Trust, Security & Compliance at DPO
DPO helps organizations control spend, approve purchase orders, process invoices and manage budgets securely. Our platform is built to protect financial data, support compliance requirements and provide transparent, audit-ready workflows.
ISO 27001 certified company
Hosted in the EU
GDPR compliant
GoBD compliant
Secure approval workflows
Audit-ready documentation
.png)
.png)
01.
Security
Security designed for financial workflows
DPO is built for organizations that need control, transparency and accountability across their purchasing and invoice processes. We apply technical and organizational measures to protect customer data, secure access to the platform and support reliable, auditable workflows.
Secure user authentication and controlled platform access
Role-based approval workflows
Full audit trails for purchase orders, approvals and invoice decisions
TLS/SSL encryption for secure data transmission
Protection of confidential financial and business documents
Continuous improvement of security controls and internal processes
02.
Compliance
Compliance you can rely on
DPO supports companies in maintaining compliant, transparent and well-documented purchasing and invoice approval processes. Our platform helps teams standardize approvals, document decisions and prepare financial workflows for internal controls and audits.
ISO 27001
Digital Purchase Order is an ISO 27001 certified company, supporting a structured information security management approach.
GDPR
We treat personal data confidentially and process data in accordance with applicable data protection regulations, including the GDPR.
GoBD
DPO supports audit-ready documentation and is listed as GoBD compliant on the Digital Purchase Order website.
EU Hosting
DPO states that it is hosted in the EU, specifically Dublin/Ireland.
03.
Data Privacy
Privacy and data protection
The protection of personal and business data is a core priority for Digital Purchase Order. We process personal data only where necessary to provide our website, platform and services, to support customer relationships and to meet legal or contractual obligations.
Personal data is processed confidentially and in accordance with statutory data protection regulations.
DPO generally processes personal data within the EU/EEA.
Where data is processed outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses are used where required.
Data processing agreements are concluded with relevant third-party providers where they act as processors.
04.
AI & Invoice Automation
Responsible use of AI in invoice automation
Digital Purchase Order uses automation and AI-supported technologies to streamline invoice capture, matching and approval workflows. These technologies help extract invoice data, connect invoices with purchase orders and highlight discrepancies. Customers remain responsible for reviewing and validating extracted information before approving transactions.
AI-supported invoice data extraction
Automated invoice-to-PO matching
Detection of discrepancies and duplicates
Customer review before final validation
Human approval workflows remain part of the process
05.
Third-party Providers
Trusted service providers
Digital Purchase Order works with selected third-party providers to deliver, secure and improve its services. Where third-party providers process personal data on our behalf, appropriate data processing agreements are concluded to ensure an adequate level of protection.
Provider
Purpose
Location / Notes
Amazon Web Services / Amazon Textract
Invoice / document text extraction
Used for OCR/AI-supported document processing
Microsoft 365
Productivity, collaboration and communication
Microsoft Ireland Operations Limited
Okta
Identity management / secure login
Cloud-based identity management
Pendo
Product analytics, where consent applies
Usage analysis
Plausible Analytics
Website analytics
Privacy-friendly analytics
hCaptcha
Bot / spam protection
Security check for forms
Mailchimp
Newsletter delivery
Used for newsletter campaigns
PayPal
Payment processing
Used for online payment processing
06.
Penetration Testing & Security Reviews
Regular penetration testing and independent security reviews
DPO undergoes regular penetration testing and security assessments to identify potential vulnerabilities and continuously improve the security of our platform. These tests help us validate our technical safeguards, strengthen our infrastructure and maintain a high level of protection for customer data.
For security and confidentiality reasons, full penetration test reports are not publicly available. Customers and prospects may request access to the latest penetration test summary or security documentation as part of their vendor review process.
Regular penetration testing of the DPO platform
Independent security assessments
Continuous improvement based on identified findings
Security documentation available upon request
Full reports shared only under appropriate confidentiality conditions
07.
Security FAQ
Is Digital Purchase Order ISO 27001 certified?
Yes. Digital Purchase Order states that it is an ISO 27001 certified company.
​
Where is DPO hosted?
DPO states that its platform is hosted in the EU, specifically in Dublin/Ireland.
​
Does DPO support GDPR requirements?
Yes. DPO’s Privacy Policy describes how personal data is processed in accordance with applicable data protection regulations, including the GDPR.
​
Does DPO use AI?
Yes. DPO uses AI-supported technologies for invoice automation, including invoice data extraction and matching. Extracted information should be reviewed and verified by the customer before validation.
​
Can DPO provide audit trails?
Yes. DPO highlights full audit trails across approval and finance workflows, including purchase order approvals and invoice decisions.
​
Who is the legal entity behind DPO?
Digital Purchase Order is operated by LeBog Software GmbH, Straßburger Str. 18, 10405 Berlin, Germany.
Hosted in the EU (Dublin/Ireland)
TÜV certificated
GoBD Compliant company
DIN EN ISO/IEC 27001
As simple as pressing a button.
Watch how an approved invoice moves from DPO to DATEV in seconds.
