For finance & operations leaders

Find out exactly why your
cloud bill went up.

A 30-minute audit. A written report in 48 hours. Plain English. Without giving anyone admin access to your cloud.

Book a 30-min audit call See what you get

Zero cloud access required NDA available Free first audit No SaaS subscription

The problem

The spreadsheet has every dollar — but no story.

The bill went up. Engineering says it's complicated.

You can see the total. You can't see the story. By the time engineering finishes investigating, the next bill is already on its way.

Forty-seven line items. None of them tell you why.

Cloud providers send a spreadsheet of cost categories — compute, storage, egress, support. None of them explain what changed or what to do about it.

FinOps tools want admin access to your cloud.

Most existing tools ask for cross-account access, ingest your billing into their servers, and respond with a dashboard of charts. Your security team blocks the procurement; you stay stuck.

What you get

Three deliverables. 48 hours. No upsell.

Sample Ghost-hunter audit output: Cloud DNS cost spike $12,000 to $117,000 (+875%), three ranked hypotheses with confidence percentages, and one proposed read-only command to verify the top hypothesis.

Live output of our open-source tool on synthetic billing data. See the engineering details →

The investigation report

A written PDF in plain English. Three pages, not thirty. Executive summary your CFO can forward, root-cause analysis your engineering team can act on.

The line-item breakdown

Where the money actually went, ranked by impact. The three causes that explain 80% of the change, with confidence levels and the data that supports each one.

The action plan

What to fix, in priority order. Each action has an estimated impact and an estimated engineering effort. Your team picks what to do first; we don't push.

How it works

Three steps. From email to report in 48 hours.

You export billing data

One CSV from your cloud provider's billing console. We send a 1-page guide your team can follow in 10 minutes. No IAM role to set up, no API access to grant.

We sign the NDA, then investigate

Mutual NDA before you share anything. We run our open-source tool on the CSV locally — your billing data never touches our servers. We write the report.

We deliver in 48 hours

PDF report by email + a 30-minute walkthrough call. Your engineering team is welcome to join. You decide what to do with the recommendations; we don't push.

Why this isn't a SaaS

We send a person, not a subscription.

MatrixGard

Typical FinOps SaaS

We never see your cloud account

Demands a cross-account admin role

Your billing data stays on your machine

Ingests your billing into their cloud

You get a written report

You get a dashboard and figure it out

Free first audit, no contract

Annual contract, often a percent of your cloud spend

Trust

Things we offer in writing, not just on a slide.

Open source, auditable

Every line of code is on GitHub under AGPL-3.0. Your security team can read the validator, fork it, vendor it.

NDA before any data

Standard mutual NDA, two pages, lawyer-light. Redlines welcome. Or work from your standard paper.

Read-only by construction

The tool is wired to refuse anything that mutates your cloud — verified by 1,000+ tests in the open-source repo.

48-hour written turnaround

Most reports go out within 36 hours of receiving the CSV. We commit to 48 hours; we don't dragnet.

FAQ

What finance & security teams ask first.

What data do you actually need from us?+

One billing CSV exported from your cloud provider's billing console — AWS Cost & Usage Report or GCP BigQuery billing export. That's it. No IAM credentials, no API tokens, no admin role.

Will you have access to our cloud accounts?+

No. The tool is designed to never touch your cloud. It reads the CSV you exported, runs locally on a laptop on our side, and produces the report. The only data leaving your environment is the prompts our analysis sends to Anthropic's API — never the raw CSV.

How is our billing data protected?+

Mutual NDA before any data is shared. The CSV stays on a single laptop, gets analyzed, and is deleted within 7 days of report delivery. We don't store your billing data, we don't run analytics on it, we don't have a database where it lives.

What if our security team needs to review the tool?+

The whole tool is open source on GitHub under AGPL-3.0. Your security team can read every line, fork it, run it themselves, or refuse the engagement after review. We've built it to pass that review on purpose.

Do we sign a long-term contract?+

No. The first audit is free with NDA only. If you want a follow-up engagement, we work on a fixed-fee per-audit basis — no annual contract, no percent-of-spend SaaS subscription.

What's the cost?+

First audit is free. Follow-up audits are fixed-fee starting at ₹50,000 / $600 per investigation, billed only after delivery. Larger engagements (multiple accounts, monthly cadence, custom report formats) are scoped separately.

What if you can't find anything material?+

Then we tell you that, in writing, with the methodology we used. "Your bill went up because legitimate usage went up" is a valid finding and it'll be in the report. We don't fabricate problems to justify the engagement.

How is this different from our existing FinOps tool?+

Existing FinOps SaaS is built to run continuously on dashboards. We're built to investigate one specific cost spike or one specific question, in 48 hours, and hand you a written answer. Both can coexist; we sit at a different point in the workflow.

What's MatrixGard's relationship to Ghost-hunter?+

Ghost-hunter is the open-source tool we built to do this work. MatrixGard is the company that runs the audit and writes the report using it. The tool is free for anyone — the report and the engineering judgment are what you're hiring us for.