Last updated: 23 May 2026
We take your privacy seriously. PsychFlo SpendOS is built for procurement professionals who handle sensitive commercial data — we treat that data with the same care you would.
Our privacy commitments
PsychFlo Limited ("PsychFlo SpendOS", "we", "us") operates the AI Procurement Negotiation & Spend Intelligence OS. We are committed to protecting the personal and commercial data you entrust to us. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
We collect data in three categories: (a) Account data — your name, email address, company name, and billing information provided during registration; (b) Usage data — pages visited, features used, session duration, and browser/device identifiers collected automatically; (c) Procurement data — vendor contracts, invoices, spend records, usage reports, and any other documents you upload or connect to PsychFlo SpendOS through our integrations.
We use your data exclusively to: provide and improve the PsychFlo SpendOS service; generate AI-powered spend analysis, contract reviews, and negotiation recommendations; send transactional emails (invoice receipts, renewal alerts, verification codes); communicate product updates and security notices; and comply with legal obligations. We do not use your procurement data to train AI models. We do not sell your data to third parties.
PsychFlo SpendOS uses Anthropic's Claude AI model to power analysis features. When you submit contract text or spend data for AI analysis, that data is transmitted to Anthropic's API for processing. Anthropic's data processing is governed by their usage policies. We have a Data Processing Agreement with Anthropic that prohibits training on your data. All AI queries are processed in real time and not retained by Anthropic beyond the request.
Customer data is stored in encrypted form at rest (AES-256) and in transit (TLS 1.3). We use Supabase (PostgreSQL) as our primary database provider, hosted on AWS infrastructure in the EU (eu-west-2). We maintain SOC 2 Type II controls including access logging, least-privilege access, and regular third-party security audits. Employee access to customer data requires multi-factor authentication and is logged.
We retain your account and procurement data for the duration of your subscription plus 30 days after cancellation, during which you may export your data. After 30 days, all personal and procurement data is permanently and irreversibly deleted from our systems and backups within 90 days. Anonymised, aggregated usage statistics (with no personal identifiers) may be retained indefinitely for product improvement.
If you are based in the European Economic Area or United Kingdom, you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data (the right to erasure); restrict or object to processing; receive your data in a portable format; withdraw consent where processing is based on consent; and lodge a complaint with your local data protection authority (in the UK, the ICO). To exercise any of these rights, email privacy@psychflo.com.
PsychFlo SpendOS uses essential cookies required for authentication (session cookies) and a single analytics cookie (no third-party advertising cookies) to understand aggregate usage patterns. We do not use cross-site tracking, fingerprinting, or advertising pixels. You may disable non-essential cookies in your browser settings without affecting core functionality.
When you connect third-party services (QuickBooks, Ramp, Brex, Xero, AWS), we request only the minimum permissions necessary to read relevant spend data. We store OAuth tokens securely and use them only to fetch the data you request. You may revoke these integrations at any time from Settings > Integrations. We are not responsible for the privacy practices of third-party services.
We store data in the European Union (AWS eu-west-2). Where data is transferred outside the EEA (for example, to Anthropic's API), we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate data protection. A copy of our SCCs is available on request.
PsychFlo SpendOS is a B2B service intended for use by business professionals aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, contact us at privacy@psychflo.com and we will delete it immediately.
We may update this Privacy Policy periodically. Material changes will be communicated by email and in-app notification at least 30 days before taking effect. The date at the top of this page shows when the policy was last revised. Continued use of PsychFlo SpendOS after the effective date constitutes acceptance of the updated policy.
Privacy questions or data requests?
Email our Data Protection Officer at privacy@psychflo.com. We respond to all requests within 72 hours. Write to PsychFlo Limited, United Kingdom.