Purchaser is a cloud-native, enterprise SaaS application with AI-enabled functionality designed for use by procurement, supply chain professionals, and more. This guide will provide a high level overview of the platform's data security and governance. To get a more comprehensive datasheet for enterprise enablement or IT approval, reach out to us at support@purchaser.ai.
Jump to Sections:
Purchaser is designed to integrate cleanly into enterprise IT environments without introducing operational, production, or email system risk.
Below is an overview of our identity and user access features. The Purchaser platform does not store customer passwords to their workplace emails if they choose to use their work emails.
Email Client Integration (OAuth-Based)
The platform supports optional user-authorized email integration to enable in-application workflows.
We use Microsoft's OAuth flow to connect to your email account via the Microsoft Graph API. We also support email integration with Google Workspace and Exchange Online.
When the platform is notified that a new inbound email has been received, we fetch only the headers of that email and check them to see if the email is in response to an email sent from our platform. If it's then we fetch the body of the email. If it's not related to an email sent from our platform, we do not fetch the body of the email or store any of the header data.
Access can be revoked at any time by the user or administrator via the email provider. Tokens will invalidated immediately upon revocation giving your team control of email integration.
Our platform utilizes enterprise-grade AI via secured APIs for stateless, request-scoped inference only. We do not host or train proprietary models, ensuring your data is never used for model development. Furthermore, AI outputs are strictly advisory and require human review, ensuring no automated system changes occur without direct user oversight. Opt-out controls are available if required by customer policy.
The platform is designed to mitigate common AI attack vectors, including: prompt injection, data leakage via inference, model misuse, and hallucination risk. The platform never automatically responds to suppliers and quotes are processed in isolation per supplier. Our AI model has fixed, bounded prompts preventing hallucinations and has no access to credentials, secrets, OT systems, or control planes.
The platform does not connect to, control, or directly interact with OT systems so any SaaS unavailability does not impact OT operations or production systems.
Compliance reports and detailed security documentation are available under NDA. We provide the following:
We provide comprehensive support for enterprise infrastructures. This includes defined escalation paths for incident response and a guided onboarding process to ensure seamless enablement and validation. Even after onboarding we support data deletion requests, data export, or OAuth token revocation.
If you have any additional questions about our IT infrastructure or security, our team is happy to help. Contact Us or Book a Demo to learn more about how Purchaser can fit into your workflow.
