Take the whole briefing into the approval — one board-ready deck, plus a filled-in security questionnaire for procurement.
ROI Briefing
The one-screen case for the spend. Enter your own assumptions — this is your model, not ours. We never fabricate a savings number. Saved to your account across devices.
Monthly cost
$297
3 × $99/mo
Est. monthly value
$1,080
your assumption
Net / month
+$783
264% ROI
Payback
0.28 mo
cost ÷ monthly value
Sensitivity — what if hours saved are off?
cost fixed; value flexes ±30%Conservative
-30%ROI / mo
155%
- Net / mo
- +$459
- Payback
- 0.39 mo
- Hrs/seat
- 4.2
Expected
baseROI / mo
264%
- Net / mo
- +$783
- Payback
- 0.28 mo
- Hrs/seat
- 6
Aggressive
+30%ROI / mo
373%
- Net / mo
- +$1,107
- Payback
- 0.21 mo
- Hrs/seat
- 7.8
Conservative assumes you capture 30% less time-savings than expected; aggressive, 30% more. If even the conservative column clears your hurdle rate, the case holds under pressure.
Value = hours saved × blended cost × seats. These are your estimates; adjust them to what your finance team will accept. We deliberately do not ship a default "X% savings" claim — that would be theater.
TCO Projection
Total cost of ownership over the term, per published tier. Every figure is monthly × months — no fabricated annual discount.
| Tier | Monthly | 12 mo | 24 mo | 36 mo |
|---|---|---|---|---|
| Free1 evaluator | $0 | $0 | $0 | $0 |
| Starter1 paid seat | $87 | $1,044 | $2,088 | $3,132 |
| ProUp to a small team | $297 | $3,564 | $7,128 | $10,692 |
Linear projection at published rates. For annual prepay or multi-seat quotes, request a written quote from the BSS owner — those terms are not surfaced here, so we don't guess them.
Contract Terms
What a click actually buys, and what needs a conversation. We separate the two so there are no surprises in procurement.
Self-serve today
Billing cadence
Month-to-month, charged via Stripe
Minimum commitment
None — cancel anytime, effective end of period
Seats
Per published tier; upgrade/downgrade self-serve
Payment method
Card via Stripe Checkout
Request a written quote
Annual prepay / discount
Not surfaced self-serve — request a written quote
Custom MSA / DPA / security review
Available on request — not a self-serve click
Invoicing / PO / NET terms
Not self-serve today — request from the BSS owner
Honesty: BSS is a self-serve product. If your procurement requires an MSA, DPA, invoicing, or annual terms, those are available on request — but they are not a self-serve checkout click today.
What you can tell your security team — with the honest gaps flagged, not hidden. Hand this straight to a reviewer.
Tenant data isolation (server-side RLS)
ReadySupabase RLS on write paths with the authed user JWT; service_role is server-only, never bundled to the client.
Encryption in transit
ReadyHTTPS everywhere via the platform edge; httpOnly + SameSite session cookies.
Payment data handling
ReadyCard data never touches BSS servers — Stripe Checkout + signature-verified webhooks.
Secret handling
ReadySecrets never logged or echoed; API keys shown once at creation, never re-returned.
Rate limiting / abuse protection
ReadyDurable token-bucket rate limiting on public endpoints with standard 429 headers.
Audit trail for write actions
PartialUsage events recorded today; a dedicated admin-grade audit log is planned, not yet shipped.
SOC 2 / ISO 27001 attestation
GapNo third-party attestation today. Be honest with your security team: this is a self-serve product, not an audited enterprise vendor (yet).
Signed DPA / sub-processor list
PartialSub-processors (Supabase, Stripe, platform host) are disclosed; a counter-signed DPA is available on request, not self-serve.
We deliberately surface the gaps (no third-party attestation yet; audit log planned). A buyer briefing that hid them would fail the first security review — and waste your time.
Where your data lives and where payment flows — the diagram your security reviewer will ask for. Factual nodes, no marketing arrows.
- Your team’s browser — No install; SSR + hydrated React.
- Platform edge / CDN — TLS termination, routing, DDoS shield.
- BSS application — Tool execution, dashboards, billing logic.
- Postgres (RLS) — Your data, isolated per tenant.
- Stripe — Billing + payment — card data stays here.
- LLM providers — Provider-agnostic; only where AI tools are used.
Card data never reaches BSS servers — it flows to Stripe directly. Your business data sits in tenant-isolated Postgres. Edge style: solid = direct call; dashed = signed webhook.
Tools that produce a defensible artifact to attach to the approval. Pulled live from the BSS registry. They inform the decision — they don't make it for you.
Loading tool registry…