We're a spend visibility tool. We're built like a vault.
Our customers hand us a map of every tool and every AI provider in their company. That's a sensitive surface. Here's how we treat it.
Every connector is scoped to the minimum read permissions needed to see spend and usage. No write access unless you explicitly enable an action (like sending a vendor email from your account).
For AI providers we read usage metadata — token counts, model, timestamp, team. We never read the contents of your prompts or completions.
TLS 1.3 everywhere. AES-256 for data at rest. Per-tenant encryption keys for sensitive fields. Secrets stored in a dedicated KMS.
Your data lives in your tenant. We never serve queries across tenants. Peer benchmarks use pre-aggregated, anonymized rollups — never row-level data.
One click revokes a connector. One click exports your data. One email ends your contract and deletes everything within 30 days.
SpendSlicer surfaces options. It does not move money, cancel vendors, revoke seats, or send emails without an explicit human click.
Honest about where we are.
We'd rather tell you what's in flight than paste a logo we haven't earned yet. Here's the real status.
Found something? Tell us first.
Email security@spendslicer.com. We acknowledge within 24 hours, triage within 72, and we'll coordinate disclosure with you. Safe-harbor for good-faith research.