Privacy Policy

One Supply Planet Limited is the data controller for personal data collected through this service. We are based in the United Kingdom.

Contact: hello@procurementgarage.ai

When you create an account: your email address, full name (optional), company name (optional), job title (optional).

When you use the service: your user tier, feature usage logs (number of AI queries used), and session data.

Automatically: IP address, browser type, pages visited, and time spent on pages for analytics purposes.

We do not collect payment card details — these are handled directly by Stripe and never pass through our systems.

To provide and operate the service. To send you transactional emails (account confirmation, password reset). To enforce fair usage limits on AI features. To improve the service through aggregated usage analytics. To send you service updates if you have opted in. We do not sell your personal data to third parties. We do not use your data for advertising purposes.

Contract performance — processing necessary to provide the service you have signed up for. Legitimate interests — usage analytics to improve the service, security monitoring. Legal obligation — compliance with applicable laws.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes. Usage logs are retained for 12 months.

Your data is stored on Supabase infrastructure hosted in the European Union (Ireland). All data is encrypted in transit using TLS and encrypted at rest. We use row-level security on all database tables so that users can only access their own data. We conduct regular security reviews.

We use the following third-party services: Supabase (database and authentication — EU hosted), Anthropic (AI features — data sent to Anthropic's API to generate vendor briefings and recommendations), Stripe (payment processing — your card details go directly to Stripe). Each of these providers has their own privacy policy and data processing terms.

Under UK GDPR you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; object to processing; request restriction of processing; data portability. To exercise any of these rights, contact us at hello@procurementgarage.ai. We will respond within 30 days.

We use essential cookies only — those required for authentication and session management. We do not use advertising or tracking cookies. We do not use Google Analytics or similar third-party tracking tools.

We may update this policy from time to time. We will notify you by email of material changes. The current version is always available at procurementgarage.ai/privacy.

If you have concerns about how we handle your data, you may contact the Information Commissioner's Office (ICO) at ico.org.uk — the UK supervisory authority for data protection.