Legal & Policies
Legal & Policies

Privacy, terms, cookies and subprocessors for SME Procure.

Privacy Policy

Last updated: 17 June 2026

01Introduction

This Privacy Policy describes how SME PROCURE LTD (we, us, our) collects, uses and shares personal information when you use SME Procure, including our websites, applications and related product features such as Smart Scope, Smart Team and Smart Bid (the Service).

We are based in the United Kingdom. We use personal information only for the purposes described in this Privacy Policy, for compatible purposes permitted by law, or where we are required or permitted to do so by law.

02Who we are

SME PROCURE LTD is the controller of personal information processed through the Service unless a separate agreement says otherwise.

Controller: SME PROCURE LTD, 220 Aztec West, Almondsbury, Bristol, England BS32 4SY. Company number: 16982913 (England and Wales).

Privacy contact: privacy@sme-procure.com.

SME PROCURE LTD is part of a corporate group. Our immediate parent company is RC Fornax PLC (company number 12795371). We may share personal information with RC Fornax PLC and other group companies where necessary for administration, security, service delivery, support, governance or corporate operations.

03Information we collect

We collect the following categories of information:

Account and authentication information: name, email address, user identifiers, organisation membership, session information and other data provided by our identity provider when you create an account or sign in.
Professional and profile information: skills, experience, clearance status or eligibility, certifications, availability, role preferences, locations, rates, delivery evidence, social or professional links and other profile information.
Organisation and workspace information: employer, client or customer organisation details, invitations, permissions, team membership, workspace activity and administrator settings.
Content you upload or submit: CVs, resumes, requirement documents, project descriptions, bid or scope materials, supplier evidence, logos, profile images, forms and other files.
Interest and contact information: details you submit when requesting access, registering interest, booking a demo, contacting us or responding to communications.
Location and map search information: location searches, addresses, place selections, geocoding results and related metadata when you use location features.
Usage and technical information: IP address, browser type, device information, timestamps, logs, diagnostic data, security events and information needed to operate, secure and improve the Service.
Communications: emails, support requests, feedback and other messages you send to us.

The Service is designed for business and professional use. Please do not upload classified information, export-controlled technical data, sensitive personal data or third-party confidential information unless you and your organisation are authorised to do so and your use is permitted under the relevant agreement and applicable law.

04How we use information

We use personal information to:

provide, operate, maintain and improve the Service;
create and manage accounts, workspaces, permissions and access controls;
authenticate users and protect accounts;
support procurement workflows, including requirement scoping, supplier discovery, associate discovery, team formation, bid support, profile matching and fit rationale;
process and store uploaded files, including CVs, resumes, requirement documents and supplier evidence;
extract, structure, index, search and retrieve information from documents and profiles;
generate AI-assisted suggestions, summaries, role structures, workpackage structures, matches and rationale;
support location search, geocoding, mapping and availability workflows;
send transactional emails, invitations, notices and service communications;
respond to enquiries, support requests and feedback;
detect, prevent and investigate fraud, abuse, unauthorised access, security incidents and misuse;
comply with legal obligations and respond to lawful requests;
enforce our terms, policies and agreements;
analyse and improve product performance, reliability and user experience; and
send marketing communications where permitted by law or where you have opted in.

05AI-assisted features

Some Service features use AI and automated processing to help structure requirements, parse documents, build profiles, generate search queries, rank candidate results and explain potential fit.

AI-assisted outputs are decision-support materials. They may be incomplete, inaccurate or require context-specific review. Users remain responsible for checking outputs before relying on them, making procurement or staffing decisions, and complying with applicable procurement, employment, security, confidentiality, classification, export control and organisational requirements.

We do not use the Service to make solely automated decisions that produce legal or similarly significant effects about individuals without human involvement, unless we tell you separately and the law permits it.

06Legal bases

Where UK GDPR, EU GDPR or similar laws apply, we rely on one or more of the following legal bases:

Performance of a contract: to provide the Service you or your organisation request, including account access, profile management, workspace features, document processing and procurement workflows.
Legitimate interests: to operate, secure, improve and administer the Service; prevent misuse; support B2B customer and supplier relationships; provide relevant product communications; and share information within our corporate group, where those interests are not overridden by your rights and freedoms.
Consent: where we ask for consent, such as for optional marketing communications or any non-essential cookies or similar technologies if introduced.
Legal obligation: where processing is required by applicable law, regulation, court order or lawful request.

If we process special category personal data or criminal offence data because you upload it or include it in content, we do so only as necessary to provide the Service, where permitted by law and subject to any applicable additional safeguards or conditions.

07Sharing of information

We may share personal information with:

Service providers and subprocessors who process information on our instructions to host, secure, operate, support and improve the Service. A current list of key subprocessors is published on our Subprocessors page.
Group companies, including RC Fornax PLC, where necessary for administration, security, support, service delivery, governance or corporate operations.
Customer organisations, workspace members and authorised users where required by Service functionality. For example, associate or supplier profile information may be made visible for discovery, evaluation, matching, team formation, project staffing or bid-related workflows when you or your organisation has chosen to participate.
Other users or organisations at your direction, or where the Service is designed to share information as part of a workflow.
Professional advisers, auditors, insurers and legal representatives where reasonably necessary.
Authorities, regulators, courts or law enforcement where required by law or where necessary to protect rights, safety, security or the integrity of the Service.
Parties involved in a corporate transaction, such as a merger, acquisition, restructuring, financing or sale of business assets, subject to appropriate confidentiality protections.

We do not sell personal information or use it for targeted advertising.

08International transfers

Personal information may be processed in countries outside the United Kingdom, including where our service providers, subprocessors or group companies operate. Where required, we use appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, Standard Contractual Clauses or equivalent mechanisms under applicable law.

09Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law, contract, dispute resolution, security, audit or legitimate business needs.

Retention periods depend on the type of data, account or workspace status, contractual requirements, user or organisation instructions, backup cycles and legal obligations. Uploaded files such as CVs, resumes, requirement documents and supplier evidence are retained according to the same principles and any organisation-specific rules enabled in the Service.

We may retain limited records after account closure where needed for security, audit, legal compliance, dispute resolution or enforcement of agreements.

10Security

We use technical and organisational measures designed to protect personal information, including access controls, authentication, logging and operational security practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11Your choices and rights

Depending on your location, you may have rights to:

access your personal information;
rectify inaccurate or incomplete information;
erase personal information;
restrict certain processing;
object to certain processing, including direct marketing;
receive a copy of certain information in a portable format;
withdraw consent where processing is based on consent; and
complain to a supervisory authority.

In the UK, the supervisory authority is the Information Commissioners Office: ico.org.uk.

To exercise your rights, contact us at privacy@sme-procure.com. We may need to verify your identity before responding. Some rights are subject to legal limits and may not apply in every case.

12Children

The Service is not directed at individuals under 16. We do not knowingly collect personal information from children under 16.

13Changes

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the Last updated date.

14Contact

Questions about this Privacy Policy or our privacy practices can be sent to privacy@sme-procure.com.

Terms of Service

Last updated: 17 June 2026

01Agreement

These Terms of Service (Terms) govern your access to and use of SME Procure (the Service) provided by SME PROCURE LTD, company number 16982913, 220 Aztec West, Almondsbury, Bristol, England BS32 4SY (we, us, our).

By accessing or using the Service, you agree to these Terms. If you use the Service on behalf of an organisation, you represent that you have authority to bind that organisation, and you includes that organisation where applicable.

If you or your organisation has a separate written agreement with us, that agreement may supplement or override these Terms for the relevant Service.

02The Service

SME Procure provides procurement-related tools and features for requirement scoping, supplier discovery, associate discovery, team formation, profile matching, bid support, document processing and related collaboration.

Features may be added, changed, limited, suspended or discontinued from time to time. Some features may be made available only to certain users, plans, workspaces or customer organisations.

03Accounts and eligibility

You must provide accurate registration information and keep it up to date. You are responsible for keeping your login credentials secure and for activity under your account.

You must comply with applicable laws, these Terms, our policies and any requirements imposed by your employer, client, customer organisation or workspace administrator.

We may refuse, suspend or terminate access where we reasonably believe an account is unauthorised, inaccurate, insecure, unlawful, harmful or in breach of these Terms.

04Organisations and workspaces

If you join or use a workspace linked to an organisation, that organisation and its authorised administrators may control or access certain account, profile, content and usage information associated with that workspace. Administrators may invite users, manage permissions, configure workflows and remove access.

If you leave an organisation or workspace, content you created or submitted in that workspace may remain available to the organisation where needed for Service functionality, legal compliance, audit, delivery or continuity.

05User content

You retain ownership of content you submit to the Service, including CVs, resumes, documents, profile information, requirement materials, supplier evidence, messages, images and other files (User Content).

You grant us a non-exclusive, worldwide, royalty-free licence to host, store, copy, process, transmit, display, index, analyse and otherwise use User Content as necessary to provide, secure, support and improve the Service. This includes sharing User Content with other users or organisations where the Service is designed to do so, such as associate discovery, supplier discovery, team building, bid support, project staffing or workspace collaboration.

You represent that you have all rights and permissions needed to submit User Content and allow us to process it under these Terms. You must not submit User Content that infringes third-party rights, breaches confidentiality obligations, is unlawful, is misleading, contains malware or violates applicable security, classification, export control or procurement rules.

06AI-assisted outputs

The Service may generate AI-assisted outputs, including summaries, extracted profile fields, role structures, workpackage structures, search queries, rankings, candidate matches, supplier matches and fit rationale.

AI-assisted outputs are provided to support human review and decision-making. They are not procurement, legal, financial, employment, security or professional advice. You are responsible for checking outputs, validating evidence, applying your own judgement and complying with any applicable procurement rules, employment rules, security rules, export controls, classification requirements, customer policies and contractual obligations.

We do not guarantee that AI-assisted outputs will be accurate, complete, current, unbiased or suitable for your intended purpose.

07Acceptable use

You agree not to:

use the Service unlawfully or to harm others;
attempt to gain unauthorised access to systems, accounts, workspaces or data;
upload malware, malicious code, excessive automated traffic or content you are not entitled to share;
probe, scan, test, bypass, disable or circumvent security or access controls except as expressly permitted by law or an authorised written security testing agreement;
use the Service to misrepresent identity, credentials, experience, clearance, availability or organisational capability;
upload classified information, export-controlled technical data, sensitive personal data or third-party confidential information unless authorised and permitted;
interfere with the operation, integrity or security of the Service;
scrape, harvest or bulk export data except through functionality we provide or with our written permission;
use the Service to build, train or improve a competing product without our written consent; or
encourage or assist anyone else to do any of the above.

08Confidentiality, classification and export controls

You may receive or access non-public information through the Service. You agree to protect such information in line with applicable agreements, policies and law.

You are responsible for ensuring that your use of the Service complies with applicable confidentiality duties, security classifications, export controls, sanctions, procurement rules and customer or government requirements. The Service must not be used for classified, restricted or controlled content unless we have expressly agreed in writing that the relevant environment and controls are suitable for that content.

09Third-party services

The Service relies on third-party providers for functions such as authentication, hosting, cloud infrastructure, email delivery, maps, AI processing, document processing, vector search and security checks. Their terms, policies and processing practices may apply to the extent you use those features. Our current key subprocessors are listed on the Subprocessors page.

We are not responsible for third-party services outside our reasonable control.

10Fees and paid services

If fees apply, they will be set out in an order form, subscription plan, statement of work or other written agreement. You agree to pay all applicable fees and taxes according to the relevant payment terms.

Unless a separate agreement says otherwise, fees are non-refundable except where required by law.

11Intellectual property

We and our licensors own all rights, title and interest in the Service, including software, workflows, user interface, designs, models, databases, documentation, branding and related intellectual property, excluding User Content.

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable right to use the Service for your internal business purposes and authorised workflows.

You may give us feedback or suggestions. We may use feedback without restriction or obligation to you.

12Privacy

Our Privacy Policy explains how we collect, use and share personal information. By using the Service, you acknowledge that personal information will be processed as described in the Privacy Policy.

13Suspension and termination

We may suspend or terminate access to the Service if we reasonably believe:

you or your organisation breached these Terms;
continued access creates security, legal, operational or reputational risk;
required by law, court order, regulator or customer requirement;
your account is inactive, unauthorised or compromised; or
fees are overdue, where applicable.

You may stop using the Service at any time. Termination does not affect rights or obligations that accrued before termination. Sections that by nature should survive will survive, including confidentiality, user content licences needed for retained data, payment obligations, disclaimers, liability limits, indemnities and dispute terms.

14Disclaimers

The Service is provided as is and as available. To the maximum extent permitted by law, we disclaim all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, availability, accuracy and reliability.

We do not warrant that the Service will be uninterrupted, secure, error-free or that content or outputs will be accurate, complete or fit for any particular procurement, staffing, bid, legal, security or operational purpose.

Nothing in these Terms excludes or limits liability that cannot be excluded or limited by law.

15Limitation of liability

To the maximum extent permitted by law, we and our suppliers will not be liable for any indirect, incidental, special, consequential, exemplary or punitive damages, or for loss of profits, revenue, data, goodwill, business opportunity or anticipated savings.

To the maximum extent permitted by law, our aggregate liability for all claims arising out of or relating to the Service or these Terms will not exceed the greater of:

the fees paid by you or your organisation to us for the Service in the twelve months before the event giving rise to the claim; or
GBP 100.

This limitation applies whether the claim is based in contract, tort, negligence, strict liability, statutory duty or any other legal theory.

16Indemnity

You will defend, indemnify and hold harmless us, our group companies, officers, directors, employees and suppliers from and against claims, losses, damages, liabilities, costs and expenses arising from:

your User Content;
your breach of these Terms;
your unlawful use of the Service;
your violation of third-party rights;
your breach of confidentiality, classification, export control, sanctions, procurement or security requirements; or
your decisions or actions based on Service outputs.

This indemnity does not apply to the extent a claim is caused by our fraud, wilful misconduct or liability that cannot be excluded by law.

17Changes

We may update these Terms from time to time. We will post the updated version and revise the Last updated date. Continued use of the Service after changes take effect may constitute acceptance where permitted by law.

18Governing law and disputes

These Terms are governed by the laws of England and Wales, excluding conflict-of-law rules. Subject to mandatory protections that cannot be waived, the courts of England and Wales will have exclusive jurisdiction.

19Contact

Questions about these Terms can be sent to legal@sme-procure.com.

Cookie Policy

Last updated: 17 June 2026

01What this policy covers

This Cookie Policy explains how SME PROCURE LTD (we, us, our) uses cookies and similar technologies when you visit or use SME Procure websites and applications. It should be read with our Privacy Policy and Subprocessors page.

Cookies are small text files stored on your device. Similar technologies include local storage, session storage, pixels, tags, scripts and other tools that store information on or access information from your device.

02Current cookie and technology inventory

As of the last updated date, SME Procure does not use non-essential HTTP cookies for third-party analytics, advertising or social media tracking pixels.

We use strictly necessary and functional technologies to operate the Service, including authentication, security, form abuse prevention, session management, user preferences and first-visit notice dismissal.

If we introduce non-essential analytics, advertising or marketing cookies, we will update this policy and seek consent where UK or EEA law requires.

03How we use cookies and similar technologies

Strictly necessary technologies we use these to run the Service, including:

authentication, sign-in and account management through Clerk;
session management and security;
fraud, spam and abuse prevention, including Cloudflare Turnstile on selected forms;
access controls and workspace permissions;
service reliability and diagnostics; and
local storage to remember that you have dismissed the first-visit notice.

Blocking strictly necessary technologies may prevent the Service from working.

Functional technologies we may use local storage or similar technologies to remember product preferences, interface settings or form state where those features are provided.

Maps and location when you use features that load Google Maps or Places, Google may set cookies or use similar technologies under its own policies, including for address autocomplete, place details, geocoding and map display.

Analytics and performance we do not currently use third-party analytics or performance cookies such as Google Analytics, Plausible, PostHog or similar tools. If we add them, we will update this policy and obtain consent where required.

Marketing and advertising we do not currently use marketing, advertising or retargeting cookies on the Service. If that changes, we will update this policy and seek consent where required.

04Authentication

We use Clerk for sign-in and account management. Clerk may set cookies or use browser storage to maintain sessions and protect accounts. Clerks privacy information is available at clerk.com/legal/privacy.

05Security and abuse prevention

We use Cloudflare Turnstile on selected forms to help prevent spam, abuse and automated submissions. Turnstile may use cookies or similar technologies to verify that a form submission is legitimate. Cloudflares privacy information is available at cloudflare.com/privacypolicy.

06Your choices

You can control cookies through your browser settings, including blocking or deleting cookies. If you block strictly necessary cookies or similar technologies, parts of the Service may not work.

Where we ask for consent to non-essential cookies or similar technologies, you can withdraw or change your consent through the mechanism provided or by contacting us.

07Changes

We may update this Cookie Policy from time to time. We will post the updated version and revise the Last updated date.

08Contact

Questions about this Cookie Policy can be sent to privacy@sme-procure.com.

Subprocessors

Last updated: 17 June 2026

01What is a subprocessor?

A subprocessor is a third party that processes personal information on our behalf to help us provide the Service. Examples include providers for hosting, authentication, email delivery, AI processing, maps, security and data storage.

02Subprocessors of subprocessors

We list the main third-party processors we engage directly. Our subprocessors may use their own subprocessors, subject to their contracts, privacy terms and subprocessor lists. We review subprocessors when our stack changes and update this page for material changes.

03Current subprocessors

The following subprocessors are used in the operation of SME Procure by SME PROCURE LTD.

SubprocessorPurposePrivacy
Clerk (Clerk, Inc.)Authentication, sign-in, session and account management for the application.clerk.com/legal/privacy
Convex (Convex, Inc.)Backend platform, database, server functions, file storage, real-time sync and related backend components.convex.dev/legal/privacy
Vercel (Vercel Inc.)AI Gateway request routing and AI provider access where enabled; frontend hosting for the Next.js application where deployed on Vercel.vercel.com/legal/privacy-policy
Google (Google LLC)Google Maps Platform features including Places autocomplete, place details, map display, geocoding and reverse geocoding; Google booking or calendar links where used for demo scheduling.policies.google.com/privacy
OpenAIAI model processing, including document extraction support, profile structuring, embeddings, search support, role and workpackage generation, matching and fit rationale.openai.com/policies/privacy-policy
Pinecone (Pinecone Systems, Inc.)Vector database for search and retrieval over indexed profile and document content.pinecone.io/legal/privacy
Resend (Resend, Inc.)Transactional email delivery, including account, invitation and service emails.resend.com/legal/privacy-policy
Cloudflare (Cloudflare, Inc.)Turnstile security checks for form abuse prevention and automated submission protection.cloudflare.com/privacypolicy

04Internal and group-operated infrastructure

Some components may be operated by SME Procure or by a group company such as RC Fornax PLC rather than by a separate third-party subprocessor. Where an internal or group-operated document extraction or processing service is used, it is covered by our Privacy Policy and group-company sharing terms. If a third party is appointed to operate that service on our behalf, we will add that provider to this list.

05Other libraries

Client-side libraries, UI components and local application dependencies are not listed as subprocessors unless they send personal information to a third-party server on our behalf.

06Changes

We may update this page when we add or remove subprocessors material to the Service. Material changes may also be reflected in our Privacy Policy.

07Contact

Questions about subprocessors can be sent to privacy@sme-procure.com.