Read from the CUR. Nothing else.
Disipate derives all intelligence from your AWS Cost and Usage Report (CUR) — a billing artifact that already exists in your environment. No agents, no broad IAM policies, no resource scanning. The CUR is the only data source.
Tags scoped to Disipate's namespace only.
When Disipate applies tags, it only ever writes to its own namespace (disipate:inferred-owner). Existing tags are never modified. If you offboard, Disipate removes only the tags it applied — nothing else is touched.
Human review before any tag is applied.
Nothing is written to your AWS environment without your explicit approval. Disipate surfaces ownership recommendations for review. Your team decides what gets applied, when, and to what scope. You stay in control at every step.
Your data stays in your environment.
CUR processing happens either inside your AWS environment (Disipate provisions compute in your own account) or via a temporary export that is deleted after processing. No customer data is stored outside your environment.
What access does Disipate require?
The permission model is intentionally narrow. Here is the complete list of operations Disipate performs.
Read: Cost and Usage Report (CUR)
Disipate reads your CUR to build an ownership model. This is the same billing data you already review monthly. No access to compute, storage, networking, or any other AWS services is required.
Write: Disipate-namespaced tags only, after approval
The only write operation Disipate performs is applying tags in its own namespace, after your team has reviewed and approved the recommendations. The scope is limited to the resources and accounts you designate.
Delete: Only what Disipate created
Offboarding is clean. Disipate can remove every tag it applied, leaving your environment exactly as it was before onboarding. No other resources or configurations are modified.
Compliance Alignment
Disipate is designed to align with the requirements of SOC 2 and ISO 27001. The narrow permission model, human-in-the-loop review process, and in-environment data processing are deliberate design decisions — not afterthoughts.
Least-privilege access
Permissions scoped to the minimum required. No standing broad-access roles.
Auditability
Every tag recommendation and approval is logged. Full trail of what was proposed, who approved it, and when it was applied.
Data residency
Your resource and billing data never leaves your environment unless you choose the export option — which deletes the data after processing is complete.
Early Adopter Program
Disipate is currently in private beta. For early adopters, the product is free — in exchange for a case study documenting outcomes: savings identified, resources attributed, security footprint changes. Case studies can be fully anonymized.
This is the right trade for teams that want to evaluate the product in their environment before any commercial commitment — and for Disipate to prove results in production.
Longer-term pricing will reflect the value delivered: a savings-based model (aligned to outcomes) or a monthly subscription for ongoing tagging, resource management, and security visibility.
Have specific security requirements?
We're happy to walk through the permission model, data flows, and review workflow in detail. If your organization has a formal security review process, we'll work through it with you.
Start a Conversation