Your data is safer here than your lunch in the office fridge.

Last updated: March 2026

The short version

We don't sell your data. We don't read your offers for fun. We don't share anything with anyone unless you explicitly tell us to (like when you publish an offer and send someone the link — that's kind of the point).

What we collect

When you visit the site

The basics — what pages you visit, what browser you use. Think of it as us noticing you walked into the store, not following you around with a clipboard. We use privacy-friendly analytics. No creepy cross-site tracking.

When you create an account

Your email, your company name, and whatever you choose to tell us (team info, client details, brand colors). This is all yours — we just store it so you don't have to start from scratch every time.

When you create an offer

Your notes, the generated content, uploaded files, and conversation history with the AI. This stays in your account. We don't train AI models on your data. Your Acme Corp pricing strategy isn't becoming someone else's training data.

When someone views your offer

If you enable tracking: we log when it's opened, from what device, how long they spend, and which sections they read. If you enable email gating, we collect the viewer's email. This data belongs to you and is visible only in your dashboard.

Where we store it

Your data lives in secure, encrypted databases hosted in the EU (via Supabase). Data is encrypted at rest and in transit. We use TLS everywhere — even our internal API calls wear seatbelts.

Who can see your data

  • You and your team members (within your organisation)
  • Your viewers see only the published offer (nothing behind the scenes)
  • Us only if you ask for support, and even then we access the minimum needed
  • Nobody else. No advertisers, no data brokers, no “partners”

AI and your data

When you use our AI features (offer generation, viewer Q&A, editing), your content is sent to our AI provider (Anthropic) to process the request. Important bits:

  • Your data is NOT used to train their models (we use API endpoints with data processing agreements that explicitly prohibit training)
  • Conversations are ephemeral — processed and forgotten
  • Think of it like calling a translator: they hear what you say, translate it, and move on. They don't record the call.

Cookies

We use exactly the cookies we need:

  • Session cookie (so you stay logged in)
  • Preference cookie (so we remember your settings)
  • Analytics cookie (so we know if our landing page is working)

No third-party tracking cookies. No ad cookies. Your browser doesn't need a cookie diet after visiting us.

Your rights

You can:

  • Export all your data at any time (we'll build this)
  • Delete your account and all associated data
  • Correct any information by editing it in your settings
  • Object to processing — though if you object to us storing your offers, it's going to be hard to show them to your clients

If you're in the EU: yes, we're GDPR compliant. If you're in California: CCPA too. If you're somewhere else: we apply the strictest standard everywhere because it's easier than maintaining a spreadsheet of regulations.

Data retention

  • Active accounts: data stored as long as your account is active
  • Deleted accounts: data removed within 30 days
  • Published offers: remain accessible to viewers until you unpublish or delete them
  • Analytics data: retained for 12 months, then aggregated (individual view records are deleted, summary stats remain)

Security measures

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Authentication via secure session tokens
  • Password hashing with bcrypt
  • Regular security audits (okay, we're a startup — “regular” means “more than zero, and increasing”)
  • No plaintext secrets. Ever. Not even in Slack. Especially not in Slack.

Changes to this policy

If we change this policy, we'll notify you by email and put a banner in the app. We won't quietly swap out paragraphs and hope you don't notice — that's the kind of thing that makes people write angry tweets, and we'd rather avoid that.

Contact

Questions? Concerns? Compliments? privacy@procureclaw.com