Compliance & Audit
How bizSupply reports usage to cloud marketplaces, what data enters the metering pipeline, and how every charge can be traced end to end.
RPT is designed to satisfy three different audiences at once: the customer who wants to understand a line item, the finance team that needs to reconcile invoices, and the compliance officer who has to prove it. This page describes what RPT does so those three stories agree.
Cloud Marketplace Billing
When bizSupply is consumed via a cloud marketplace, every usage report follows the marketplace’s published contract.
- Scheduled reporting — usage is reported on a recurring schedule, including zero-usage periods (required for compliance even when no requests were made).
- Two-step handshake — each reporting cycle validates that the subscription is active, then submits the usage delta for a precise time window.
- Backoff and retry — transient failures are retried with exponential backoff. Reports are idempotent across retries.
- Integer deltas — every submitted figure is a non-negative integer. Fractional credit accumulation stays internal and is carried forward until it crosses the next whole unit.
- Reconciliation log — every successful report is logged for downstream audit against the marketplace’s own records.
Zero-usage reporting is not optional. Cloud marketplaces require a regular heartbeat to distinguish an active subscription with no activity from a silent failure. bizSupply submits a zero-valued report on schedule so your subscription status stays accurate.
Data Handling
The metering pipeline is intentionally narrow. It sees the minimum data it needs to compute a charge — and nothing else.
- Region-bounded processing — customer data is processed inside the boundary of your chosen deployment region.
- Metering records contain operational metadata only — token counts, model names, timestamps, tenant identifiers. Document contents are never in the metering record.
- Currency preservation — per-call cost is tracked in the provider’s original currency and converted to EUR for audit reporting.
- Separation from document storage — metering records live in their own store with their own access controls. The people and systems that can read a bill are not the same as the ones that can read a document.
If you see a number in the metering API that looks like a document ID, it is a job ID or a call ID — a handle to the unit of work, not the content. The content itself never leaves document storage.
Auditability
Because the ledger is append-only, three kinds of traceability hold by construction.
| Question | How it’s answered |
|---|---|
| Where did this credit on my balance come from? | Every credit on your balance traces back to an allocation event — signup grant, renewal, plan change, or top-up — each with an immutable record. |
| What did I consume these credits on? | Every consumption event links back to the AI call(s) that produced it, with the model name, token counts, and call timestamp. |
| Why was this call priced at that rate? | Configuration changes (for example, onboarding a new model) are versioned. Every historical charge is tied to the configuration revision that produced it — rate changes are never retroactive. |
What a Customer Audit Looks Like
A typical customer audit — for example, reconciling a marketplace invoice against internal records — walks the same three steps every time.
- Pull the allocation history for the billing period. The sum of allocations is the ceiling.
- Pull the consumption history for the same period. The sum is your usage.
- Cross-check against the marketplace invoice or Stripe invoice. The integer-reported delta matches the marketplace figure exactly; the Stripe figure matches the plan allocation for that cycle.
For customers on Enterprise or regulated workloads, bizSupply can export a signed usage report for any past billing period on request. Reach out through your account representative.
Retention
Metering records are retained for as long as your account is active plus a configurable grace period after termination, so that any late reconciliation question has an authoritative answer. The default retention is sufficient for standard multi-year procurement audits; Enterprise customers can extend it.
Related Pages
- RPT overview — the core concepts that audits are built on.
- Fairness & observability — the customer-facing APIs used during an audit.
- FAQ — shorter answers to common questions.
- Terms of Service — contractual framing for billing and audit rights.