🛡️

Secure by Design.

Your financial data is sensitive. We treat it that way. Purple Billing is built with enterprise-grade security controls from day one.

Read-Only Access

We only request Viewer permissions in your SentinelOne console. Purple Billing cannot change security policies, delete sites, or modify agent configurations.

Encryption Everywhere

Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your API keys are stored in a dedicated secrets manager, never in plain text.

Least Privilege

Our internal access controls are strict. Only authorized engineers have access to production infrastructure, protected by MFA and hardware keys.

Audit Logs

Every action within the Purple Billing platform is logged. You can export audit trails to see who accessed what financial report and when.

Data Isolation

Financial data is logically separated. Billing snapshots are stored immutably to serve as a system of record for revenue recognition.

SOC2 Alignment

Our controls mapping follows SOC2 Trust Services Criteria. We are currently undergoing our observation period for Type II attestation.