Built for read-only analysis with least-privilege principles

Billing data is transmitted over TLS and encrypted at rest using industry-standard algorithms provided by our infrastructure providers.

SpendLens analyzes the billing exports you upload. We do not connect to your cloud accounts to make changes; every recommendation is advisory.

CSV uploads are limited by plan, validated as CSV files, and processed only for the requested analysis. Paid report history stores summaries and findings for the configured retention window, with cleanup support for expired report records and private PDF exports. Email addresses and obvious credential patterns in parsed billing strings are redacted before analysis output.

Internal access to customer data follows least-privilege principles, with authentication required for any administrative operation.

SpendLens uses deterministic rules for calculations and findings. AI is used only to explain and summarize those findings, with minimized context shared when AI wording is requested.

Found a security issue? Please report it privately to security@rajdharma.co.in. We acknowledge reports promptly and work to remediate confirmed issues quickly.

Data minimization

Upload only cloud billing exports needed for analysis. Do not upload passwords, private keys, customer records, or secrets. SpendLens does not need cloud account write access.

Data residency

SpendLens is operated by Rajdharma Technologies Pvt. Ltd. and currently uses managed cloud subprocessors including AWS/EC2, Vercel, Supabase, Paddle, Google Analytics, and optional AI providers. Enterprise customers with jurisdiction-specific residency requirements should request current hosting region details before onboarding.

See our subprocessor summary.

Incident response

We triage security reports, investigate confirmed issues, remediate affected systems, and notify impacted customers when legally or contractually required.