Bedrock Acquires Procoto to Revolutionize Procurement Processes and Enhance Enterprise Supplier Management Capabilities.

Bedrock’s Privacy Statement

Last Updated: October 22nd, 2025

 

1. Introduction

Bedrock ("Bedrock," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, disclose, and safeguard your Personal Data.

Bedrock is a leading provider of supplier management technology and services, offering cloud-based procurement software solutions including supplier onboarding, data verification, payment processing, audit recovery, and risk prevention tools. Our platform integrates with Enterprise Resource Planning (ERP) and Procure-to-Pay (P2P) systems to streamline supplier management for procurement and accounts payable teams.

This Privacy Policy explains how we handle Personal Data when you:

  • Visit our website at https://mybedrock.com
  • Use our software platform and services
  • Interact with us as a customer, supplier, or business partner
  • Engage with our marketing communications

This Privacy Policy applies to Personal Data we process as a Data Controller (when we determine the purposes and means of processing) and as a Data Processor (when we process Personal Data on behalf of our enterprise clients who act as Data Controllers).

We encourage you to read this policy carefully to understand our practices regarding your Personal Data and how we will treat it.

 

2. Information We Collect

We collect several types of information from and about users of our services, including:

  • Full name
  • business contact information
  • Corporate email address
  • User credentials (username and password)
  • Business verification information (which if you operate as a Sole Trader while providing Services to a Corporate Client of our’s constitutes Personal Data pertaining to you.

Cookies and Tracking Technologies

We use Cookies to collect information about your browsing activities to enhance your experience on our website.

Information Processed on Behalf of Clients

Bedrock acts as a Data Processor for our enterprise clients (the Data Controllers), we process Personal Data about their vendors, employees, and authorized users according to their instructions. This may include:

  • Employee contact information and authorization details
  • Vendor and supplier business information
  • Invoice and payment data
  • Transaction histories and audit records

 

3. How We Use Your Information

We use the Personal Data we collect for the following purposes:

3.1 Service Delivery and Platform Operations

To Provide Our Services:

  • Deliver, maintain, and improve our supplier management platform
  • Process supplier onboarding, verification, and data cleansing
  • Provide customer support and respond to your inquiries

Platform Functionality:

  • Create and manage user accounts
  • Authenticate users and maintain security
  • Enable communication between suppliers and procurement teams
  • Generate reports, dashboards, and analytics

3.2 Business Operations and Compliance

Risk Prevention and Verification:

  • Conduct real-time banking and risk verification
  • Verify supplier information across 60+ government agencies
  • Detect and prevent fraudulent activities and duplicate invoices
  • Perform compliance checks and validate business credentials
  • Maintain data accuracy and integrity

Legal and Regulatory Compliance:

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from public authorities
  • Enforce our terms of service and other agreements
  • Protect our rights, privacy, safety, and property
  • Maintain SOC 2 Type 2 certification compliance

 

4. Legal Basis for Processing (GDPR)

We undertake the Processing of Personal Data under the instructions of a Controller while fulfilling a Contractual Obligation or under Consent where you freely submit your Personal Data to us.

We will never sell or rent your Personal Data to third parties under any circumstances.

 

5. International Data Transfers

Bedrock is headquartered in St. Petersburg, Florida, United States and we host all information with our hosting provider AWS in the U.S. in a secure environment, with encryption at rest and in transit and having the Standard Contractual Clauses approved by the European Commission and the UK for transfers of Personal Data between us and our Processors.

 

6. Data Security

We take the security of your Personal Data seriously and implement robust technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, and destruction.

6.1 Security Measures

Encryption:

  • Bank-grade 256-bit encryption for data in transit using TLS 1.3 protocol
  • Encryption of data at rest in our secure cloud infrastructure
  • Encrypted communication between Bedrock and our business partners

Access Controls:

  • Role-based access controls and authentication mechanisms
  • Multi-factor authentication options for user accounts
  • Principle of least privilege for employee access to data
  • Regular access reviews and authorization updates

Network Security:

  • Multiple network and application firewalls to prevent unauthorized access
  • Continuous monitoring of firewalls and security systems
  • Intrusion detection and prevention systems
  • DDoS protection and mitigation

Compliance and Testing:

  • SOC 2 Type 2 certification with annual third-party independent audits
  • Continuous external vulnerability testing
  • Annual penetration testing by security experts
  • Regular security assessments and compliance reviews

Physical Security:

  1. Secure data centers with restricted physical access
  2. Environmental controls and redundancy systems
  3. Video surveillance and security personnel

Incident Response:

  • Documented security incident response procedures
  • Regular security training for employees
  • Breach notification protocols in accordance with applicable laws

6.2 Employee Training and Policies

All employees with access to Personal Data are required to:

  • Complete security and privacy training
  • Sign confidentiality agreements
  • Follow our information security policies and procedures
  • Report security incidents immediately

 

7. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

 

8. Your Privacy Rights

We respect your rights regarding your Personal Data. Depending on your location, you may have certain rights under applicable data protection laws.

8.1 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

Right of Access: You have the right to obtain confirmation as to whether we process your Personal Data and, if so, to request access to that information, including:

  • The categories of Personal Data we hold
  • The purposes of processing
  • The recipients or categories of recipients
  • The retention period
  • A copy of your Personal Data

Right to Rectification: You have the right to request correction of inaccurate or incomplete Personal Data we hold about you.

Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your Personal Data in certain circumstances, including when:

  • The information is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where processing is based on consent)
  • You object to processing based on legitimate interests
  • The information was unlawfully processed
  • Legal obligations require erasure

Right to Restriction of Processing: You have the right to request that we restrict processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that information to another controller.

Right to Object: You have the right to object to processing of your Personal Data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your Personal Data violates data protection laws.

8.2 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You have the right to request disclosure of:

  • The categories of Personal Data we have collected about you
  • The categories of sources from which we collected Personal Data
  • The business or commercial purpose for collecting or selling Personal Data
  • The categories of third parties with whom we share Personal Data
  • The specific pieces of Personal Data we have collected about you

Right to Delete: You have the right to request deletion of Personal Data we have collected from you, subject to certain exceptions.

Right to Correct: You have the right to request correction of inaccurate Personal Data we maintain about you.

Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your Personal Data. Note: Bedrock does not sell or share Personal Data as defined by the CCPA/CPRA.

Right to Limit Use of Sensitive Personal Data: You have the right to limit the use and disclosure of sensitive Personal Data to certain purposes. Note: Bedrock does not use or disclose sensitive Personal Data beyond the purposes allowed without providing an opt-out.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

8.3 Exercising Your Rights

To exercise any of the rights described above or pose any questions regarding the Processing of Personal Data please send an email to [email protected].

 

9. Children's Privacy

Our services are not intended for natural persons under the age of 18. We do not knowingly undertake the Processing of Personal Data from children under 18 years of age.

If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us immediately at [email protected]. We will take steps to delete such information from our systems as quickly as possible.

If we become aware that we have inadvertently collected Personal Data from a child under 18, we will delete that information promptly.

 

10. Questions or to Contact Us

If you have any questions or concerns about our privacy policy, please contact us at [email protected].