Privacy Policy
Last Updated: 2026-02-23
Introduction
ProcessPlan, LLC (“ProcessPlan,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal data we process. This Privacy Policy explains how we collect, use, store, and share your information when you visit our website at processplan.com or use the ProcessPlan platform.
ProcessPlan is a business process management and automation platform. Our customers use ProcessPlan to manage and automate their business processes. The platform includes ProSeer, an AI-powered assistant that helps customers work with their data.
For the purposes of the EU General Data Protection Regulation (GDPR), ProcessPlan acts as a Data Controller for account and billing information, and as a Data Processor for data that customers store within the platform.
Who This Policy Applies To
This Privacy Policy applies to:
- Visitors to our website (processplan.com).
- Individuals who create an account or subscribe to ProcessPlan.
- Authorized users of the ProcessPlan platform.
Information We Collect
Information You Provide Directly
- Account Information: Name, email address, company name, and billing address.
- Payment Information: Credit card data is processed and stored exclusively by Stripe, Inc. ProcessPlan does not store credit card numbers.
Information Collected Automatically
- Technical Data: IP address, browser type, device information, and operating system.
- Usage Data: Pages visited, features used, session duration, and interaction patterns within the platform.
- Cookies: We use essential cookies only (session and authentication). We do not use non-essential tracking cookies within the platform. Our marketing website uses Google Analytics for traffic analysis and conversion tracking.
Customer-Stored Data
Our customers may store any data they choose within the ProcessPlan platform, including personal data about their employees, clients, vendors, or other individuals. Customers may also upload files and documents. ProcessPlan processes this data solely on the customer’s instructions and in accordance with the applicable Data Processing Agreement.
How We Use Your Information
| Purpose | Data Used | Lawful Basis (GDPR) |
|---|---|---|
| Provide our service | Account info, customer-stored data | Contract performance (Art. 6(1)(b)) |
| Process payments | Billing address (card data via Stripe) | Contract performance (Art. 6(1)(b)) |
| Send service communications | Name, email | Contract performance (Art. 6(1)(b)) |
| Improve our platform | Usage data, analytics | Legitimate interest (Art. 6(1)(f)) |
| Ensure security | Technical data, access logs | Legitimate interest (Art. 6(1)(f)) |
| AI features (ProSeer) | Customer data included in prompts | Contract performance (Art. 6(1)(b)), at customer’s discretion |
| Marketing site analytics | IP, browser data (via Google Analytics) | Legitimate interest (Art. 6(1)(f)) |
Artificial Intelligence (ProSeer)
ProcessPlan integrates AI capabilities through our ProSeer feature, powered by Anthropic (primary provider), with optional integrations to OpenAI and Google Gemini. When customers use ProSeer:
- Customer data may be included in AI prompts to provide contextual responses. This is entirely at the customer’s discretion.
- All AI providers are used on zero-data-retention API tiers. No customer data is used to train AI models.
- AI processing occurs in the United States.
How We Share Your Information
We do not sell your personal data. We share personal data only with the following categories of service providers, and only to the extent necessary:
- Infrastructure: Amazon Web Services (AWS) — hosting and file storage.
- Payments: Stripe, Inc. — payment processing.
- Authentication: Auth0 (Okta) — authentication services.
- Email: Amazon SES — transactional email delivery.
- Security: Cloudflare, Inc. — DDoS protection and content delivery.
- AI Providers: Anthropic, OpenAI, Google — AI processing at customer’s discretion.
- Analytics: Google Analytics — marketing site and conversion analytics only.
We may also disclose personal data where required by law, regulation, legal process, or governmental request.
International Data Transfers
ProcessPlan is based in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data will be transferred to the United States for processing.
We protect these transfers using Standard Contractual Clauses (SCCs) as approved by the European Commission. Customers who require EU-based data hosting may request this for an additional fee.
Our sub-processors also process data in the United States and are bound by equivalent contractual protections.
Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
- Right of Access: The right to access your personal data and obtain a copy.
- Right to Rectification: The right to correct inaccurate or incomplete data.
- Right to Erasure: The right to request deletion of your personal data.
- Right to Restriction: The right to limit how we process your data.
- Right to Data Portability: The right to receive your data in a structured, machine-readable format.
- Right to Object: The right to object to processing based on legitimate interest.
- Right to Withdraw Consent: The right to withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, please contact us at privacy@processplan.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Account information is retained for the duration of your subscription plus 90 days after cancellation, or until you request deletion.
- Billing records are retained as required by applicable tax laws.
- Usage analytics data is retained for 12 months.
- Customer-stored data is retained according to the customer’s configured retention periods. Upon contract termination, it is deleted after a 90-day grace period or upon request.
- Backups are retained for 7 days and then automatically deleted.
Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption at rest and in transit (TLS 1.2+).
- Role-based access controls and multi-factor authentication.
- DDoS protection via Cloudflare.
- Regular security audits and penetration testing.
- Production access limited to a small number of authorized personnel.
- Employee security and privacy training.
No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately.
Cookies
ProcessPlan uses essential cookies only within the platform (session management and authentication). Our marketing website uses Google Analytics, which sets cookies for traffic analysis and conversion tracking. We do not use non-essential tracking cookies within the application.
Children’s Privacy
ProcessPlan is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last Updated” date. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
ProcessPlan, LLC
Attn: Data Protection Officer
3698 Inner Perimeter Rd #4411
Valdosta, GA 31602
State of Georgia, USA
Email: privacy@processplan.com
Website: processplan.com