We raised $1M so you never overpay your suppliersRead the announcement
Request an audit
01Security & trust

Security is the first conversation, not the last.

Your security team clears us before we receive a single file. We arrive at that review prepared, with read-only access, independently audited controls, and claim standards that protect your supplier relationships.

02The posture

What your security team will want to know.

Read-only, always

We receive data extracts and read from approved connectors. We never write to your systems, never send, and never delete.

SOC 2 Type II

Independent attestation of our security controls, available under NDA before your first security review.

Encrypted end to end

Data is encrypted in transit and at rest. Engagement data is scoped, segregated, and deleted on a defined schedule.

Scoped access

Least-privilege by default. Email connectors, where used, are scoped to merchandising and AP mailboxes only.

GDPR & CCPA posture

Data-protection posture is designed in before we touch any regulated data, including cross-border transfer rules.

HIPAA-ready

Where an engagement touches healthcare or employee data, we operate under the appropriate safeguards.

03How we handle your data

The data we request, and where it goes.

Onboarding is a file transfer, not an integration project. The broadest scope we ever request is read-only access to the mailboxes where commercial terms are agreed, because those terms never reach your ERP. Access is limited, logged, and revocable at any time.

Read-onlyNo write-backScoped & deleted on schedule
01

You export

The same audit extracts your team already produces today, as flat files, on your schedule.

02

We ingest, read-only

Our systems map the files automatically. Nothing is written back to your ERP, and nothing leaves the agreed scope.

03

We detect & evidence

Findings are assembled into evidence packages. Anything uncertain is flagged for review and never claimed.

04

You approve

Every claim routes through your own pre-approval workflow before a supplier ever sees it.

04Supplier relationships

A recovery should never cost you a supplier.

Poorly documented claims strain supplier relationships, and the industry has a reputation for them. We hold every claim to a defined standard: validated evidence, documentation a supplier can verify, and your approval before anything is submitted.

Claim standards
Validated evidence
Every claim is documented before it's raised
Supplier-friendly
Clear, defensible, easy to reconcile
Client pre-approval
Nothing submitted in your name without your sign-off
Recent claims only
Raised within supplier claim-back windows
StickerFor your security team

We meet your reviewers before we see your data.

Request our SOC 2 report, data-handling documentation, and the data request specification under NDA. From there, we scope a read-only audit.

Request an audit See how it works