PO GuardianSign in

Privacy Policy

Last updated: March 2026

PO Guardian is a document screening tool built for operational teams. It connects to your email inbox to find, read, and assess operational documents — purchase orders, fulfilment requests, and return authorisations. This policy explains exactly what we access, what we store, and what we never do. It’s written in plain English, not legalese.

What data we collect

We collect the minimum information needed to run the service:

  • Your email address and name via your sign-in provider (Google or Microsoft).
  • Connected mailbox data — when you link Gmail or Outlook, we access email metadata (subject line, sender address) and document attachments for processing. We do not read or store the body text of your emails.
  • Uploaded documents — files you upload manually through the dashboard (PDF, DOCX, XLSX, CSV).
  • Extracted document data — structured fields we pull from your documents: PO numbers, line items, prices, dates, parties.
  • Price lists — supplier price data you upload for price verification.
  • Billing information — handled entirely by Stripe. We never see or store your payment card details.

How we use your data

  • To process and classify your operational documents and provide risk assessments.
  • To verify line item pricing against your uploaded price list.
  • To detect duplicate documents and flag potential issues before you action them.
  • To send you email notifications when a document is processed (from your connected inbox — not for manually uploaded documents).
  • To maintain your account and process your subscription.

We do not use your document content to train AI models. Document text is sent to the OpenAI API solely to classify and extract structured data — see the Third-Party Services section below.

Email access — what we do and don't do

When you connect Gmail or Outlook, we use OAuth to request read access to your inbox. Here is exactly what we do:

  • We only read unread emails that have attachments. We do not read emails without attachments, already-read emails, drafts, sent mail, or any folder other than your inbox.
  • We read the subject line and sender address to log where a document came from.
  • We download attachments (PDF, DOCX, XLSX, CSV only) and run them through the processing pipeline.
  • We mark emails as read after successfully processing their attachments, so you know they’ve been picked up.
  • We do not read, store, or access email body content. The text inside your emails is never touched.
  • We never send emails on your behalf.
  • We never access your contacts, calendar, or any other Google/Microsoft data.

You can disconnect your mailbox at any time from the dashboard. Disconnecting immediately stops all inbox scanning.

Data storage and security

  • All data is stored in Supabase, a managed Postgres database with encryption at rest and in transit.
  • Documents and extracted data are stored in your account and are only accessible to you.
  • OAuth tokens for Gmail are stored in your account record. Outlook tokens are stored in Supabase Vault (encrypted secret storage).
  • We do not store original document files — only the extracted text and structured data fields.

Third-party services

We use the following services to run PO Guardian. Each receives only the data necessary for its function:

OpenAI
Document text is sent to the OpenAI API (GPT-4o) to classify documents and extract structured fields. Your document content is subject to OpenAI's data usage policies. We use the API in a way that opts out of training data use where available.
Supabase
Database and authentication infrastructure. All account data, documents, and extracted data are stored here.
Clerk
Authentication and user management. Handles sign-in, sign-up, and session management.
Stripe
Subscription billing. Processes payment details. We never see your card number.
Resend
Transactional email. Sends processing notifications when documents arrive via your connected inbox.

Data retention

  • Documents and extracted data are retained for as long as your account is active.
  • You can delete individual documents from the dashboard at any time. Deleted documents are moved to a “Recently Deleted” state and permanently removed after 30 days, or immediately if you empty the deleted folder.
  • If you cancel your subscription, your data remains accessible until you choose to delete your account.
  • When you delete your account, all associated data — documents, extracted data, price lists, and account information — is permanently deleted.

We never sell your data

We do not sell, rent, share, or provide your data to third parties for advertising, marketing, or any commercial purpose. Your document content, extracted data, and pricing information are yours. Full stop.

Your rights

  • Disconnect your mailbox at any time from the dashboard — scanning stops immediately.
  • Delete individual documents from the dashboard.
  • Export or request your data — contact us and we’ll provide what we hold.
  • Delete your account — removes all your data permanently. Contact us to request account deletion.

If you are located in Australia, this service complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988.

Contact

Questions about this policy or how we handle your data? Email us at support@poguardian.com. We’ll respond within 2 business days.