Security for Technical Leadership

Security & Privacy Overview

Cost Truth is built for companies that handle sensitive invoicing and margin data. We take data security seriously and design controls to be operational, auditable, and explicit.

Core security posture

  • Dedicated database schema per customer instance (isolation by design).
  • Encrypted transport for application traffic and control-plane channels.
  • Host-level disk encryption and encrypted off-host backups (restic client-side encryption).
  • Hosted infrastructure on OVHcloud in France, with on-prem option for maximum control.

Privacy and accountability

  • Compliance with EU GDPR and applicable data privacy laws is a core requirement.
  • Support access is explicit, time-limited, and customer-approved.
  • WebAuthn security-key MFA is part of the account security model.
  • No ambiguity: controls are documented with implementation status.

Important transparency note

Cost Truth is not a zero-knowledge system. As infrastructure operators, we can technically access systems, but production policy and application controls require explicit customer permission and a limited access window for support interventions.

For the complete technical model, control boundaries, and release-gate checklist, see the technical security page.