The credentials you connect
To measure your stack, ELI stores an admin API key or an OAuth token for each tool you connect. Because these credentials matter, we protect them accordingly:Encrypted at rest
API keys you connect are stored as AES-256-GCM ciphertext. We never keep them
in plaintext.
Never shown again
Once saved, a key is never returned to your browser or displayed back, not
even to you.
OAuth where possible
For tools that support it, we use scoped OAuth tokens through a managed
connector vault instead of long-lived keys.
Revoke anytime
Disconnect a tool and we stop using its credentials and remove them.
Revocation takes effect immediately.
What ELI can see — and can’t
Can read
- Tool names, categories, and active status
- Monthly spend and seat counts per tool
- Active vs. inactive usage
- Team members and tool assignments
- Flagged tools — ghost, redundant, underused
- Renewal dates and contract terms
Never accessible
- Your stored connector keys (encrypted, never exposed — even to you)
- Raw payment card numbers (held by Stripe, never by ELI)
- Your passwords or login credentials
- Data from any other workspace
- Destructive tool actions without tool-management permission
Management actions
You stay in control. Beyond reading, ELI can run management actions on a connected tool — deactivate a departed member, change a role, reduce seats, or cancel a license — but only when you explicitly ask. Destructive actions are gated behind tool-management permissions, scoped to your workspace, and recorded in your activity log.How your data is protected
In transit
All traffic runs over HTTPS (TLS 1.2+).
At rest
Data is encrypted at rest (AES-256); connector credentials are additionally
sealed with AES-256-GCM.
Workspace-isolated
Every request is scoped to your workspace. A credential for one workspace can
never read or act on another.
No model training
Your data is never used to train or fine-tune any AI model, internal or
external.