Legal

Privacy Policy

How Thinkbench collects, uses, stores, and protects information when you use our website and services.

Introduction

At Thinkbench, we value privacy, transparency, and responsible handling of customer data.

This Privacy Policy explains how Thinkbench (“we”, “our”, or “us”) collects, uses, stores, and protects information when you use our website, software platforms, and related services, including TrueCost Procurement.

Thinkbench is a South African software and consulting company focused on procurement decision support, workflow automation, and operational systems.

By using our website or services, you agree to the practices described in this policy.

Information We Collect

We may collect information provided directly by users, customers, or authorised representatives, including:

  • Name and contact information
  • Company and account information
  • User login credentials
  • Procurement and supplier-related data
  • Uploaded spreadsheets and documents
  • RFQ and sourcing workflow data
  • Email communication metadata related to platform workflows
  • Technical and usage information such as browser type, device information, IP address, and application logs

Procurement and Supplier Data

Our services may process procurement-related operational data, including supplier information, product information, sourcing records, planning data, and RFQ communication workflows. This information is processed solely for the purpose of providing the platform’s procurement, planning, sourcing, reporting, and workflow automation functionality.

Uploaded Files and Spreadsheets

Users may upload spreadsheets, planning files, supplier mappings, RFQ-related documents, or similar operational files into the platform. Uploaded content may be parsed, validated, normalised, and processed to support workflow automation, planning calculations, supplier mapping, and reporting functionality.

Email and RFQ Communication Data

Certain platform features may process procurement-related email communication in order to support RFQ workflows, supplier communication, automated ingestion, and operational notifications. This may include:

  • Email metadata
  • Supplier responses
  • RFQ attachments
  • Workflow-generated communication records

Thinkbench does not sell customer communication data to third parties.

Automated Processing and AI-Assisted Features

Some platform workflows may use automated extraction, classification, matching, or AI-assisted processing to improve operational efficiency and reduce manual data capture. Examples may include:

  • Supplier quote extraction
  • Spreadsheet ingestion
  • Product matching
  • Planning recommendations
  • Workflow classification

These features are designed to assist operational workflows and are subject to ongoing improvement and validation.

How We Use Information

We use collected information to:

  • Provide and maintain our services
  • Support procurement and planning workflows
  • Generate RFQs and operational reports
  • Improve platform functionality and user experience
  • Maintain security, auditability, and system integrity
  • Provide customer support
  • Monitor system performance and operational health
  • Comply with legal obligations where applicable

Multi-Tenant Data Isolation

Thinkbench platforms are designed with logical tenant isolation controls intended to separate customer data between organisations and accounts. Access to customer data is restricted through authentication, authorisation, and tenant-scoped application controls.

Data Sharing and Third-Party Services

Thinkbench may use trusted third-party providers to support hosting, email delivery, logging, analytics, authentication, and operational infrastructure. Examples may include:

  • Microsoft 365 / Microsoft Graph
  • Cloud hosting providers
  • Logging and observability platforms
  • Email delivery services

These providers may process data only as necessary to provide the underlying service functionality.

Data Security

We take reasonable technical and operational measures to help protect customer information and platform integrity. Security measures may include:

  • Authentication and access controls
  • Tenant-scoped data isolation
  • Audit logging
  • Upload governance controls
  • Secure communication protocols
  • Role-based authorisation

As a growing software company, our security practices continue to evolve as the platform matures. For more detail, see our Security page.

Data Retention

Customer data may be retained while accounts remain active or as necessary to support operational workflows, auditability, legal obligations, or legitimate business purposes. Customers may request account closure or data removal subject to operational, contractual, or legal considerations.

Your Rights

Depending on your jurisdiction, you may have rights relating to access, correction, deletion, or restriction of personal information.

South African users may have rights under the Protection of Personal Information Act (POPIA).

Requests relating to personal information may be directed to the contact information below.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, operational practices, or legal obligations. Updated versions will be published on this page with a revised “Last Updated” date.

Contact

If you have questions regarding this Privacy Policy or our data handling practices, please contact us:

Last Updated: 24 May 2026