Skip to main content
Policy v1.0.0 — Active since 2026-05-08

AI Data Governance

Oracron uses Claude (Anthropic) to extract and audit freight invoices. This page explains exactly what happens to your data — what we log, what Anthropic holds, and what we commit to never doing.

"Anthropic does not train on commercial API inputs or outputs. Your invoice data is never used to improve any AI model — by Oracron or Anthropic."

Source: docs.claude.com/en/docs/legal-and-compliance/data-usage

The facts, plainly stated

✓ No

Does Anthropic train on our API calls?

No. Commercial API inputs/outputs are contractually excluded from model training under Anthropic's usage policy. This applies to all Oracron edge function calls — invoice extraction, enrichment, dispute letter generation.

≤30 days

How long does Anthropic retain API logs?

Up to 30 days under Anthropic's standard commercial API terms, for abuse and trust-and-safety monitoring. After this period, Anthropic's copies of the request and response are automatically deleted. Oracron's own audit log (see below) is separate and retained under your contract.

EU

Where is your data stored?

All invoice data, shipment records, and extracted content are stored in your organisation's selected region — the EU (Frankfurt, Germany) or the US, chosen at onboarding — on Supabase infrastructure. AI inference calls transit through Anthropic's API — headquartered in the US with EU Standard Contractual Clauses (SCCs) in place.

Per call

Does Oracron log every AI call?

Yes. Every Claude API call writes a row to our ai_audit_log table: edge function name, model used, policy version, SHA-256 hash of request/response (no content stored in the log), token counts, latency, and your organisation ID. This is your audit trail for GDPR Art. 30 record-keeping.

v1.0.0

How is the policy version tracked?

Every API call carries the current POLICY_VERSION string (v1.0.0) in both a custom HTTP header (X-Oracron-Policy) and the system prompt. Any policy change increments this version and customers are notified per Terms §7.7 (30-day sub-processor change notice).

Roadmap

Are you pursuing Zero Data Retention (ZDR)?

Yes. ZDR is an enterprise agreement with Anthropic that eliminates the up-to-30-day retention window entirely — inputs/outputs are not stored at rest after the inference response returns. We are pursuing ZDR once we reach the commercial threshold that qualifies us (≥3 paying customers or €5k MRR). Once active, we will update the privacy policy and notify all customers.

Never

Does Oracron sell or share invoice data?

Never. Invoice data, shipment records, rate tables, and any extracted content are strictly confidential. They are never sold, shared with third parties for commercial purposes, or used to train any model — including our own internal improvements. See our Privacy Policy §4 for the full commitment.

What happens on each invoice extraction

Step-by-step data flow for a PDF invoice processed by Oracron.

  1. 1

    PDF uploaded to Supabase Storage (EU)

    File stored in your org's private bucket. AES-256 at rest, TLS 1.3 in transit. Accessible only to your organisation.

  2. 2

    invoice-ingest edge function fires

    Supabase Edge Function (Deno, running in your region) reads the PDF and constructs a Claude API request. The system prompt includes the policy marker (X-Oracron-Policy: v1.0.0) and a metadata.user_id set to a SHA-256 hash of your organisation ID — an opaque identifier that itself contains no personal data. The invoice document, which may contain shipper and consignee names and addresses, is sent to Anthropic for extraction.

  3. 3

    Claude processes the invoice

    Anthropic's API returns extracted fields (invoice number, lines, amounts, carrier). Anthropic holds this data for up to 30 days for trust-and-safety purposes, then auto-deletes. It is never used for model training.

  4. 4

    Audit log row written to ai_audit_log

    We write model, policy version, SHA-256 hashes, token counts, and latency. No invoice content is stored in this table — only the fingerprint of the call.

  5. 5

    Extracted data stored in your Supabase org

    Invoice lines, fee codes, amounts written to invoices / invoice_lines. Row-Level Security (RLS) ensures only users in your organisation can read or write this data.

AI sub-processors

Anthropic (Claude) Invoice text extraction, enrichment, dispute letter generation Up to 30 days. ZDR roadmap — see above.
OpenAI (Embeddings) Semantic embeddings for fee-code and shipment-reference matching Up to 30 days. No training use.

Non-AI sub-processors (database, email, CDN) are listed in the Privacy Policy. Customers are notified 30 days before any sub-processor change per Terms §7.7.

Questions about AI governance?

We respond to all privacy and data governance inquiries within 2 business days.

Policy version: v1.0.0 — Effective 2026-05-08 — Permanent link