Privacy & GDPR Compliance Overview
How ProcureValue protects your data and respects privacy rights.
Last updated 26 days ago
Privacy-First Design
ProcureValue is built from the ground up with privacy by design principles:
β Anonymous survey responses (cannot be traced to individuals)
β Privacy thresholds (10 invitations minimum, 5 responses for analytics)
β Multi-tenant data isolation (your data is yours alone)
β Field-level encryption for sensitive data
β Comprehensive audit logging
β Data subject rights support (GDPR compliance)
What Data We Collect
Survey Invitation Data
When you create a campaign, we collect:
Email addresses of invitees
First names (for personalization)
(Optional) Last names
(Optional) Organization/department names
How we use it:
Send survey invitation emails
Track invitation delivery status (sent, bounced)
Calculate response rates (aggregate only)
Important: We never link survey responses back to specific email addresses.
Survey Response Data
When someone completes a survey, we collect:
Numerical ratings (0-10 scales)
Multiple-choice answers
Open-ended text comments
Survey completion timestamp (anonymized)
How we use it:
Calculate PVX scores
Generate AI-powered insights
Display aggregate analytics
Identify improvement themes
Important: Responses are completely anonymized. No one (including admins) can see who said what.
Account and Usage Data
For user accounts, we collect:
Name and email address
Organization (tenant) affiliation
Role and permissions
Login activity (for security)
How we use it:
Provide access to the platform
Manage permissions and roles
Send system notifications
Detect suspicious activity
Technical and Diagnostic Data
Automatically collected:
Browser type and version
IP address (for security)
Page load times and errors
Feature usage analytics
How we use it:
Troubleshoot technical issues
Improve platform performance
Detect and prevent abuse
Plan feature development
How We Protect Your Data
Multi-Tenant Architecture
What this means:
Each organization (tenant) has isolated data
Strict row-level security in the database
No cross-tenant data access
Tenant context enforced on every request
Example:
If Company A and Company B both use ProcureValue:
Company A cannot see Company B's campaigns, responses, or analytics
Even with direct database access, data is segregated
Accidental data leaks are architecturally prevented
Encryption
Data at rest:
Field-level encryption using AES-256-GCM
Sensitive fields (open-ended comments, certain metadata) are encrypted
Encryption keys managed securely, rotated periodically
Data in transit:
All connections use TLS 1.2+ (HTTPS)
API communications encrypted end-to-end
Email invitations sent securely
Anonymization
Survey responses are anonymized through:
No direct linkage β Responses never stored with email addresses
Randomized ordering β Responses shuffled to prevent timing-based identification
Aggregate-only display β No individual response viewing, ever
Privacy thresholds β Minimum 5 responses before analytics display
Comment scrubbing β AI checks for personally identifiable information in open-ended comments (future feature)
Why this matters: Even if someone gained unauthorized access to the database, they couldn't link responses to individuals.
Access Controls
Role-based permissions:
Viewer: Read-only access to campaign results
Campaign Manager: Create and manage campaigns
Admin: Full access to tenant settings and data
Super Admin: ProcureValue staff (support only, no routine data access)
Authentication:
Strong password requirements (if using password login)
Multi-factor authentication (MFA) support
Single Sign-On (SSO) via Azure AD, Google, etc.
Session management (auto-logout after inactivity)
Audit logging:
Every data access is logged
Login attempts tracked (successful and failed)
Campaign actions recorded (creation, sending, exports)
Logs retained for security and compliance purposes
GDPR Compliance
ProcureValue supports all GDPR data subject rights:
Right to Access (Article 15)
What it means: Individuals can request a copy of their personal data.
How ProcureValue supports this:
Survey invitees can request: email address, name, invitation status
Response anonymization means: "We have a response from this email, but cannot show which specific responses are yours"
Admins can generate data export for specific email addresses
Process:
Data subject contacts their organization's admin
Admin uses ProcureValue's data export tool
Export includes: invitation records, account info (if applicable)
Delivered within 30 days (per GDPR)
Right to Rectification (Article 16)
What it means: Individuals can request correction of inaccurate data.
How ProcureValue supports this:
Account information (name, email) can be updated by admins
Invitation records can be corrected (if campaign hasn't launched)
Survey responses: Anonymous, so cannot be corrected (no way to identify which response to update)
Process:
Data subject reports incorrect information
Admin corrects account or invitation data
Corrections take effect immediately
Right to Erasure / "Right to be Forgotten" (Article 17)
What it means: Individuals can request deletion of their personal data.
How ProcureValue supports this:
Invitation records can be deleted (email, name removed)
Account information can be deleted
Survey responses: Anonymous, so cannot be specifically deleted (but invitation-linkage is broken)
Limitations:
If a campaign is active, invitation deletion may impact privacy thresholds
Aggregate analytics (PVX scores) cannot "uncompute" a deleted response
Audit logs retained for legal/security purposes (per GDPR exceptions)
Process:
Data subject requests erasure
Admin uses ProcureValue's data deletion tool
Personal identifiers removed within 30 days
Confirmation sent to data subject
Right to Data Portability (Article 20)
What it means: Individuals can request their data in a machine-readable format.
How ProcureValue supports this:
Data export available in JSON or CSV format
Includes: invitation records, account information
Does not include: Anonymous survey responses (cannot be attributed)
Process:
Data subject requests portability
Admin generates export via ProcureValue
Data delivered in structured format (JSON/CSV)
Right to Object (Article 21)
What it means: Individuals can object to processing of their data.
How ProcureValue supports this:
Individuals can request to not be invited to future surveys
"Opt-out" list maintained per tenant
Admins warned if attempting to invite an opted-out email
Process:
Data subject requests to opt out
Admin adds email to opt-out list
Future campaign invitations blocked for that email
Confirmation sent to data subject
Right to Restrict Processing (Article 18)
What it means: Individuals can request temporary restriction of data processing.
How ProcureValue supports this:
Account can be suspended (access frozen, but data retained)
Future invitations blocked during restriction period
Existing responses remain in aggregate analytics (cannot be isolated due to anonymization)
Process:
Data subject requests restriction
Admin marks account as restricted
No new processing occurs (invitations, logins blocked)
Restriction lifted upon request
Data Retention
How Long We Keep Data
Configurable: Tenants can request shorter or longer retention periods based on their compliance needs.
Automated Deletion
ProcureValue automatically deletes:
Expired survey links (30 days after campaign close)
Invitation records past retention period
Technical logs older than 90 days
Inactive accounts (after 1 year of non-use + notification)
Manual deletion: Admins can request early deletion via support.
Third-Party Data Processors
ProcureValue uses the following third-party services (sub-processors):
Infrastructure Providers
Cloudflare (Frontend hosting)
Google Cloud Platrom (Backend hosting)
Neon (Database)
Service Providers
Google Gemini (AI analysis) β Used for insight generation, does not store user data
Resend (Email delivery)
Data Processing Agreements (DPAs): ProcureValue has DPAs with all sub-processors to ensure GDPR compliance.
Data transfer: If data is transferred outside the EU, Standard Contractual Clauses (SCCs) are in place.
Your Rights as a ProcureValue User
If You're a Survey Respondent
Your rights:
Know what data is collected about you (email, name, invitation status)
Access your personal data (invitation record)
Request deletion of your email address
Opt out of future surveys
Understand that survey responses are anonymous and cannot be attributed to you
How to exercise rights: Contact the organization that invited you to the survey. They are the data controller, and ProcureValue assists them in fulfilling your requests.
If You're a ProcureValue Administrator
Your responsibilities:
Honor data subject requests from invitees
Use ProcureValue's tools to export, correct, or delete data
Ensure compliance with your organization's privacy policies
Only invite individuals with a lawful basis (legitimate interest, consent)
Support: ProcureValue provides tools and documentation to help you comply with GDPR.
Privacy Thresholds (Recap)
Why we have them:
Protect anonymity β Small groups make individuals identifiable
Comply with GDPR β "Privacy by design" principle
Build trust β Participants feel safe providing honest feedback
Thresholds:
10 minimum invitations per campaign (prevent identification of non-responders)
5 minimum responses for analytics (prevent statistical de-anonymization)
Incident Response
If There's a Data Breach
ProcureValue has a comprehensive incident response plan:
Detection β Automated monitoring alerts on suspicious activity
Containment β Immediate isolation of affected systems
Investigation β Root cause analysis, scope determination
Notification β Affected tenants notified within 72 hours (GDPR requirement)
Remediation β Fixes deployed, security hardened
Reporting β Regulatory authorities notified if required
Your obligations: If you're a data controller (campaign owner), you may need to notify your own data protection authority and affected individuals.
Reporting Security Concerns
If you suspect a security issue:
Email: security@procurevalue.com
Include: Description of issue, steps to reproduce, impact assessment
Do not publicly disclose until ProcureValue has investigated
Response: Within 24 hours for critical issues, 5 business days otherwise
Certifications and Audits
Current Status
ProcureValue is:
β GDPR-compliant (privacy by design)
β Following SOC 2 best practices
β Implementing ISO 27001 security controls
Planned:
π SOC 2 Type I audit (targeted FY2026)
π ISO 27001 certification (targeted FY2027)
Available now:
Security documentation package (upon request)
Data Processing Agreement (DPA) for customers
Subprocessor list
Frequently Asked Questions
"Is ProcureValue GDPR-compliant?"
Yes. ProcureValue is designed from the ground up to comply with GDPR requirements, including:
Privacy by design principles
Data subject rights support
Encryption and anonymization
Data processing agreements with subprocessors
Incident response procedures
"Can ProcureValue access my data?"
Limited access for support purposes only.
ProcureValue staff can:
Access tenant metadata (account names, campaign counts) for billing and support
View technical logs for troubleshooting
Access data with explicit customer permission (debugging, migration)
ProcureValue staff cannot:
Routinely access survey responses or analytics
View responses for curiosity or business intelligence
Share tenant data with other tenants or third parties
All access is logged and monitored.
"What happens if ProcureValue is acquired or shuts down?"
Data ownership:
You own your data, always
Upon request, full data export provided
If ProcureValue ceases operations, 90-day notice given
Data export or migration support provided
Transition plan:
Open-source roadmap may allow self-hosting
Data exports compatible with common formats (JSON, CSV)
No vendor lock-in on data formats
"Can I use ProcureValue with sensitive personal data?"
Not recommended for highly sensitive categories.
GDPR defines "special categories" of data (Article 9):
Racial or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Health data
Sexual orientation
ProcureValue stance:
Don't use ProcureValue for surveys primarily focused on these categories
If such data is incidentally collected (e.g., open-ended comments), it's encrypted at rest
Consider additional safeguards (legal review, explicit consent)
For CSRD diversity surveys: Use aggregate demographic questions, not individually identifiable data.
"How do I request a Data Processing Agreement (DPA)?"
Process:
Email: dpo@procurevalue.tech (Data Protection Officer)
Provide: Organisation name, contact person
ProcureValue sends standard DPA for review
Negotiate terms if needed (usually not required)
Both parties sign
DPA on file, copy provided to customer
Standard DPA includes:
Data processing terms
Security measures
Subprocessor list
Data subject rights support
Breach notification procedures
Contact and Support
Privacy Questions
Email: privacy@procurevalue.tech
Response time: 5 business days
Data Subject Requests
Email: dpo@procurevalue.tech (Data Protection Officer)
Response time: 30 days (GDPR requirement)
Security Issues
Email: security@procurevalue.tech
Response time: 24 hours (critical issues)
General Support
Email: support@procurevalue.tech
Response time: 2 business days