1. Introduction
ProcSite ("we", "our", "us") operates the ProcSite platform at procsite.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
By using ProcSite, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information:
- Name, email address, phone number
- Company name and business details
- Google account information (when using Google Sign-In)
- Role and site assignments within your organization
Usage Data:
- Material requests, commitments, and procurement orders
- Goods Receipt Notes (GRN) including photos, videos, and geolocation data
- Invoice and payment information
- Dispatch and delivery records
Technical Data:
- Browser type and version
- Device information
- IP address and access timestamps
3. How We Use Your Information
- To provide and maintain the ProcSite platform
- To authenticate your identity and manage account access
- To facilitate material tracking, procurement, and payment workflows
- To generate reports and summaries (e.g., bill summaries, audit logs)
- To send transactional emails (invitations, notifications)
- To improve our Service and develop new features
- To respond to your requests and provide support
4. Data Storage and Security
Your data is stored securely using industry-standard practices:
- Database hosted on secure, managed PostgreSQL infrastructure
- Evidence files (photos/videos) stored in Amazon Web Services (AWS) S3 with access controls
- All data transmitted over encrypted connections (HTTPS/TLS)
- Session tokens are cryptographically signed and expire after 12 hours
- Passwords are hashed using PBKDF2 with 120,000 iterations
5. Third-Party Services
We use the following third-party services:
- Google OAuth for authentication (Sign in with Google). Google receives your authentication request but does not access your ProcSite data.
- Amazon Web Services (AWS) for file storage (GRN evidence photos/videos, invoice documents).
- Resend for transactional email delivery (invitations, notifications).
- Railway for application hosting.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
6. Data Sharing
Your data may be shared in the following contexts:
- Within your organization: Users within the same tenant can see data relevant to their role (e.g., HO sees all site requests).
- With assigned vendors: Vendors can see procurement orders, dispatch records, and invoice data for sites they are assigned to.
- Legal compliance: We may disclose data if required by law or in response to valid legal processes.
7. Cookies
ProcSite uses essential cookies for authentication and session management:
- Session cookie: Maintains your logged-in state. Expires after 12 hours. Secured against unauthorized access.
- Terms acceptance cookie: Records that you have accepted the Terms and Conditions. Expires after 1 year.
We do not use tracking cookies, analytics cookies, or advertising cookies.
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Export your data in a machine-readable format
- Withdraw consent for data processing (which may limit Service functionality)
To exercise any of these rights, contact us at the email address below.
9. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination, you may request data export within 30 days. After that period, data may be permanently deleted.
Audit logs and transaction records may be retained for a longer period for compliance and dispute resolution purposes.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance.
11. Contact Us
If you have any questions about this Privacy Policy, please reach out through our contact form.