Billable CPQ is layered by design — a global edge network, SOC 2 Type 2 infrastructure, row-level data isolation, AES-256 at rest, and TLS 1.3 in transit. Here's the full stack — layer by layer.
We don't roll our own infrastructure. Billable CPQ runs on three independently audited platforms that each carry active third-party security certifications.
Static site hosting, global edge routing, TLS termination, DDoS mitigation, and Web Application Firewall. 330+ data centers worldwide.
Postgres-based backend platform — authentication, REST/GraphQL API, storage, and Edge Functions. Isolated Postgres instance per project; not multi-tenant shared.
Supabase runs exclusively on AWS across 17 global regions on Graviton processors. Physical security, hypervisor isolation, and hardware controls inherited from AWS.
We believe buyers deserve a straight answer, not marketing fog. Here's exactly where Billable CPQ stands on compliance today and where we're headed.
Billable CPQ runs on top of SOC 2 Type 2 audited infrastructure (Supabase + AWS + Cloudflare), which means the environment hosting your data is audited annually by independent third parties. The same building blocks used by mature B2B SaaS companies are in place from day one.
For customers who need Billable-specific attestation today, we're happy to complete security questionnaires, walk through our architecture on a call, and share specific configuration details under NDA.