Privacy Policy

When you sign in with your Microsoft account, we receive your name, email address, and an OAuth refresh token. We also store the procurement inquiry data you choose to analyse and the supplier search results generated by our AI.

• To authenticate you and maintain your session.
• To analyse procurement emails and search for suppliers on your behalf.
• To send outreach emails via Microsoft Graph using your account.
• To process payments and manage your subscription via Stripe.
• To send transactional emails (e.g. welcome, usage alerts).

Your data is stored in a PostgreSQL database hosted on Supabase. OAuth tokens are encrypted at rest using AES-256-GCM. All traffic is encrypted in transit via TLS. We do not sell or share your data with third parties except as required to provide the service (OpenAI and Mistral for AI analysis, Serper for supplier web search, Stripe for payments, Resend for transactional emails).

• Microsoft Entra ID: Authentication and email sending.
• OpenAI: AI-powered email analysis and supplier search.
• Mistral AI: OCR text extraction from scanned PDF attachments.
• Serper: Web search API used to discover suppliers.
• Stripe: Payment processing.
• Resend: Transactional email delivery.
• Sentry: Error monitoring (no PII is logged).
• Supabase: EU-hosted PostgreSQL database.
• Upstash Redis: Caching and encrypted session/token storage.
• Inngest: Background job orchestration.
• Vercel: Application hosting.

Search session data is retained for 90 days after creation, then automatically deleted. Your account data is retained until you delete your account.

You may request access to, correction of, or deletion of your personal data at any time by emailing help@source365.io.

For privacy-related questions, contact us at help@source365.io.