anthropic (api.anthropic.com) — processes AI prompts when you use AI-powered features. Subject to Anthropic's Privacy Policy.
Railway (railway.app) — hosts our server infrastructure. Subject to Railway's Privacy Policy.
Payoneer / Citibank — used for payment processing when you subscribe to a paid plan. Subject to their respective privacy policies.

We do not use Google Analytics, Facebook Pixel, or any advertising or behavioural tracking tools.

5. Cookies and Local Storage

ProcureAI does not use cookies. All app data (settings, suppliers, purchase orders, invoices, etc.) is stored in your browser's localStorage. This data stays on your device and is never transmitted to us. You can clear it at any time via your browser settings or the in-app "Clear All Data" function.

6. Data Retention

IP-based rate limit counters: automatically purged every 24 hours
License validation: stateless — no records stored; each check is computed cryptographically from your email and key
App procurement data: stored only in your browser until you clear it

7. Your Rights (GDPR / POPIA)

If you are located in the European Economic Area, the United Kingdom, or South Africa, you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you
Right to erasure — request deletion of your data
Right to rectification — request correction of inaccurate data
Right to object — object to further processing of your data
Right to portability — request your data in a portable format

Because we store minimal personal data (only IP-based rate counters that auto-purge every 24 hours), most erasure requests are already fulfilled automatically by the technical design. To exercise any right, email support@procure-flow.net and we will respond within 30 days.

8. Security

License keys are generated using HMAC-SHA256 cryptography and are validated without storing any user database. All connections to our server use HTTPS/TLS. Your procurement data never leaves your browser.

9. Children's Privacy

ProcureAI is intended for business use by adults. We do not knowingly collect personal data from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top of this page. Continued use of the service after any changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions, data requests, or concerns, contact us at: support@procure-flow.net