EN DE FR ES RO
Skip to main content
EU data residency · GDPR

GDPR-compliant freight invoice audit
— your data stays in the EU

Oracron audits carrier invoices without your freight data ever leaving the European Union. Hosted in AWS Frankfurt, tenant-isolated by row-level security, never used to train an AI model — and backed by a Data Processing Agreement you can sign under EU law.

A freight-audit platform that was built EU-resident, not retrofitted

Most freight-audit vendors are US-headquartered and treat EU data residency as a configuration option — a region toggle on top of a US-first architecture. Oracron is the inverse: EU-resident by default, with a single mid-tier Postgres tenant per organisation and a documented, auditable processing chain.

Typical US-first vendor

Freight data lands in a US region by default, with an "EU option" that often means asynchronous replication into eu-west or eu-central. The control plane, audit logs and AI calls may still traverse the US — and the DPA is bolted on after sign-up.

Oracron — EU-resident by default

Your organisation is provisioned into AWS Frankfurt (eu-central-1) at onboarding and stays there. Storage, control plane, audit log and AI inference run in-region. The DPA is signed before any production data is ingested.

The compliance stack

Data residency AWS Frankfurt eu-central-1; never replicated cross-region DPA names the region; written into the contract
Tenant separation Postgres row-level security on every row, keyed off the authenticated session's org Policies are public in our migrations; advisor-checked in CI
Encryption TLS 1.2+ in transit · AES-256 at rest · keys managed by AWS KMS See /security for the full posture
DPA Available on request; references EU SCCs where they apply Sample at /dpa · signed pre-onboarding
AI training Customer data is never used to train, fine-tune, or evaluate any model Stated in the DPA & /data-governance
Right to erasure Full account & invoice deletion on request; documented retention windows Self-serve account delete + DPA Art. 28 commitments
Records of processing Per-tenant audit log of every privileged action with actor + reason Supports your GDPR Art. 30 obligations
Sub-processors AWS (eu-central-1), Anthropic (in-region inference), Resend (transactional email) Listed in the DPA; 30-day change notice

For the full security & trust posture — encryption keys, MFA, OWASP coverage, incident response — see /security.

What "EU-resident" really means here

Storage, control plane, audit log, AI — all in Frankfurt

Residency is only meaningful if it covers every place your invoice data touches. Oracron pins your organisation to AWS eu-central-1 at onboarding: the Postgres tenant, the file storage holding the original PDFs, the audit log, the edge functions, and the AI inference call (Anthropic Claude over an in-region endpoint) all run there. No cross-region read replicas, no US control-plane round-trips, no background export to a different region for analytics.

If it isn't in Frankfurt, it isn't in Oracron.

EN16931 / e-invoicing

Built to ingest the EU e-invoice envelopes you'll be receiving

EN16931 is now mandatory in Romania (live), Spain (2026–27), France (2026–27) and the platform's primary market Germany (receive 2025, issue 2027–28). The structured government e-invoice carries only the financial header — the audit-grade freight detail (route, weight, per-charge breakdown) rides in an embedded annex.

Oracron's pipeline reads the EN16931 header directly (carrier VAT comes through verified, no Vision needed) and extracts the embedded annex — UBL, ZUGFeRD, or Factur-X — for the existing audit chain. You don't get to choose whether to deal with e-invoicing; the platform makes sure you don't have to deal with it twice.

Audit your freight invoices without moving them out of the EU

EU data residency (AWS Frankfurt), GDPR-compliant by default, multi-modal Road / Air / Sea auditing, DPA on request. Start free, no credit card.

Common questions

Is Oracron a GDPR-compliant freight invoice audit platform?
Yes. Oracron is built for GDPR compliance from the data layer up: tenant-isolated Postgres with row-level security, EU or US data residency chosen at onboarding, a Data Processing Agreement on request, and processing-activity records that support your GDPR Art. 30 obligations. Customer invoice data is never used to train an AI model.
Where is my freight invoice data hosted if I'm an EU customer?
EU customers are hosted on AWS eu-central-1 in Frankfurt, Germany. Each organisation's data stays inside the region chosen at onboarding (EU or US) and is not replicated across regions. The AI model used for invoice extraction (Anthropic Claude) is invoked over the EU-resident network without persisting customer text outside the region.
Can I sign a Data Processing Agreement (DPA) under EU law?
Yes. A DPA is available on request and references the EU Standard Contractual Clauses where they apply. It covers the controller / processor split, sub-processors, security measures, and breach-notification timelines. Contact security@oracron.app or see /dpa.
Does Oracron use my freight invoice data to train its AI models?
No. Customer invoice and shipment data is never used to train, fine-tune, or evaluate any AI model — neither Oracron's prompts nor a third party's models. The AI extraction is run per-invoice as a non-persistent inference call; the only data we retain is the structured output that drives the audit.
How are different customers' freight data kept separate?
Every row in the database carries an organisation_id and is protected by Postgres row-level security policies that resolve the active organisation from the authenticated session. A query from one tenant is mathematically incapable of returning another tenant's rows — separation is enforced by the database, not by application code.
Does Oracron support EU e-invoicing (EN16931 / UBL / ZUGFeRD / Factur-X)?
Yes — an EN16931 envelope unwrapper is on the roadmap and lands ahead of the DE mandate. The structured EN16931 header (invoice number, carrier VAT, totals) is read directly; the audit-grade shipment annex is extracted from the envelope and routed into the existing audit pipeline. Coverage spans UBL (RO RO_CIUS, ES, DE XRechnung), ZUGFeRD, and Factur-X.