This Privacy Policy explains how ProcureTrack collects, uses, stores, shares, and protects your personal data. It is published in accordance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
ProcureTrack ("ProcureTrack", "we", "us", "our") is a construction procurement management platform currently operated by Avon Kumar Sahni, sole proprietor, with operations to be transferred to a Private Limited company upon its incorporation. The transferee entity will assume all obligations under this Policy without diminishing any user right.
Registered correspondence address: Ardee City, Gurugram, Haryana, India.
Email: admin@procuretrack.in
This Policy applies to all users of the ProcureTrack web application, its sub-domains, and any related services (collectively, the "Service"). By accessing or using the Service, you confirm that you have read this Policy and consent to the practices described.
The Service is intended for business use by construction firms, contractors, consultants, suppliers, and their authorised personnel. It is not directed at children under the age of 18, and we do not knowingly collect data from minors.
"Personal data" means any data about an individual who is identifiable by or in relation to such data, as defined under Section 2(t) of the Digital Personal Data Protection Act, 2023. "Sensitive personal data or information" carries the meaning given under Rule 3 of the SPDI Rules, 2011.
| Category | Examples |
|---|---|
| Identity & Contact | Name, designation, employer, business email, mobile number, postal address |
| Account Credentials | Username, encrypted password, authentication tokens |
| Business Data | Project information, bills of quantity (BOQ), vendor master records, purchase orders, rate contracts, invoices, payment status, GSTIN, PAN of business entities |
| Billing Data | Subscription plan, invoice address, GSTIN (for tax invoicing); payment instrument details are handled directly by our payment partners and are not stored by us |
| Communications | Support tickets, queries, feedback, and any correspondence with us |
When you use the Service we automatically collect: IP address, device and browser identifiers, operating system, access timestamps, pages viewed, click events, error logs, and similar technical information. We use cookies and similar technologies for session management, security, and basic usage analytics.
We may receive data from authentication providers (where you sign in via a third-party account) and from your employer organisation if it has enrolled you on the Service.
We process personal data for the following purposes, and rely on the lawful grounds indicated below as required by Sections 4 to 7 of the DPDP Act, 2023:
| Purpose | Lawful Ground |
|---|---|
| To create and operate your account | Consent & contractual necessity |
| To provide procurement, vendor, and project management features | Consent & contractual necessity |
| To process subscription payments and issue tax invoices | Legal obligation (GST law) & contractual necessity |
| To provide customer support | Consent & legitimate use |
| To send service notifications, security alerts, and policy updates | Contractual necessity |
| To improve product performance, diagnose errors, and maintain security | Legitimate use under Section 7 of the DPDP Act |
| To comply with law, court orders, and government directions | Legal obligation |
| To send marketing or product update communications | Consent (with opt-out) |
We engage the following categories of service providers to operate the Service. Each is contractually required to process personal data only on our documented instructions and to apply appropriate security safeguards:
| Provider | Purpose | Data Accessed | Location |
|---|---|---|---|
| Razorpay Software Private Limited | Payment processing | Billing name, contact, payment instrument details | India |
| PayU Payments Private Limited | Payment processing (alternate gateway) | Billing name, contact, payment instrument details | India |
| Google LLC / Google India Private Limited | Authentication, email delivery, usage analytics | Account email, IP address, usage events | Servers located within and outside India |
| Supabase Inc. | Application and database hosting | All Service data | AWS ap-south-1 (Mumbai, India) |
| Vercel Inc. | Application delivery and edge network | Request data, IP address | Global CDN; primary region configurable |
| Anthropic PBC ("Claude" API) — planned, not yet active | AI-assisted features such as document parsing, classification, and drafting suggestions | Only the specific document or text snippet you submit to the AI feature; will be invoked only after you opt in | Outside India |
Some of our service providers (notably Google, Vercel, and in future Anthropic) operate infrastructure located outside India. By accepting this Policy, you acknowledge that your personal data may be transferred to, stored in, or processed in countries other than India. Such transfers are made in accordance with Section 16 of the DPDP Act, 2023, and we do not transfer personal data to any country that the Central Government may, by notification, restrict.
Our primary application database is hosted on Supabase infrastructure located in AWS ap-south-1 (Mumbai, India).
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law (whichever is longer):
After the applicable retention period, personal data is securely deleted or irreversibly anonymised.
Subject to verification of identity and the limits of applicable law, you have the following rights under the DPDP Act, 2023:
To exercise any of these rights, write to our Grievance Officer (Section 13 below). We will respond within the timelines prescribed under the DPDP Rules.
We follow reasonable security practices and procedures consistent with Rule 8 of the SPDI Rules, 2011, including:
No system can be guaranteed perfectly secure. You are responsible for keeping your account credentials confidential and for notifying us promptly of any suspected unauthorised access.
In the event of a personal data breach, we will notify the Data Protection Board of India and affected users in the manner and within the timelines prescribed under the DPDP Act, 2023 and CERT-In Directions dated 28 April 2022.
We use only essential and analytical cookies. Essential cookies are required for authentication and security and cannot be disabled. Analytical cookies (where used) help us understand aggregate usage and can be disabled through your browser settings; doing so may degrade certain features.
In compliance with Section 8(9) of the DPDP Act, 2023, and Rule 5(9) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the following officer has been designated to address grievances:
| Name | Avon Kumar Sahni |
| Designation | Grievance Officer, ProcureTrack |
| admin@procuretrack.in | |
| Postal Address | Ardee City, Gurugram, Haryana, India |
| Hours | Monday to Friday, 10:00 to 18:00 IST (excluding public holidays) |
We will acknowledge your grievance within 48 hours and aim to resolve it within 30 days of receipt.
The Service is not directed at, and we do not knowingly collect personal data from, individuals under 18 years of age. If we become aware that we have inadvertently collected such data, we will delete it without undue delay.
We may update this Policy from time to time. Material changes will be notified through the Service or by email at least 7 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
For any questions about this Policy or our data practices, write to:
Email: admin@procuretrack.in
Address: Ardee City, Gurugram, Haryana, India