Skip to main content
← Back

Privacy Policy

Last updated: 9 May 2026

1. Data We Collect

  • Name, email address, phone number (provided during account setup)
  • Login credentials (password hash stored, never plaintext)
  • Google account ID (if you sign in with Google)
  • Site assignments and role within your organisation
  • Procurement data: material requests, purchase orders, invoices, GRNs
  • Files uploaded (GRN photos, invoices, attachments)
  • Session data: IP address, user agent, login timestamps
  • Audit logs: actions performed within the application

2. Purpose of Processing

  • Providing the ProcSite procurement management service
  • Authentication and session management
  • Audit trail for compliance and accountability
  • Error monitoring and application stability
  • Communication (transactional emails such as password resets, notifications)

3. Data Storage

Your data is stored in a PostgreSQL database hosted on Railway (cloud infrastructure). Uploaded files are stored in AWS S3 with server-side encryption (SSE-KMS). All data is transmitted over TLS (HTTPS).

4. Third-Party Services

  • AWS S3— file storage (GRN photos, attachments). Data may be stored in AWS regions outside India.
  • Sentry— error monitoring. PII is redacted before transmission (PAN, GSTIN, phone, bank account numbers are stripped).
  • Resend— transactional email delivery.
  • Railway— application and database hosting.

5. Data Retention

Business data (procurement records, invoices, audit logs) is retained for the duration of your organisation's subscription plus 7 years to comply with Indian financial record-keeping requirements. Session data is purged after expiry. Uploaded files older than 2 years are moved to archival storage.

6. Your Rights (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access your personal data held by us
  • Request correction of inaccurate data
  • Request erasure of your personal data (subject to legal retention requirements)
  • Withdraw consent for data processing
  • Lodge a grievance with our grievance officer

7. Grievance Officer

For any privacy-related concerns, contact our grievance officer:

Sanskar Nanegaonkar

Email: procsite.admin@gmail.com

Response within 30 days of receipt.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of ProcSite after changes constitutes acceptance.