Uploads are for analysis, not model training
Uploaded emails are used to produce the requested risk result and workspace history. They are not added to training datasets or public demos.
Payment-risk scans should be explainable, private, and easy to erase.
PayShield is the customer payment-risk app for finance teams handling sensitive supplier emails. It keeps invoice, bank-detail, and payment release decisions inside a signed-in workspace.
Stored results have deletion and purge controls
Workspace scan history can be deleted from the app. Production retention tooling also supports purging older SaaS scan, lock, usage, and audit rows.
Plan-gated checks are visible
Paid checks such as URL reputation, domain intelligence, attachment sandboxing, browser detonation, and LLM reasoning are only run when the workspace plan allows them.
User accounts are separate from analyst admin
Customer workspaces use email and password login with CSRF-protected actions. Owner admin tools stay separate from the public product flow.
Mailbox monitoring requires explicit connection
The app does not read a mailbox just because a user signs in. Monitoring requires a connected account, encrypted credentials, plan permission, and a mailbox worker separate from owner admin tools.
Sensitive capabilities stay gated
Live analysis, billing, stored history, feedback learning, and mailbox monitoring stay behind normal user authentication or private analyst authentication, depending on the surface.