Privacy Policy — Source365

1. Information We Collect

When you sign in with your Microsoft account, we receive your name, email address, and an OAuth refresh token. We also store the procurement inquiry data you choose to analyse and the supplier search results generated by our AI.

2. How We Use Your Information

To authenticate you and maintain your session.
To analyse procurement emails and search for suppliers on your behalf.
To send outreach emails via Microsoft Graph using your account.
To process payments and manage your subscription via Stripe.
To send transactional emails (e.g. welcome, usage alerts).

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Supabase. OAuth tokens are encrypted at rest using AES-256-GCM. All traffic is encrypted in transit via TLS. We do not sell or share your data with third parties except as required to provide the service (OpenAI for AI analysis, Stripe for payments, Resend for transactional emails).

4. Third-Party Services

Microsoft Entra ID — Authentication and email sending.
OpenAI — AI-powered email analysis and supplier search.
Stripe — Payment processing.
Resend — Transactional email delivery.
Sentry — Error monitoring (no PII is logged).
Vercel — Application hosting.

5. Data Retention

Search session data is retained for 90 days after creation, then automatically deleted. Your account data is retained until you delete your account.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing help@source365.io.

7. Contact

For privacy-related questions, contact us at help@source365.io.