Download free
ProcureAI · Privacy

Privacy Policy

Last updated: 25 May 2026. We collect what we need to send you the suite and run the free tools, nothing else. No third-party tracking, no resale.

Nederlandse versie: Privacyverklaring (NL)

1. Who we are

ProcureAI is operated by Martin Bacigal ([email protected]). The website lives at procureai.tech. For GDPR purposes we act as the data controller for any information you submit on this site.

2. What we collect

  • Email address — when you submit any form on this site (suite unlock, footer subscribe, contact form). Lawful basis: legitimate interest + consent (you submitted it).
  • Contact form fields — name, subject and message when you use the contact form; sent to us by email, not stored in a marketing database.
  • Source attribution — which page or skill you clicked from, so we know which freebies are working. Stored alongside your email.
  • IP address (hashed) — first 10 characters of an MD5 hash of your IP, retained for rate-limiting and abuse prevention. We cannot reverse it back to your real IP.
  • Submission timestamp — when you submitted the form, so we can deduplicate.
  • Download log — when you use a gated download link we record date, filename, an email hash (HMAC) and hashed IP to prevent abuse — not for profiling or resale.
  • Readiness scorecard answers — if you complete the AI Readiness Scorecard, your answers and the score derived from them are saved anonymously: a hashed IP and a timestamp, nothing else. They are not linked to your email or identity. We use them only in aggregate, to calibrate the peer benchmark. Lawful basis: legitimate interest.
  • Server logs — standard web logs (IP, user-agent, request path, response code) retained for 14 days for operational debugging.

3. What we do NOT collect

  • No third-party analytics (no Google Analytics, no Meta Pixel, no Hotjar).
  • No advertising trackers, no fingerprinting.
  • No cookies beyond a CSRF token (security, session-scoped) and the standard Flask session cookie.
  • No payment information — payments are processed by Stripe; we never see your card.
  • We do not collect, train models on, or sell, rent or trade any of the data you submit.

4. How we use your email

  • To send you the file or content you requested (the suite ZIP, a deliverable, a podcast episode link).
  • To send the recurring digest (Friday CPO note) only if you submitted via the digest/footer form.
  • Occasionally to follow up if you replied to a previous email — never cold marketing to people who didn't ask.

5. Where your data lives

All data is stored on infrastructure we operate inside the EU (Hetzner, Helsinki). The website itself is served from the same region. Email delivery is handled by an SMTP provider — we'll name them on request.

6. Sub-processors

  • Hetzner Online GmbH — hosting (EU).
  • SMTP relay provider — for transactional and digest email delivery (named on request).
  • Stripe — only when you explicitly initiate a paid transaction. Card data goes directly to Stripe; we never see it.

7. Your rights (GDPR)

  • Access — ask for a copy of everything we hold on you.
  • Erasure — ask us to delete it. We honour this within 30 days, usually within 24 hours.
  • Rectification — ask us to correct anything wrong.
  • Objection / withdrawal of consent — every email has a one-click unsubscribe; once you click it, we stop.
  • Complaint — you can complain to your national data-protection authority. In the Netherlands that's Autoriteit Persoonsgegevens.

For any of the above, email [email protected].

8. Retention

Email + source data is kept for as long as you remain subscribed. If you unsubscribe, we keep a hashed record of your email for suppression-list purposes (so we don't accidentally re-add you) and delete everything else within 30 days. Anonymous scorecard answers are kept indefinitely — there is nothing identifying in them to delete.

9. Changes to this policy

If we materially change how we collect or use your personal data, we will email everyone on the list before the change takes effect. Clarifications — and additions that only involve anonymous or aggregate data not linked to you — are made in place; the "last updated" date at the top will reflect the latest revision.

10. Questions

[email protected] — direct to a human, usually replied within a working day.