ProcureMind.io← Back to home

Privacy Policy

Last updated: February 26, 2026

ProcureMind.io ("we", "us", or "our") operates the ProcureMind.io web application and Chrome Extension (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

Account Information

When you sign in with Google, we receive your name, email address, and Google profile ID via OAuth. We store your email address and a hashed identifier to manage your account. We do not store your Google password.

Email Content

The Chrome Extension reads the content of Gmail emails you are currently viewing — but only when you click "Extract RFQ". Email content is read directly from the Gmail webpage (DOM access). It is transmitted to our servers solely to perform AI extraction. Raw email content is stored temporarily to process your request and is automatically deleted after 90 days.

Uploaded Files

When you upload a PDF, Excel, or CSV file through the web dashboard, the file is transmitted to our servers for text extraction and AI processing. Raw file content is not stored permanently — only the structured data extracted from it is retained.

Extracted Data

The structured data extracted by AI (vendor name, quote numbers, line items, amounts, etc.) is stored in our database and linked to your account. This is the core output of the Service. You can view and delete this data at any time from your dashboard.

Usage Data

We track how many extractions you perform each month to enforce plan limits. We also collect basic usage metrics (number of extractions, source type, confidence scores) to improve the Service.

Payment Information

Payments are processed by Stripe. We never store your credit card number, CVV, or full payment details. We store only a Stripe Customer ID and subscription status to manage your plan.

Google Sheets Access

If you connect Google Sheets, we store OAuth access and refresh tokens server-side to write extracted data to your chosen spreadsheet. These tokens are encrypted at rest and never exposed to the Chrome Extension. You can revoke access at any time from your Google Account settings or from our Settings page.

2. How We Use Your Data

  • To provide and operate the Service (AI extraction, Sheets sync, extraction history)
  • To enforce plan limits and process subscription payments
  • To improve extraction accuracy and product quality
  • To send transactional emails (usage warnings, payment notifications) — no marketing without consent
  • To monitor errors and diagnose technical issues (via Sentry)

3. Third-Party Processors

We share data with the following third-party services, each under their own privacy policies:

ProcessorPurposeData Shared
OpenAIAI extraction (GPT-4o-mini)Email/file content you choose to extract
SupabaseDatabase & authentication hostingAll account and extraction data
GoogleOAuth login & Sheets APIAccount identity; extracted rows written to your sheet
StripePayment processing & subscriptionsEmail address, billing details
SentryError monitoringError stack traces (no email content)
VercelWeb application hostingServer logs (IP, user agent)

Important: Email content is sent to OpenAI for AI processing. OpenAI's API data usage policy applies. By default, OpenAI does not use API data to train models. See OpenAI's API Data Usage Policies.

4. Data Retention

  • Raw email content: Automatically deleted after 90 days
  • Extracted data: Retained while your account is active; deleted on account deletion
  • Usage logs: Retained for 13 months for billing and analytics purposes
  • Sheets OAuth tokens: Retained until you disconnect Google Sheets from Settings

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Delete your account and all associated data via Settings → "Delete my data"
  • Portability: Export your extraction history as CSV from the dashboard
  • Objection: Object to processing where we rely on legitimate interests
  • Withdrawal of consent: Disconnect Google Sheets or revoke Google OAuth at any time

To exercise any of these rights, email us at support@procuremind.io. We respond within 30 days.

6. Cookies & Tracking

We use cookies solely for authentication (session management via Supabase). We do not use third-party advertising cookies or tracking pixels. We do not sell your data.

7. Security

We use industry-standard security practices: TLS encryption in transit, encrypted storage at rest via Supabase, row-level security (users can only access their own data), and server-side token storage. No sensitive credentials are ever stored in the Chrome Extension.

8. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately at support@procuremind.io.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a notice on the Service. The "Last updated" date at the top indicates when this policy was last revised.

10. Contact Us

For privacy enquiries, data requests, or concerns:

ProcureMind.io
Email: support@procuremind.io