How CostMind protects your credentials and accesses only what it needs.
CostMind reads exclusively from BigQuery's INFORMATION_SCHEMA views: job history, query text, bytes processed, table names, and sizes. We never read the contents of your tables, never access query results, and never store data outside of job metadata.
GCP service account keys are encrypted at rest using AES-256 before being stored in our database. Optionally, credentials can be stored entirely in Google Secret Manager — in this case we never write the key to our database at all. Credentials are never logged, never returned in API responses, and never transmitted in plaintext.
The service account you connect requires only three roles: BigQuery Metadata Viewer (to read INFORMATION_SCHEMA), BigQuery Resource Viewer (to access job history), and optionally Billing Viewer. No write permissions are required or requested. We publish the exact IAM setup in our documentation.
CostMind runs on Railway (US region) with isolated containers per service. Our PostgreSQL database is not publicly accessible. All traffic is encrypted in transit via TLS 1.2+. Database backups are encrypted and retained for 7 days.
Passwords are hashed using bcrypt. JWTs are short-lived and scoped to your organization. We support password reset via time-limited tokens. SSO/SAML is available on Enterprise plans.
If you discover a security vulnerability, please report it responsibly to hello@costmind.io. We aim to acknowledge reports within 48 hours and resolve critical issues within 7 days. We do not pursue legal action against good-faith security researchers.
roles/bigquery.metadataViewerRequired — reads INFORMATION_SCHEMAroles/bigquery.resourceViewerRequired — reads job historyroles/billing.viewerOptional — enables billing dataContact us at hello@costmind.io. For vulnerability reports, please include a description of the issue and steps to reproduce.