Security & trust

Built for orders you can't afford to get wrong

ProcuLink sits between your buyers and suppliers. We treat that position — and your data — with the seriousness it deserves.

Encryption everywhere

AES-GCM at rest and TLS 1.2+ in transit (TLS 1.3 where supported). Supplier delivery credentials are encrypted with AES-256-GCM authenticated encryption and never written to application logs.

EU data residency

All order data is processed and stored in EU-region infrastructure. No data leaves the region without an explicit, contracted subprocessor agreement.

Append-only audit trail

Every parse, edit, validation and delivery attempt is recorded immutably. Export the full delivery log for any order at any time.

Validation before delivery

Per-supplier rules block malformed orders before they ever reach a supplier endpoint — wrong currency, missing fields, unresolved codes.

Access control

Role-based access, SAML/OIDC SSO available on Enterprise, and scoped API keys you can revoke instantly. Sessions are short-lived by default.

Responsible AI

Mapping suggestions never auto-apply without a confidence score and source. Your data is never used to train third-party models. Enterprise customers can opt into a self-hosted, no-egress mode where document extraction — including scanned-PDF OCR — runs entirely in your environment, with nothing sent to OpenAI.

Compliance

GDPRCompliant · DPA available
SOC 2Readiness on our roadmap
ISO 27001On our roadmap

Subprocessors

RailwayAPI and background-worker hosting
NeonPostgreSQL database hosting
CloudflareR2 object storage (order files and generated artifacts) and DNS
VercelFrontend hosting and CDN
ClerkAuthentication and session management
OpenAIAI document extraction and mapping suggestions (API data is not used for model training under OpenAI's API terms)
StripePayment processing and subscription management
PostmarkInbound email ingestion (orders emailed to your ProcuLink address)
PostHogPseudonymous product analytics
SentryError monitoring and diagnostics

Full list with locations, contracts, and change notifications: /subprocessors

Need our security package?

We'll share our DPA, security overview, and architecture documentation under NDA.

Request security docs Start free

ProcuLink uses functional cookies to keep you signed in, and optional analytics cookies to improve the product. We don't use advertising or cross-site tracking. See our Privacy Policy.