1. Who we are and how to contact us
Octbe provides procurement analytics, spend analysis, supplier management, reporting, and related business software services. For personal data collected through the Octbe website and direct business interactions, Octbe is generally the controller. For customer-controlled data processed inside the platform on behalf of a customer, Octbe may act as a processor under a customer agreement or Data Processing Agreement.
2. Personal data we collect
The personal data we collect depends on how you interact with Octbe. We aim to collect only what is reasonably necessary for the relevant purpose.
| Category | Examples |
|---|
| Contact and identity data | Name, email address, company, role, phone number, business message, demo request details, partner enquiry details. |
| Account data | User ID, login email, role, permissions, profile settings, authentication events, access logs, support history. |
| Website and technical data | IP address, browser type, device data, pages visited, referrer, date/time, approximate location, cookie identifiers, analytics events. |
| Customer-controlled platform data | Procurement records, supplier contacts, spend data, contract metadata, reporting content, uploaded files, comments, workflow notes, dashboard configurations. |
| Commercial and billing data | Plan information, invoices, billing contact, renewal notes, contract communications, procurement documents. |
| Security and audit data | Access attempts, rate-limit events, admin actions, security alerts, abuse indicators, vulnerability reports, system logs. |
3. Why we use personal data and lawful bases
Where GDPR or similar laws apply, we rely on an appropriate lawful basis for each processing purpose.
| Purpose | Typical lawful basis |
|---|
| Responding to demo, contact, support, or partner requests | Contract/pre-contract steps; legitimate interests in responding to business enquiries. |
| Providing accounts, authentication, dashboards, uploads, reporting, and platform functionality | Contract; legitimate interests in operating and securing the service. |
| Customer support and service administration | Contract; legitimate interests in helping users and maintaining service quality. |
| Security, fraud prevention, logging, abuse prevention, and incident response | Legitimate interests; legal obligation where applicable. |
| Product improvement, analytics, performance monitoring, and troubleshooting | Legitimate interests; consent where required for non-essential cookies or tracking. |
| Marketing communications and newsletters | Consent where required; legitimate interests for limited B2B communications where permitted. You can unsubscribe or object. |
| Billing, tax, accounting, contract management, and legal claims | Contract; legal obligation; legitimate interests in managing commercial records and disputes. |
4. Cookies, analytics, and similar technologies
Octbe may use cookies and similar technologies to operate the website, remember preferences, protect sessions, measure performance, and understand how visitors use public pages. Strictly necessary cookies are used to provide core functionality and security. Analytics or marketing cookies should be used according to the consent choices shown to you where required by law.
Where Google Analytics, Google Tag Manager, Cloudflare, or similar tools are used, those providers may receive technical data such as IP address, browser/device data, event data, and page interaction information. We use this information to understand site performance and improve content, security, and usability.
5. Sharing, service providers, and subprocessors
We do not sell personal data. We may share personal data with service providers that help us host, secure, operate, analyse, support, communicate, bill, back up, or improve Octbe. These providers should process data only for agreed purposes and under appropriate confidentiality, security, and data protection commitments.
We may also disclose data when required by law, to protect rights and security, to investigate abuse, to enforce agreements, or in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
6. International transfers
Octbe and its service providers may process data in countries other than where you are located. Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we aim to use appropriate safeguards such as Standard Contractual Clauses, UK transfer mechanisms, contractual commitments, or other lawful transfer tools where required.
7. How long we keep data
We keep personal data only as long as reasonably necessary for the purposes described in this policy, including service delivery, support, security, legal, accounting, audit, and dispute-resolution needs. Retention periods may vary depending on the type of data, customer contract, legal obligations, and operational requirements.
- Contact and demo enquiries are kept for follow-up, relationship management, and audit needs.
- Account and service records are kept while the account or customer relationship is active and for a reasonable period afterwards.
- Security logs are kept for security monitoring, investigation, and compliance purposes.
- Customer-controlled data is retained, exported, or deleted according to customer instructions, contract terms, and technical feasibility.
- Backups follow a defined retention cycle and may not be immediately overwritten when live data is deleted.
8. Your privacy rights
Depending on your location and applicable law, you may have rights to request access, correction, deletion, restriction, portability, objection to processing, withdrawal of consent, and information about automated decision-making. These rights may be limited where we must retain information for legal, security, contractual, or legitimate operational reasons.
To exercise rights, contact [email protected]. We may need to verify your identity and clarify the scope of your request. If your data is controlled by one of our customers, we may refer your request to that customer or assist them as processor.
9. Security measures
Octbe applies technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure. Measures may include HTTPS/TLS, restricted network exposure, firewall rules, access controls, administrative permission review, logging, backup routines, secret rotation, and service hardening.
No internet service can guarantee perfect security. If you believe you have found a vulnerability, please report it responsibly using our security contact information.
10. Customer-controlled data
When customers use Octbe to process their own procurement, supplier, spend, contract, reporting, or workflow data, the customer may be the controller and Octbe may be the processor. Customers are responsible for ensuring they have a lawful basis and appropriate notices for data they upload or connect to Octbe. Octbe processes customer-controlled data according to the applicable contract, documented instructions, and agreed product functionality.
11. Analytics, AI-assisted features, and automated decisions
Octbe may provide analytics, reporting, classification, summary, or AI-assisted features. These features are intended to support business review and decision-making, not to replace human judgement. Unless clearly stated in a customer agreement, Octbe does not intend to make solely automated decisions about individuals that produce legal or similarly significant effects.
Customers should avoid uploading unnecessary sensitive personal data into analytics or AI-assisted workflows unless they have assessed the legal basis, transparency obligations, and safeguards required for that use.
12. Children
Octbe is a business software service and is not directed to children. We do not knowingly collect personal data from children through the website or platform. If you believe a child has provided personal data to Octbe, contact us so we can review and take appropriate action.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect product, legal, operational, vendor, or security changes. The updated version will be posted on this page with an updated date. If changes are material, we may provide additional notice where appropriate.
14. Contact, complaints, and supervisory authorities
If you have questions about this policy or want to exercise privacy rights, contact [email protected]. If you are in the EEA, UK, or another jurisdiction with a data protection authority, you may also have the right to complain to your local supervisory authority. We encourage you to contact us first so we can try to resolve the issue directly.
For more detailed trust and GDPR information, you can also review our GDPR and Data Protection Guide.
