Freight invoices and carrier rates are commercially sensitive. This page explains exactly how we protect your data, what we do and don't do with it, and how to reach us with questions.
Every layer of the stack is hardened for sensitive freight finance data.
These are contractual commitments, not just policy statements.
We do not sell your freight data
Your invoice values, carrier rates, shipment volumes, and routing data are never sold, licensed, or shared with carriers, freight brokers, market intelligence firms, or any other third party.
We do not use your data to train AI models
Your invoice and shipment data is never used to train machine learning models — ours or anyone else's. Anthropic's API terms contractually prohibit training on customer data; inputs and outputs are retained on Anthropic's systems for up to 30 days for trust-and-safety monitoring, then auto-deleted. Every AI call carries a versioned policy marker and a system-level data-protection prompt. We are pursuing a Zero Data Retention (ZDR) agreement to eliminate the retention window entirely. Full AI governance policy →
Every AI call is logged and auditable
We maintain a per-call AI audit log recording which function processed your data, which model was used, token volumes, latency, and purpose — for every invoice extraction and enrichment call. Administrators can review this log under Settings > Privacy. This supports your GDPR Art. 30 records-of-processing obligations.
We do not store payment card data
All payment processing is handled by Stripe. We never see, store, or log credit card numbers or bank account details.
No tracking or analytics inside the app
Google Analytics runs only on our public marketing pages (oracron.app). Once you log in to the platform, no third-party analytics scripts run on any page.
We are built for European enterprise customers and their compliance requirements.
GDPR (EU 2016/679)
Full compliance. EU or US data storage (your choice). Data Processing Agreement available on request. Contact: privacy@oracron.app
SOC 2 Type II
Certification in progress. We are currently undergoing a SOC 2 Type II audit. Estimated completion: Q4 2026. Contact us to discuss timeline.
ISO 27001
Certification roadmap in place. ISO 27001 compliance programme underway. Expected certification: 2027. Ask us for our ISMS documentation.
Data retention & deletion
You can delete your organisation's data at any time. On account closure, all data is purged within 30 days. Configurable per-organisation retention policies available on Enterprise plans.
We build on enterprise-grade infrastructure so you don't have to trust our word alone.
X-Oracron-Policy
header and a mandatory data-protection system prompt. Each call is recorded in our
AI audit log with token counts, latency, and purpose — accessible to administrators
under Settings > Privacy. We are evaluating a Zero Data Retention (ZDR) agreement
with Anthropic to eliminate provider-side retention.
If you discover a security vulnerability in Oracron, please report it to security@oracron.app. We will acknowledge receipt within 48 hours and keep you informed as we investigate. We do not operate a bug bounty programme at this stage, but we recognise responsible disclosures publicly if you consent.
If you are evaluating Oracron for your organisation and need to complete a security questionnaire, request a Data Processing Agreement, or speak to someone about our compliance programme, contact us. We respond within one business day.
Last updated: May 2026 · Version 1.0 · Privacy policy · Terms of service