Legal
Privacy Policy
Effective Date: February 22, 2026
This policy applies to vProcly procurement platform services available through the web application and related integrations.
1. Scope
This Privacy Policy explains how vProcly collects, uses, discloses, and protects information when customers, suppliers, and invited users access the platform, including web application features for requests, bids, supplier research, messaging, and organization management.
2. Information We Collect
We collect account details (name, email, role), organization profile data, procurement data (BOM items, requests, bids, attachments, comments), communications metadata, and system telemetry (logs, diagnostics, device/browser info, IP and timestamps) for service reliability and security.
3. Google and Microsoft Mailbox Connections
When an organization admin connects Google or Microsoft mailbox services, vProcly receives OAuth access/refresh tokens and account identity metadata required to send private procurement emails on behalf of that organization. Tokens are encrypted at rest and used only for authorized mail delivery and token refresh.
4. How We Use Data
We use data to provide procurement workflows, authenticate users, send notifications and private RFQs, operate analytics dashboards, secure the service, prevent abuse, and comply with legal obligations.
5. Legal Bases
Where applicable, processing is based on contract performance, legitimate interests (security, fraud prevention, product improvement), legal obligations, and consent for specific integrations or communications.
6. Sharing and Processors
We may share data with trusted infrastructure and communication providers (for example cloud hosting, email and observability vendors) solely to deliver the service. We do not sell personal information.
7. Data Retention
Data is retained for as long as required to provide the service, satisfy contractual commitments, resolve disputes, and meet legal requirements. Organizations may request deletion subject to legal and operational constraints.
8. Security
vProcly uses encryption in transit, encrypted credential storage for integrations, role-based access controls, audit-oriented activity records, and monitoring controls. No system is perfectly secure, and users should protect account credentials and organizational access.
9. International Transfers
Data may be processed in jurisdictions where our service providers operate. We apply contractual and technical safeguards designed to protect transferred data.
10. Your Rights
Depending on jurisdiction, users may have rights to access, correction, deletion, portability, restriction, objection, and consent withdrawal. Requests can be submitted by contacting us.
11. Children
vProcly is intended for business users and is not directed to children under the age required by local law for consent.
12. Updates
We may update this Privacy Policy from time to time. The latest version will be published on this page with a revised effective date.
Contact
For privacy or data requests, contact: privacy@vprocly.com