Security & data
CostCtrl handles financial and operational data from operationally complex businesses. This page exists so your IT and compliance reviewer can answer their questions without a follow-up call.
Your data is hosted in the EU (on AWS, in Ireland) and separated by company, so your team only ever sees your own organisation's data. It's encrypted at rest with AES-256 and encrypted in transit with TLS 1.2.
No customer data is used to train AI models. The allocation engine is deterministic and fully auditable: it computes the numbers, and that calculation is always the source of truth. The AI layer that interprets those results runs inside our own AWS environment (Amazon Bedrock), so your data stays within the same boundary as the rest of CostCtrl and is never sent to an outside AI provider.
Your models, scenarios, and reports are scoped to your company, so people only ever access their own organisation's data.
Because the engine is deterministic, every number it produces traces back to the rule and the inputs that produced it. No black-box figures: a result we can't explain is not a result we'd put in front of you.
Data handling
We don't sell your data and we don't share it. It's held in the EU and separated by company, so it isn't commingled with anyone else's. If you have specific data-residency, processing, or single sign-on requirements, talk to us and we'll tell you honestly what we can support today and what's on the way.
Talk to us about security
We're happy to complete a vendor security questionnaire or walk your team through our architecture. Send a note and we'll respond within one business day.
Book a demo and we'll walk through both the product and the security architecture in one call.
Book a demo →