PrivacyPolicy.

Procura Technologies Limited is a technology company incorporated in Malawi, focused on building governance infrastructure software for organizations across emerging markets. Our registered address and primary place of business is in Blantyre, Malawi.

For all privacy-related enquiries, you may contact us at:

This Policy applies to:

• – All platforms and software products developed and operated by Procura Technologies Limited
• – The Procura procurement governance platform
• – Our corporate website and any associated web properties
• – Any future products launched under the Procura Technologies brand

This Policy does not apply to third-party websites, services, or applications that may be linked from our platforms. We encourage users to review the privacy policies of any third-party services they access.

3.1 Information You Provide Directly

When you or your organization registers for and uses our platforms, we may collect:

• – Full name, job title, and professional contact information (email address, phone number)
• – Organizational details, including company name, registration number, and address
• – Account credentials (usernames and encrypted passwords)
• – Procurement data, including purchase requests, vendor information, approval records, and budget entries
• – Communications submitted through contact forms, support requests, or correspondence with our team

3.2 Information Collected Automatically

When you interact with our platforms, we automatically collect certain technical data, including:

• – IP address and device identifiers
• – Browser type, version, and operating system
• – Pages visited, features accessed, and time spent on the platform
• – Log data and system activity records
• – Session and authentication tokens

3.3 Information from Your Organization

Where our platforms are deployed at an organizational level, your employer or contracting organization may provide us with information about you in connection with your role and access rights. In such cases, your organization acts as the data controller, and you should refer to their internal privacy practices in addition to this Policy.

We use personal data only for lawful, specified purposes. These include:

• – Providing, operating, and maintaining our platforms and services
• – Creating and managing user accounts and access credentials
• – Facilitating procurement workflows, approval chains, and governance processes
• – Enforcing role-based access controls and system permissions
• – Generating audit logs and compliance records as required by organizational governance
• – Communicating with users regarding platform updates, support, and service notifications
• – Diagnosing technical issues and improving platform performance and security
• – Complying with applicable legal and regulatory obligations
• – Conducting product research and development to improve our offerings

We do not use personal data for advertising purposes. We do not sell, rent, or trade personal data to third parties for their own marketing use.

We process personal data on the following legal grounds:

• – Contractual necessity — processing required to deliver the services you or your organization has engaged us to provide
• – Legitimate interests — processing necessary to improve our platforms, maintain security, and manage our business operations, where these interests are not overridden by your rights
• – Legal obligation — processing required to comply with applicable laws, regulations, or enforceable government requests
• – Consent — where you have provided express consent to specific processing activities (you may withdraw consent at any time without affecting the lawfulness of prior processing)

6.1 Where Data Is Stored

Data collected through our platforms is stored on secure servers. Procura Technologies Limited takes reasonable steps to ensure that data is stored in environments with appropriate physical, technical, and administrative safeguards in place.

6.2 Security Measures

We implement industry-standard security controls including:

• – Encrypted data transmission using TLS/SSL protocols
• – Encrypted storage for sensitive data fields
• – Role-based access controls limiting data access to authorized personnel only
• – Audit logging of all data access and system interactions
• – Regular security assessments and vulnerability reviews

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining practices that mitigate risk to the fullest extent reasonably practicable.

6.3 Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Organizational procurement records and audit trails may be retained for extended periods where required by regulatory or contractual obligations. Upon termination of a service agreement, we will securely delete or anonymize personal data in accordance with our data retention schedule, unless legal retention obligations apply.

We do not sell personal data. We may share information with:

7.1 Service Providers

We engage trusted third-party service providers who assist in operating our platforms (e.g., cloud hosting, security, analytics). These providers are contractually bound to process data only on our instructions and in accordance with applicable data protection requirements.

7.2 Your Organization

Where our platforms are deployed within an organization, authorized administrators within that organization may have access to user data and activity logs as part of their governance and oversight responsibilities. This access is by design — governance and auditability are core functions of our platform.

7.3 Legal Requirements

We may disclose personal data where required by law, court order, or government authority, or where necessary to protect the rights, property, or safety of Procura Technologies, our users, or the public.

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice and, where required, seek consent prior to any such transfer.

Our web platforms may use cookies and similar tracking technologies to:

• – Maintain session state and user authentication
• – Remember user preferences and settings
• – Analyse platform usage and performance

You may configure your browser to refuse or delete cookies. Note that disabling cookies may affect the functionality of certain platform features. We do not use tracking technologies for third-party advertising purposes.

Subject to applicable law, you have the following rights in relation to your personal data:

• – Right of access — to request a copy of the personal data we hold about you
• – Right to rectification — to request correction of inaccurate or incomplete data
• – Right to erasure — to request deletion of your data where it is no longer necessary for the purpose for which it was collected
• – Right to restriction — to request that we limit how we process your data in certain circumstances
• – Right to data portability — to receive your data in a structured, machine-readable format
• – Right to object — to object to processing based on legitimate interests
• – Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time

To exercise any of these rights, please contact us at info@procuramw.com. We will respond to all requests within a reasonable timeframe and in accordance with applicable legal requirements.

Our platforms are designed for use by businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe that a minor's data has been submitted to us without appropriate authorization, please contact us immediately and we will take steps to remove such data.

Our platforms and website may contain links to third-party websites or services. This Policy does not apply to those external sites. We are not responsible for the privacy practices of third parties and encourage users to review their respective policies before engaging with them.

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or platform capabilities. When we make material changes, we will:

• – Update the effective date at the top of this document
• – Notify users through in-platform notifications or email where appropriate
• – Where required by law, seek renewed consent

Continued use of our platforms following notice of changes constitutes acceptance of the revised Policy.

For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact:

We are committed to resolving all privacy concerns promptly and transparently.