Privacy Policy

Account Information

When you sign up for Auxtri, we collect your name, email address, company name, and authentication credentials through Microsoft Entra ID (Azure AD).

Email Data

We process emails from your designated AP mailbox to provide our service. This includes email content, sender information, attachments, and metadata. We only access emails necessary to respond to vendor inquiries.

ERP Data

We query your ERP system (Workday, PeopleSoft, Infor FSM, or other integrated systems) to retrieve invoice status, payment information, and vendor details needed to respond to inquiries.

Usage Data

We collect information about how you use Auxtri, including features accessed, response times, and system performance metrics. We do not log Protected Health Information (PHI) in our analytics.

We use your information to:

• Process and respond to vendor inquiries
• Query your ERP system for invoice information
• Detect fraudulent or suspicious emails
• Improve our AI models and service quality
• Provide customer support
• Send service updates and important notifications (we will not send marketing emails without your consent)
• Comply with legal obligations and our Business Associate Agreement (BAA)

We do not use or disclose ePHI except as permitted by the BAA and HIPAA regulations. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to ePHI is restricted to authorized personnel only.

All data is stored on Microsoft Azure in the United States. Our security measures include:

• Encryption: TLS 1.2+ in transit, AES-256 at rest
• Access Control: Role-based access with multi-factor authentication
• Monitoring: 24/7 security monitoring and logging
• Auditing: Regular security audits and penetration testing
• Incident Response: Documented breach notification procedures

We do not sell, rent, or share your data with third parties for marketing purposes. We may share data with:

Service Providers

Microsoft Azure (hosting), Azure OpenAI (email processing), and other vendors who have signed BAAs and are bound by confidentiality obligations.

Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

We retain your data for as long as your account is active or as needed to provide services. When you terminate your account:

• Email data and draft responses are deleted within 30 days
• Account information is retained for 90 days for billing and legal purposes
• Aggregated, de-identified analytics data may be retained indefinitely
• You may request immediate deletion by contacting us at privacy@auxtri.com

You have the right to:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Request a machine-readable copy of your data
• Restrict Processing: Request we limit how we use your data
• Object: Object to processing for certain purposes

To exercise these rights, contact us at info@auxtri.com.

We use essential cookies to maintain your session and provide the service. We do not use advertising or tracking cookies.

We use Azure Application Insights for error tracking and performance monitoring. No PHI is logged in analytics.

Auxtri is based in the United States. If you access our service from outside the U.S., your information will be transferred to and processed in the United States. By using Auxtri, you consent to this transfer.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Auxtri platform. Your continued use of Auxtri after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data please email us at info@auxtri.com