What happens to your data.

What we collect

• Your email address (so you can log in and receive alerts).
• Your subscription status and billing metadata (handled by Lemon Squeezy; we store the tier and expiration date only).
• The indices you add to a watchlist and the price alerts you configure (thresholds, webhook URLs if you set them).
• Usage of AI features per billing cycle (counts only, to enforce tier caps).
• Standard web analytics: page views and anonymous event counts via PostHog, for us to know what gets used.

What we explicitly do not collect

• Your spend data. We do not ingest POs, invoices, or contracts.
• Your supplier list or any counterparty identities.
• Your ERP, P2P system, or any internal system credentials.
• Uploaded documents. Should-cost models and negotiation tools run entirely in your browser or on stateless API calls; the inputs are not persisted.

This is a deliberate design choice, not an accident. Every dataset a tool holds is a future migration, breach, or governance review waiting to happen. Staying on public data means you can onboard without a procurement of procurement.

Where data lives

User accounts, watchlists, alerts, and usage counters live in Supabase on AWS infrastructure (US region). Application code runs on Vercel (US region). Commodity observations are fetched on demand from public APIs (FRED, Eurostat, EIA, USDA, DBnomics, World Bank, FAO) and cached in memory for up to one hour; no private copy of source agency data is stored.

Billing is processed by Lemon Squeezy. Payment card data is never stored or seen by ProcureIndex.

Retention

• Account data: kept for the life of your account. Delete the account and it is removed.
• Alert delivery logs: kept for 90 days so you can debug webhook failures.
• Usage event counters: kept for the current and previous billing period, then aggregated.
• Analytics events (PostHog): retained per PostHog’s default (up to 1 year) and tied only to a pseudonymous distinct id, not to your email.

Deletion and export

Email hello@procure.blog from your account email and we will confirm the deletion within five working days. All rows tied to your account in Supabase are removed; Lemon Squeezy retains the billing record required for tax reporting. If you want an export of your watchlists and alert history before deletion, ask for it in the same email.

Security posture (honest)

We use Supabase Row Level Security so every query is scoped to the authenticated user. Alert webhook deliveries include an HMAC signature header so your endpoint can verify the sender. All traffic uses TLS. Passwords are not stored; login uses email magic links or Google OAuth. Server-to-server cron endpoints are protected by a shared secret and reject unauthenticated calls.

What we do not have: SOC 2, ISO 27001, or HIPAA compliance. We are a small team and have not paid for an audit. If you need a signed attestation, ProcureIndex is probably not the right fit today. If compliance is on your roadmap rather than a hard gate, this page is the current state and we will update it as the story improves.

Subprocessors

• Supabase (database, auth).
• Vercel (hosting).
• Anthropic (Claude Haiku for AI briefs, forecasts, explainers).
• Lemon Squeezy (billing and checkout).
• Resend (transactional email, including alerts).
• PostHog (anonymous product analytics).

Changes to this page

When the data model changes we update this page and the “last updated” date. We do not send email announcements for minor edits. If your evaluation depends on specific language here, save a copy with the date.

Contact

hello@procure.blog for anything on this page. For general terms and the formal privacy policy, see Terms and Privacy Policy.