Security & Data Handling for SaaS Management
Satellite stores and processes SaaS spend and renewal data for finance teams. Here is an honest, code-verifiable account of the controls in place today, how your data stays portable, exactly how a pre-contract spend scan is handled — and how we build with AI, disclosed plainly.
Controls in place today
Every claim below is verifiable against the product’s backend. We do not list anything aspirational as if it already ships.
Per-organization data isolation
Every organization’s data is stored under a unique organization ID, and every database read and write is scoped to that ID at the service layer — not just in the UI. One organization’s applications, expenses, and integrations are never retrievable by another.
Authentication
Passwords are hashed with bcrypt — salted, never stored in plaintext. Sessions use short-lived JWT access tokens with hashed refresh tokens; the raw refresh token is never persisted. Every API endpoint requires a valid bearer token.
Transport security
All traffic between your browser and the backend travels over HTTPS/TLS. The backend enforces CORS to restrict cross-origin access to known origins.
Rate limiting
API endpoints are rate-limited at both the request and per-operation level. The full data-export endpoint, for example, is capped at one request per 24 hours per user.
Activity logging
Meaningful user actions are recorded to a structured activity log with a timestamp and metadata. That log is yours — it is included in every data export.
Infrastructure
The backend runs on AWS. API keys and database credentials are managed through AWS Secrets Manager — never hardcoded or committed to source.
How the free spend scan handles your data
Before there is any contract, the AI & SaaS spend scan reads a spend export you send. A pre-contract file is a real ask of any vendor — so here is exactly how it is treated.
CSV only — nothing connects to your systems
Before there is any contract, the AI & SaaS spend scan works from an expense export you already have. Nothing connects to your accounting, your card provider, or your Google Workspace. OAuth connections only ever happen after you decide to move forward.
Processed in an isolated workspace
A pre-contract CSV is processed in an isolated workspace — never loaded into the production database alongside customer data. It stays separate from the running product.
AI processing, disclosed plainly
The report is generated with the help of AI. We say so up front rather than burying it. The AI reads the spend export to summarize your tools and recurring costs — it does not connect to any live system.
Deleted within 14 days
If you do not decide to move forward, the export and anything derived from it are deleted within 14 days. No quiet retention.
Mutual NDA on request
A pre-contract spend export is sensitive. If a lightweight mutual NDA makes the scan easier to say yes to, we will sign one up front — just ask.
Your data is always yours
Satellite is built so your data belongs to you, not to us. There is a real, self-serve export — and no lock-in by design.
Any authenticated user can trigger a full data export from account settings and get back a single structured JSON file — no support ticket, no waiting period, no cancellation fee gating it. It is rate-limited to once every 24 hours to prevent abuse, and otherwise unrestricted. If you ever leave, you leave with everything.
What a full export includes
Your full application and SaaS portfolio (name, provider, category, cost) All expense records Every contract, with renewal dates and cancellation windows Connected integrations and their connection timestamps Your employee directory records Your complete activity log
Account deletion is real
If you cancel, you can request full account and data deletion. Hard deletion of all organization data is processed automatically after a short confirmation window — we do not retain data past that window.
Radical transparency — no lock-in, no fine print
The most common question from finance and IT buyers is a version of: “what happens to my data if this goes away?” It is fair. Here is the direct answer.
The incumbents in SaaS management are priced for enterprise procurement — the quote pays for large sales teams, enterprise onboarding, and org charts. Satellite does not carry that overhead. We build with AI as a deliberate company practice — it is how we deliver real SaaS management at a mid-market price, without a procurement gauntlet — and we disclose exactly where AI is used rather than burying it.
With a large vendor, your ticket joins a queue and your feature request joins a roadmap balanced across hundreds of accounts. With Satellite, you get white-glove service and direct access to the people who build the product. And because trust should not rest on promises, the permanence question is answered in the product itself — a self-serve full export in standard formats, and real deletion terms. You are never locked in.
Your data is always exportable
Full self-serve export, on demand, no support ticket. If Satellite disappeared tomorrow, you would have your complete dataset within minutes.
The product is not bespoke
Your data lives in standard, structured formats — JSON export and CSV import. You are not locked into a proprietary format only Satellite can read.
The price funds the attention
The mid-market price is what funds white-glove service — concierge onboarding, a dedicated specialist who knows your stack, and support that is a direct line to the people who build the product rather than a ticket queue.
What we do not claim yet
If a control is a gating requirement for your team, ask directly. The honest answer is always the one we give.
Security & data-handling questions
What data does Satellite touch, and how is it stored?
Satellite stores SaaS applications, expenses, contracts, integrations, an employee directory, and an activity log — all scoped to your organization ID and isolated from every other organization at the service layer. It runs on AWS with credentials managed via AWS Secrets Manager, and all traffic travels over HTTPS/TLS.
What happens to the CSV I send for a free spend scan?
It is processed in an isolated workspace, never the production database. It is read with the help of AI to build your report, nothing connects to your live systems, and it is deleted within 14 days unless you decide to move forward. A mutual NDA is available on request.
Can I export everything and leave whenever I want?
Yes. Any authenticated user can trigger a full JSON export of everything Satellite holds for your organization — applications, expenses, contracts, integrations, employee directory, and activity log — from account settings. No support ticket, no cancellation fee, no export-on-request policy. It is rate-limited to once per 24 hours to prevent abuse and otherwise unrestricted.
Do you use AI, and where?
Yes, and we are direct about it. We build and maintain Satellite with AI as a deliberate company practice — it is how we deliver the product at a mid-market price — and the pre-contract spend scan is generated with AI. That is a build-and-analysis practice — not an AI governance or shadow-AI enforcement product, which Satellite does not claim to be.
Is Satellite SOC 2 certified?
No. There is no completed SOC 2 audit report, and we do not claim one. Some underlying infrastructure controls are in place, but the audit has not been conducted. If a specific control is a gating requirement for your team, ask directly — the honest answer is the one you will get.
What happens to my data if Satellite goes away?
You keep everything. Your data is always exportable, self-serve, in standard formats — JSON export and CSV — so you are never locked in, and account deletion is real: hard deletion after a short confirmation window. We answer the permanence question with portability and deletion terms, not promises.
Trust is a conversation, not a certificate
Bring your questions — about data handling, the scan, or continuity. One call scopes your stack and answers them directly.
Book a callPrefer to explore first? Start a 14-day free trial →