1. Two products, two data flows
Zentriq ships two independent products. They have different data flows. Read the one relevant to you, or both.
1.1 PunchOut (Chrome extension → BC API direct)
- You shop on a supported e-commerce site (Galaxus, Brack, Microspot, RS, Amazon Business, …) inside your normal Chrome session.
- Zentriq PunchOut Chrome extension reads the cart DOM in your browser and structures it as cart lines. Cart data stays in your browser.
- Zentriq backend (app.zentriqsoftware.com) is called only to check that your account has credits and to debit one credit on confirmed capture. The cart itself never transits the Zentriq backend.
- Your BC tenant receives the cart lines directly from Chrome via BC's standard OData API, signed with the Microsoft OAuth2 access token you obtained at install time (PKCE flow, no shared secret).
What this means: the products you buy, their prices, and your vendor relationships never leave the path Chrome → your BC tenant. Zentriq sees only metadata (timestamp, vendor host, line count) for billing and telemetry.
1.2 Agent (in-BC chat → Zentriq backend → Anthropic)
- You open the Zentriq Agent page inside Business Central and type a question.
- Zentriq backend orchestrates the chat: it interprets the question, calls the BC API on your behalf for the records needed, and forwards the message + BC context to Anthropic.
- Anthropic (Claude) generates the answer. Anthropic applies a zero data retention policy to our API account — your data is not retained beyond the API call and is never used to train models.
- Your BC tenant — the Zentriq backend issues API calls on your behalf using an OAuth refresh token provisioned at install. Every call is subject to your BC user's own permissions.
2. What each product accesses
2.1 PunchOut
- Cart DOM on supported e-commerce sites (read only, in your browser)
- Microsoft account email, name, tenant ID (from sign-in)
- In BC: read
Item, Item Template, Vendor, Req. Wksh. Name; insert on Requisition Line. Nothing else. The permission set ships with the BC .app. - Anonymous usage events (capture count, vendor host, success/failure) — no cart contents
2.2 Agent
- Microsoft account email, name, tenant ID (from sign-in)
- BC data fetched in real time to answer your questions (customer cards, purchase orders, ledger entries — only what each query requires)
- Your chat messages and AI responses (stored so you can resume past conversations)
- Anonymous usage metrics (page views, feature usage, error rates)
3. What we don't access
- We do not export your full BC database — neither product does a bulk pull.
- We do not store BC credentials in plaintext — refresh tokens are encrypted at rest with AES-256.
- We do not store cart contents on Zentriq servers (PunchOut goes Chrome → BC API direct).
- We do not share your data with third parties beyond the infrastructure providers listed in §9.
- We do not train AI models on your data. Anthropic's zero-retention policy applies to all our API usage.
4. Encryption
| Channel | Standard |
|---|
| In transit (Chrome → BC API) | TLS 1.3 (PunchOut direct path) |
| In transit (browser → Zentriq backend) | TLS 1.3 (minimum TLS 1.2) |
| In transit (Zentriq → Anthropic) | TLS 1.3 |
| In transit (Zentriq → BC API) | TLS 1.3 |
| At rest (database) | AES-256 (Neon managed encryption) |
| At rest (BC refresh tokens) | AES-256-GCM, application-layer, key rotated quarterly |
| At rest (attachments) | AES-256 (Vercel Blob) |
5. Data residency
| Data | Where |
|---|
| Database (accounts, billing, Agent conversations) | EU (Neon Postgres, Frankfurt) |
| Application runtime | EU (Vercel, Frankfurt + Paris edges) |
| File attachments | EU (Vercel Blob) |
| Sentry error reports | EU (Sentry SaaS, Frankfurt region) |
| AI inference (Agent only) | US (Anthropic, zero retention) |
| PunchOut cart contents | Never persisted on Zentriq — Chrome → BC direct |
| Your BC tenant | Wherever Microsoft provisioned it (we never relocate it) |
Enterprise customers with EU-only requirements: we're evaluating Anthropic's EU region (beta). Contact sales@zentriqsoftware.com if this is a deal-breaker.
6. Retention
- Agent conversations — kept until you delete them or close your account.
- PunchOut capture history — metadata only (timestamp, vendor host, line count); 12 months. No cart contents stored.
- Usage logs — 90 days.
- Sentry error reports — 90 days (rolling).
- BC refresh tokens — until you disconnect BC from the app, or 90 days of inactivity.
- Stripe billing records — 7 years (legal obligation).
7. Access controls
- Production database access — restricted to 2 Zentriq employees. MFA mandatory. Access logged.
- Code deploys — via GitHub → Vercel. All deploys signed by known committers.
- Third-party admin consoles (Stripe, Anthropic, Neon, Vercel, Sentry) — all MFA-protected.
- Your BC permissions are the ultimate gate — even a compromised Zentriq backend can't do more in BC than your individual user's permissions allow. PunchOut runs under the user's own token; Agent runs under the user's refresh token.
8. Incident response
In the event of a security incident:
- We notify affected customers within 72 hours of discovery (in line with GDPR Art. 33).
- Disclosure includes: what happened, what data was involved, what we did to contain it, and what you should do.
- For post-mortems, we publish a redacted summary once the incident is closed.
- Report a suspected issue: security@zentriqsoftware.com (PGP key on request).
9. Third-party processors
| Service | Purpose | Used by | DPA |
|---|
| Microsoft Entra ID | Authentication | Both | Yes |
| Anthropic | AI inference | Agent only | Yes (+ zero retention) |
| Stripe | Payment processing | Both | Yes |
| Vercel | Application + blob hosting | Both | Yes |
| Neon | PostgreSQL database | Both | Yes |
| Sentry | Error tracking | Both | Yes |
| Resend | Transactional email | Both | Yes |
10. Your rights (GDPR / nFADP)
You can:
- Export — request a JSON export of all your data. Email privacy@zentriqsoftware.com (fulfilled within 30 days).
- Delete — trigger full account deletion from your dashboard. Cascades delete all captures, conversations, and memberships; Stripe subscriptions cancelled automatically.
- Disconnect BC — revoke the OAuth refresh token anytime in your dashboard, or uninstall the BC
.app. Zentriq immediately loses all access to your BC tenant. - Object / restrict — email us, we honor your request.
11. Certifications and roadmap
- GDPR + nFADP: compliant (Swiss entity, EU processing).
- SOC 2 Type II: in progress — expected Q4 2026. Ask for our Readiness Assessment if you need it before then.
- ISO 27001: on 2027 roadmap.
Questions? security@zentriqsoftware.com — we reply within 1 business day. Also see: Privacy Policy · Terms · 2-page Security Overview (printable).