Trust & data handling

Security & Data Handling for SaaS Management

Satellite stores and processes SaaS spend and renewal data for finance teams. Here is an honest, code-verifiable account of the controls in place today, how your data stays portable, exactly how a pre-contract spend scan is handled — and how we build with AI, disclosed plainly.

Controls in place today

Every claim below is verifiable against the product’s backend. We do not list anything aspirational as if it already ships.

Per-organization data isolation

Every organization’s data is stored under a unique organization ID, and every database read and write is scoped to that ID at the service layer — not just in the UI. One organization’s applications, expenses, and integrations are never retrievable by another.

Authentication

Passwords are hashed with bcrypt — salted, never stored in plaintext. Sessions use short-lived JWT access tokens with hashed refresh tokens; the raw refresh token is never persisted. Every API endpoint requires a valid bearer token.

Transport security

All traffic between your browser and the backend travels over HTTPS/TLS. The backend enforces CORS to restrict cross-origin access to known origins.

Rate limiting

API endpoints are rate-limited at both the request and per-operation level. The full data-export endpoint, for example, is capped at one request per 24 hours per user.

Activity logging

Meaningful user actions are recorded to a structured activity log with a timestamp and metadata. That log is yours — it is included in every data export.

Infrastructure

The backend runs on AWS. API keys and database credentials are managed through AWS Secrets Manager — never hardcoded or committed to source.

How the free spend scan handles your data

Before there is any contract, the AI & SaaS spend scan reads a spend export you send. A pre-contract file is a real ask of any vendor — so here is exactly how it is treated.

CSV only — nothing connects to your systems

Before there is any contract, the AI & SaaS spend scan works from an expense export you already have. Nothing connects to your accounting, your card provider, or your Google Workspace. OAuth connections only ever happen after you decide to move forward.

Processed in an isolated workspace

A pre-contract CSV is processed in an isolated workspace — never loaded into the production database alongside customer data. It stays separate from the running product.

AI processing, disclosed plainly

The report is generated with the help of AI. We say so up front rather than burying it. The AI reads the spend export to summarize your tools and recurring costs — it does not connect to any live system.

Deleted within 14 days

If you do not decide to move forward, the export and anything derived from it are deleted within 14 days. No quiet retention.

Mutual NDA on request

A pre-contract spend export is sensitive. If a lightweight mutual NDA makes the scan easier to say yes to, we will sign one up front — just ask.

Your data is always yours

Satellite is built so your data belongs to you, not to us. There is a real, self-serve export — and no lock-in by design.

Any authenticated user can trigger a full data export from account settings and get back a single structured JSON file — no support ticket, no waiting period, no cancellation fee gating it. It is rate-limited to once every 24 hours to prevent abuse, and otherwise unrestricted. If you ever leave, you leave with everything.

The export covers the core data objects below. It does not yet include historical dashboard snapshots. If you need a specific shape for migrating into another tool, tell us and we will work through it directly.

What a full export includes

  • Your full application and SaaS portfolio (name, provider, category, cost)
  • All expense records
  • Every contract, with renewal dates and cancellation windows
  • Connected integrations and their connection timestamps
  • Your employee directory records
  • Your complete activity log

Account deletion is real

If you cancel, you can request full account and data deletion. Hard deletion of all organization data is processed automatically after a short confirmation window — we do not retain data past that window.

Radical transparency — no lock-in, no fine print

The most common question from finance and IT buyers is a version of: “what happens to my data if this goes away?” It is fair. Here is the direct answer.

The incumbents in SaaS management are priced for enterprise procurement — the quote pays for large sales teams, enterprise onboarding, and org charts. Satellite does not carry that overhead. We build with AI as a deliberate company practice — it is how we deliver real SaaS management at a mid-market price, without a procurement gauntlet — and we disclose exactly where AI is used rather than burying it.

With a large vendor, your ticket joins a queue and your feature request joins a roadmap balanced across hundreds of accounts. With Satellite, you get white-glove service and direct access to the people who build the product. And because trust should not rest on promises, the permanence question is answered in the product itself — a self-serve full export in standard formats, and real deletion terms. You are never locked in.

Your data is always exportable

Full self-serve export, on demand, no support ticket. If Satellite disappeared tomorrow, you would have your complete dataset within minutes.

The product is not bespoke

Your data lives in standard, structured formats — JSON export and CSV import. You are not locked into a proprietary format only Satellite can read.

The price funds the attention

The mid-market price is what funds white-glove service — concierge onboarding, a dedicated specialist who knows your stack, and support that is a direct line to the people who build the product rather than a ticket queue.

What we do not claim yet

If a control is a gating requirement for your team, ask directly. The honest answer is always the one we give.

SOC 2No completed SOC 2 Type 1 or Type 2 audit report exists. Some of the underlying infrastructure controls are in place, but the audit itself has not been conducted. We will not claim it until it is real.
Penetration testNo third-party penetration-test report is available yet.
GDPR DPANo formal Data Processing Agreement is published today, though the self-serve export and deletion capabilities support data subject-rights requests. Ask if you need one.
SSO / SAMLSingle sign-on is not available today. Authentication is email and password with hashed credentials.

Security & data-handling questions

What data does Satellite touch, and how is it stored?

Satellite stores SaaS applications, expenses, contracts, integrations, an employee directory, and an activity log — all scoped to your organization ID and isolated from every other organization at the service layer. It runs on AWS with credentials managed via AWS Secrets Manager, and all traffic travels over HTTPS/TLS.

What happens to the CSV I send for a free spend scan?

It is processed in an isolated workspace, never the production database. It is read with the help of AI to build your report, nothing connects to your live systems, and it is deleted within 14 days unless you decide to move forward. A mutual NDA is available on request.

Can I export everything and leave whenever I want?

Yes. Any authenticated user can trigger a full JSON export of everything Satellite holds for your organization — applications, expenses, contracts, integrations, employee directory, and activity log — from account settings. No support ticket, no cancellation fee, no export-on-request policy. It is rate-limited to once per 24 hours to prevent abuse and otherwise unrestricted.

Do you use AI, and where?

Yes, and we are direct about it. We build and maintain Satellite with AI as a deliberate company practice — it is how we deliver the product at a mid-market price — and the pre-contract spend scan is generated with AI. That is a build-and-analysis practice — not an AI governance or shadow-AI enforcement product, which Satellite does not claim to be.

Is Satellite SOC 2 certified?

No. There is no completed SOC 2 audit report, and we do not claim one. Some underlying infrastructure controls are in place, but the audit has not been conducted. If a specific control is a gating requirement for your team, ask directly — the honest answer is the one you will get.

What happens to my data if Satellite goes away?

You keep everything. Your data is always exportable, self-serve, in standard formats — JSON export and CSV — so you are never locked in, and account deletion is real: hard deletion after a short confirmation window. We answer the permanence question with portability and deletion terms, not promises.

Trust is a conversation, not a certificate

Bring your questions — about data handling, the scan, or continuity. One call scopes your stack and answers them directly.

Book a call

Prefer to explore first? Start a 14-day free trial →