The SaaS tracker with no bank access
Every SaaS management tool on the market connects to a bank feed. Or a card issuer. Or your Gmail. Or your identity provider. That's how they populate the tracker. They read your financial records and figure out what you pay for.
There's another model. You enter each subscription yourself. The tool never touches your bank account, your card statement, your inbox, or your SSO. You trade automation for control over what gets tracked, and one fewer vendor in your data map.
This post is for the teams for whom that trade makes sense.
What integrations actually give you
Auto-populated sub lists. The tool scans your bank feed or Gmail, identifies recurring charges, and creates rows for them. You don't have to know what you pay for — the tool tells you.
That's legitimately useful. For a finance team at a 200-person company with five years of SaaS accumulation and a vague sense that "we probably have 150 subs," auto-discovery is real time-saving. Someone would need eight hours to manually list what the tool can populate in eight minutes.
That's the case for integrations. For a specific shape of team, it's the right case.
What integrations cost you
Four real costs, three of them invisible until something goes wrong.
1. Every new SaaS vendor is a new data-map entry. Your procurement process (formal or informal) has to review what data leaves your systems. A tracker that connects to Plaid has Plaid in the chain. A tracker that reads Gmail has Google OAuth tokens scoped to the finance team's inbox. Each integration is a thing your security review has to justify.
For a small team without a security review, that's invisible overhead. Until you hit SOC 2 or your first serious customer security questionnaire — and then it's retroactive work to figure out why the tracker has read access to the founder's card statements.
2. Rerouted payments change your relationship with the tool. Some trackers require you to pay for SaaS through their virtual cards (Cledara is the clearest example). That means your subscription-tracking vendor is also a payments vendor. When the contract ends, migrating SaaS payments off their cards is a project, not a click.
3. Auto-discovery still misses things. Card-based discovery can't catch: annual subs paid by wire, subs someone puts on a personal card and reimburses, tools whose billing descriptor is opaque (STRIPE *XYZ123), paid tiers inside larger platforms (a Business upgrade inside Google Workspace is not a new charge). You end up manually adding 20–30% of the list regardless.
4. The tracker now knows things you'd rather keep quiet. Your bank feed has every employee salary, every contractor payment, every board expense. Filtering to "SaaS only" is a promise in the privacy policy, not a guarantee at the infrastructure level. For teams handling regulated data, the distinction matters.
What manual entry gives you
Not less, actually. A different shape of thing.
The ledger only contains what you put in it. No surprises about what the tool "found" in your statements. No ambiguous entries the algorithm guessed at. No rows you have to investigate to understand.
Security review takes one sentence. "This tool receives the data we type into it and nothing else." That's the entire data flow. SOC 2 auditors, customer questionnaires, internal legal — the conversation ends there.
Setup completes the same day. No bank connection approval, no OAuth consent screens for your finance team's Gmail. Sign up, add subs, done.
You keep payments where they are. No migration project at the start; no migration project at the end if you switch tools.
The tool doesn't have opinions about what's worth tracking. Auto-discovery relies on heuristics — which merchants are "SaaS," which frequencies are "recurring," which descriptors are "software." It misses things you consider subs (your accountant's retainer, a podcast hosting account your marketing lead pays for). It also flags things you don't (a Stripe subscription you're selling TO a customer, processed through your own card).
When you actually need integrations
Be honest about the shape of your team.
Manual entry works when:
- Under 50 active subscriptions
- One or two people touch the ledger
- Adding a few entries a month as new tools get adopted is fine
- Privacy-sensitive organization (legal, healthcare, fintech, security-first SaaS) where another vendor in your data map is a real cost
Integrations make more sense when:
- 150+ active subscriptions across five or more departments
- Finance team of three or more, buying and tracking in parallel
- Buying new SaaS faster than anyone can track
- Not privacy-constrained on financial data
If you land in the second bucket, auto-discovery saves more time than it costs you in security review, and you probably want Cledara, Substly, Sastrify, or Zluri depending on the specifics. Those are real products solving a real problem for teams of that shape.
What we actually do
CostLens is manual entry by design. You add each subscription once. After that:
- Renewal alerts at 30, 15, 7, and 1 days before each charge
- Duplicate detection by vendor and category
- Budget ceilings per category with threshold alerts
- Trends and forecasts on Pro
- CSV export for accounting
- Up to 3 workspace members on Pro
$12/mo flat, or $108/yr. No sales call, no SOC 2 review required on our end, no payment rerouting. CostLens hits zero nerves in your security map because it isn't connected to anything.
Closing
The "integration or nothing" framing isn't accurate. The accurate framing is: auto-discovery saves time on initial setup in exchange for more moving parts in your security posture.
For a 10–30 person team where one finance lead already knows what they pay for, the trade usually doesn't clear. The setup hour you save is less than the annual security-review hours you spend explaining why a SaaS tool has Plaid OAuth scopes on your primary account.
For a 200-person team with a procurement function and no clear sense of their stack, the trade goes the other way. Different tool, different job.
Pick for your shape, not for the category leader.