Last updated: 8th July, 2026
ProcureDataLab ("we," "us," "our") is a small, early-stage business based in Kolkata, West Bengal, India, currently operated by its two founders pending formal company registration. This policy explains what personal data we collect and how we handle it. We'll update it as our practices and our legal structure develop.
We don't intentionally collect sensitive categories of data (health, biometric, government ID numbers, etc.), and we ask you not to include such details in anything you send us.
To respond to inquiries, schedule calls, deliver our services, invoice clients, and operate our business. For procurement data specifically, we collect and structure it to deliver as a data service to our clients.
We do not sell personal data for advertising purposes, and we don't share your contact details with third parties for their own marketing.
We're based in India, so data may be processed there, as well as by tools like Calendly that operate internationally.
Depending on where you're located, you may have rights to access, correct, or delete your personal data, or to object to how we use it, including if your information appears in procurement records we've collected. Contact us and we'll do our best to address it promptly, consistent with applicable law.
We keep contact and inquiry data as long as reasonably needed to respond and follow up, and client records as long as required for business and tax purposes. We're still formalizing exact retention schedules for procurement pipeline data.
We take reasonable steps to protect the data we hold, though no system is completely secure.
We'll update this policy as our practices, team, and legal structure evolve, and will update the date above when we do.
We don't have a dedicated legal or compliance team yet. Here's where we currently stand on GDPR in plain terms, rather than formal compliance claims we can't yet back up.
Some of the data we work with — publicly available government procurement records — can include personal data of individuals (like government contracting officials or bidder representatives), not just business information. We're working through what full GDPR alignment looks like for a business like ours, including documenting our legal basis for collecting this data and how we notify individuals about it.
What we currently do:
As a two-person early-stage company, we haven't yet completed a full formal GDPR compliance program — a documented legal basis assessment for every data source, a signed data processing agreement with every tool we use, and a written incident response plan are in progress rather than finished. We'd rather tell you that clearly than claim otherwise.
If you're in the EU or UK and want to know what data we might hold about you, ask us to correct or delete it, or object to how it's used, email us and we'll respond as quickly as we reasonably can. If GDPR compliance is a requirement for your organization to work with us — for example, as part of vendor due diligence — please contact us directly; we're glad to work through what documentation or commitments you need.
We're an early-stage company and honestly haven't yet confirmed whether California's privacy law (CCPA/CPRA) formally applies to a business our size — that depends on specific thresholds we're still working through with a lawyer. In the meantime, we're choosing to extend the core privacy practices in this policy to California residents as a matter of good practice, whether or not they're legally required for us yet.
We don't sell contact details of website visitors for advertising or marketing purposes. For the procurement datasets we deliver to paying clients, we're still working through, with legal advice, exactly how that's characterized under California's broad definition of "sale" — we'd rather confirm that properly than make a claim either way before we're sure.
If you're a California resident, you can ask us what personal information we hold about you, ask us to delete it, or ask us to correct it. Email us and we'll respond as promptly as we reasonably can, and we won't treat you differently for asking. If California privacy compliance is something your organization needs confirmed as part of working with us, please reach out directly.
hello@procuredatalab.com
Kolkata, West Bengal, India
ProcureDataLab is an early-stage business and does not currently have a dedicated legal team. This policy reflects our current practices in good faith. If you have specific compliance requirements (e.g., as part of vendor due diligence), please contact us directly and we're happy to discuss.