Start free trial

Security

Billing data handled like production infrastructure.

Read-only collectors, per-customer isolation, EU residency under Spot Cloud B.V., and Spot Suite identity on every tier.

  • Spot Suite OIDC SSO

    Single sign-on via Spot Suite OIDC with Microsoft Entra. Business adds SAML and OIDC federation.

  • Dedicated per-customer isolation

    Each customer gets their own Worker, D1 database, and storage. No shared tenancy for billing or attribution data.

  • Tenant-scoped data

    Cost records, attribution rules, and audit events are scoped to your tenant. Cross-tenant access is not possible at the application layer.

  • EU data residency

    Billing data is processed and stored in EU jurisdiction on Cloudflare Workers, D1, and R2 under Spot Cloud B.V. Deleted within 30 days of contract end.

  • Audit logging

    Sign-in events, configuration changes, and export actions are recorded for review on the Business tier.

  • Control mapping: ISO 27001 · DORA · GDPR

    Platform controls are mapped to ISO 27001:2022, DORA, and GDPR for billing data handling. Audit evidence is shared under NDA — formal SOC 2 or ISO certifications are not claimed.

  • Read-only cloud access

    Collectors use AWS IAM role, Azure service principal, GCP service account, or StackIT project token. Write permissions are never requested.

  • Passkeys and MFA

    All tiers require passkeys or authenticator-app MFA through Spot Suite identity. No password-only access.

Questions about our posture?

Book a 30-minute walkthrough of isolation, data handling, and cloud access scopes.

Book a demo Read FinOps details