Privacy Policy

Purchase Order Centre operates a cloud-based business workflow platform designed to help organisations manage purchasing, approvals, supplier relationships and operational finance processes. This Privacy Policy describes how we handle personal data when individuals interact with our website and Service.

• Account information: name, email, organisation, role.
• Authentication data: hashed credentials, MFA factors and session tokens.
• Usage data: device, browser, IP, log events and timestamps.
• Communications: messages you send through contact or support channels.

Customers may upload operational data such as purchase orders, suppliers, invoices, payments, budgets, departments, comments and attachments. This data belongs to the Customer organisation and is processed by us solely to provide the Service.

Personal data is processed only to operate, secure and improve the Service: authenticating users, enforcing role-based access, delivering notifications, providing support, preventing abuse and complying with legal obligations. We never sell personal data to advertisers.

Where the GDPR applies, we process personal data on the legal bases of contract performance, legitimate interests (such as securing and improving the Service), consent (such as for analytics cookies) or compliance with a legal obligation.

We use strictly-necessary cookies to operate the Service and optional analytics cookies (such as Google Analytics) only after the visitor has provided consent through the cookie banner. See the Cookie Policy for full details.

We share personal data only with subprocessors required to deliver the Service, such as cloud hosting, managed database and future email delivery providers. Subprocessors are bound by appropriate confidentiality and data protection commitments.

Personal data may be processed in jurisdictions outside your country of residence. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses to lawfully transfer personal data.

We retain personal data for as long as the Customer organisation maintains an active workspace, plus a reasonable backup period. You may request deletion of your personal data at any time, subject to legal retention obligations.

We apply role-based access control, organisation-level data isolation, encryption in transit, optional multi-factor authentication and audit logging. No system can be guaranteed fully secure, but we continuously improve our security posture.

• Right of access, rectification and erasure of your personal data.
• Right to data portability where technically feasible.
• Right to object to or restrict certain processing.
• Right to withdraw consent at any time where processing is based on consent.

If you believe your data protection rights have been infringed, you may lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

For privacy enquiries, contact support@purchaseorderhub.com.

We may revise this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision.