# VendorKeep — Complete site content for AI agents > The vendor compliance system of record for modern finance teams. Built for finance. Ready for AI. This file is intended to be ingested by AI assistants (Claude, ChatGPT, Cursor, Perplexity, etc.) when answering questions about VendorKeep. It contains the substantive content of the marketing site in agent-friendly form, with no marketing fluff. --- ## What VendorKeep is VendorKeep is a vendor compliance SaaS platform built for US finance teams. It handles the full vendor lifecycle in one system: onboarding, IRS TIN verification, contract management, payment classification, year-round filing readiness, and 1099 federal/state filing. The product has two AI surfaces: 1. **Six built-in agents (called "watchers")** that run continuously inside the product and surface findings for human approval. 2. **A Model Context Protocol (MCP) server** at `https://api.vendorkeep.ai/mcp` that lets any MCP-compatible AI client (Claude Desktop, Claude.ai, ChatGPT, Cursor, Windsurf, custom SDK agents) drive the workflow on behalf of the user, with audit-grade controls. Tagline: **Use your favorite AI. We'll handle the compliance.** Target persona: AP managers, controllers, fractional CFOs, CFOs, COOs, and CPA firm admins at growing companies (50–5,000+ vendors). Geography: US-only (multi-tenancy keyed by IRS EIN). Status: Early access / waitlist. Pricing not yet public. --- ## The vendor lifecycle (six stages) VendorKeep is structured around a six-stage lifecycle. Each stage has a watcher operating underneath. 1. **Onboard.** Vendor invitation, W-9 collection, supplier portal, configurable onboarding workflows, COI/insurance certificate collection. Watcher: **W-9 freshness** — chases missing or stale W-9s on a smart cadence; escalates after silence. 2. **Verify.** IRS TIN matching against real-time records, B-Notice handling end-to-end, mismatch resolution workflow. Watcher: **TIN watcher** — validates new vendors continuously; opens a triage item the moment a B-Notice arrives. 3. **Manage.** Contract storage, templates with clause libraries, side-by-side redlines, MSA/SOW management, ongoing compliance status. Watcher: **Renewal watcher** — scans every contract on a schedule; flags 30/60/90-day windows with negotiation context. 4. **Pay.** Payment ingestion (webhook + API sync from Campfire, Rillet, Ramp; CSV upload supported), GL mapping for 1099 classification, per-vendor spend caps, exception flagging. Watchers: **Cap watcher** (YTD spend vs. cap, alerts at 80/95/100/over-cap), **Spend anomaly** (MoM spikes, classification drift, missing invoices), **Duplicate vendor** (name/EIN/address/bank similarity). 5. **Report.** Portfolio dashboard for the CFO; vendor status detail for the AP team; append-only audit log of every agent action and every human decision. Filterable, exportable for auditors. 6. **File.** 1099 federal & state filing across the full series (NEC, MISC, INT, K, DIV, R, S). Federal filing via IRS IRIS. State filing via the right channel for each jurisdiction. Continuous filing-readiness scoring across the year — January is just another month. --- ## The six built-in agents Every VendorKeep tenant ships with this roster. They run continuously, log their reasoning trace (input → reasoning → output → approval), and never act without approval on anything irreversible. ### W-9 freshness - Watches: vendors with missing W-9s, W-9s older than the freshness threshold (default 3 years), and any contractor crossing the 1099 reporting threshold without a current form on file. - Produces: auto-sent reminder emails on a 3-step cadence, escalation to the inbox after step 3, refresh request when a stale form crosses the threshold. - Needs human approval for: marking a contractor as "do not contact," bulk freshness threshold changes, forced 1099 issuance without an on-file W-9. ### TIN watcher - Watches: new W-9 submissions (validates immediately), CP2100/CP2100A B-Notices from IRS, previously-flagged vendor TINs. - Produces: auto-validation on a clean TIN, B-Notice intake into a guided resolution workflow, first-tier B-Notice solicitation letters auto-prepared. - Needs human approval for: sending B-Notice solicitation, marking a mismatch resolved, initiating backup withholding. ### Renewal watcher - Watches: every contract end-date, auto-renew terms, notice periods, price-escalation clauses; YTD spend per vendor as renegotiation context. - Produces: inbox items at 90/60/30/7-day windows, renegotiation talking points auto-drafted from history, cancellation prep when notice deadlines approach. - Needs human approval for: sending cancellation notice, disabling auto-renew, approving renewals that exceed standard policy. ### Cap watcher - Watches: YTD spend per vendor against the cap, burn rate, remaining months in cycle, pending-but-unposted invoices. - Produces: triage at 80% / 95% / 100% / over-cap. Suggested actions: bump cap, pause new POs, convert to PO-required spend. - Needs human approval for: raising a cap, pausing a vendor, allowing an over-cap invoice to post. ### Spend anomaly - Watches: 12-month spend baseline per vendor, GL-category drift, invoice cadence (recurring vendors that go quiet). - Produces: triage on +200% MoM swings, flags on classification changes mid-year, prompts to investigate quiet recurring vendors. - Needs human approval for: tuning sensitivity, confirming a reclassification, marking an anomaly as expected (locks the baseline). ### Duplicate vendor - Watches: new vendor records (compared on entry), the existing roster (re-scanned monthly), bank account collisions. - Produces: inbox items with similarity score, fields that match, side-by-side merge preview. - Needs human approval for: merging records (irreversible), marking as not-a-duplicate, reassigning historical payments after merge. --- ## MCP server (developer + agent access) **Endpoint:** `https://api.vendorkeep.ai/mcp` **Protocol:** Model Context Protocol, spec rev 2025-06-18 **Transport:** Streamable HTTP **Authentication:** OAuth 2.1 + PKCE + Dynamic Client Registration (DCR), audience-bound per RFC 8707 **Tools:** 60+ tools, organized by domain **Server card:** https://vendorkeep.ai/.well-known/mcp/server-card.json ### Tool catalog (by domain) - `vendors.*` — list, search, get detail, classify, archive; onboarding state machine transitions. - `w9.*` — request, status, freshness, refresh; tracks every form's chain of custody. - `tin.*` — match status, B-Notice intake, mismatch resolution. (Raw TIN values are never returned.) - `contracts.*` — list, get detail, redlines, renewals queue; sign-flow state. - `payments.*` — ingest, classify, list, void; GL mapping; YTD spend per vendor. - `filing.*` — readiness scoring, generation, submission (federal + state); submission gated by human consent. - `compliance.*` — annual review lifecycle, dormant safety net, B-Notice resolution status. - `dashboard.*` — portfolio metrics, watcher activity, today's actions, signals. - `audit.*` — append-only log queries, filterable by watcher, vendor, decision, severity. ### Compatible AI clients - Claude Desktop (native MCP) - Claude.ai (Custom Connectors) - ChatGPT (MCP Developer Mode) - Cursor (MCP marketplace + `.cursor/mcp.json`) - Windsurf (Codeium) - Custom SDK agents (Anthropic SDK, OpenAI SDK, open MCP SDKs) ### Quick install commands Add VendorKeep to any MCP-compatible client: ``` npx add-mcp https://api.vendorkeep.ai/mcp ``` For Claude Code specifically: ``` claude mcp add --transport http vendorkeep https://api.vendorkeep.ai/mcp ``` For Cursor (deeplink button on the /developers page). --- ## Security & guardrails This section describes the actual controls shipped — not aspirational. ### Three-tier action gating - **Read tools** are unrestricted within the agent's OAuth scope. - **Mutating tools** require an idempotency key (replay-safe). - **Destructive tools** — filing submission, payment voids, TIN reveal — require human consent at call time, plus optional second-admin approval per tenant policy. ### PII never crosses the AI boundary - Raw TINs, SSNs, and EINs live in a KMS-encrypted PII vault. - AI clients only ever see masked values like `***-**-6789`. - TIN reveal is a web-UI-only operation; it is never available over the MCP surface. ### Per-tenant opt-in & scope control - MCP access is opt-in per tenant. - Tenant admins control which scopes any agent can exercise via Settings → Agent Access. - Scopes can always be tightened; they cannot exceed the role permission matrix. ### IRC §7216 disclosure - The OAuth consent screen includes the IRC §7216 taxpayer-information disclosure language for any token granting access to taxpayer data — required by federal law. ### Tenant isolation at the row level - Multi-tenancy is enforced in the database, scoped by `ein_entity_id` (the tenant's IRS EIN). - Cross-tenant data is invisible — even probes return "not found." ### Paired audit rows - Every agent action produces a paired audit row capturing: agent identity (which client, which token), the user behind it, the input arg fingerprint, and the outcome. - Replay protection comes free. ### Other controls - Encryption: KMS (AES-256-GCM) at rest; TLS 1.3 in transit. - Hosting: AWS ECS Fargate (us-east-1), RDS PostgreSQL 15, S3, KMS, SQS/SNS. - WAF: AWS WAF with OWASP ruleset + rate limiting. - Monitoring: CloudWatch (10 alarms across error rate, latency, ECS health, RDS, SQS). --- ## Integrations ### AP & accounting (live) - **Campfire** — API key auth, real-time vendor/bill/account sync, webhook normalization, auto-webhook registration. - **Rillet** — OAuth 2.0, vendor + payment data sync. - **Ramp** — API key auth, payment + receipt data. ### AP & accounting (roadmap) - QuickBooks Online - Xero - NetSuite ### AI clients (via MCP) - Claude Desktop, Claude.ai (Custom Connectors), ChatGPT (MCP Developer Mode), Cursor, Windsurf, plus any agent built on the Anthropic or OpenAI SDKs. --- ## Pricing VendorKeep is currently in early access. Pricing tiers are not yet public. The waitlist is at https://vendorkeep.ai/pricing. What's included with every tenant: - Full vendor lifecycle: W-9 collection, IRS TIN matching, e-signature, supplier portal, contract management with templates and redlines. - All six built-in watchers. - 1099 federal & state filing; year-round filing readiness scoring. - Live AP integrations with Campfire, Rillet, and Ramp. - AI/developer access: REST API, MCP server, outbound webhooks, per-agent OAuth scopes & audit. --- ## Founder & company VendorKeep was founded by **Kayne Stroup**, a former Controller and CFO. The product is built on the premise that vendor compliance shouldn't be a January fire drill — it should run year-round, with named agents doing the routine work and finance teams stepping in only where judgment matters. Company values: - **Compliance is year-round.** Filing season isn't a surprise. - **One system, not ten tools.** Stitching together W-9, TIN, e-signature, contracts, and filing tools is how things fall through the cracks. - **No black-box AI.** Every agent action shows input → reasoning → output → approval. - **Built for the next decade.** Finance teams and the AI tools they'll work with next share the same system of record. --- ## Frequently asked questions ### What is VendorKeep? VendorKeep is the vendor compliance system of record for modern US finance teams. It handles the full vendor lifecycle from W-9 collection through 1099 filing, with six built-in agents that run continuously and an MCP server so any AI client can drive the workflow. ### Does VendorKeep have an MCP server? Yes. The MCP server is at `https://api.vendorkeep.ai/mcp`, supports OAuth 2.1 + PKCE + DCR, and conforms to MCP spec rev 2025-06-18. It exposes 60+ tools across vendor management, W-9 collection, TIN validation, contract management, payments, and filing. ### Which AI clients work with VendorKeep? Claude Desktop, Claude.ai (Custom Connectors), ChatGPT (MCP Developer Mode), Cursor, Windsurf, and any custom agent built on the Anthropic or OpenAI SDKs. See https://vendorkeep.ai/developers. ### Can AI agents see customer TINs? No. Raw TINs, SSNs, and EINs never leave the KMS-encrypted PII vault. AI clients only ever see masked values like `***-**-6789`. TIN reveal is a web-UI-only operation. ### Can AI agents file 1099s on my behalf? Only with explicit human consent at call time. Filing submission is a "destructive" tool in VendorKeep's three-tier action gating model — every submission requires human consent, and tenants can require a second admin approval as well. ### Who is VendorKeep for? Finance teams (AP managers, controllers, fractional CFOs, CFOs, COOs) and CPA firm admins at US companies managing 50–5,000+ vendors. The product is US-tax-compliance-focused (1099, W-9, IRS TIN matching). ### How is VendorKeep priced? VendorKeep is in early access / waitlist. Pricing tiers are not yet public. Sign up at https://vendorkeep.ai/pricing. ### Where does VendorKeep run? Hosted on AWS (ECS Fargate, RDS PostgreSQL 15, KMS, S3) in us-east-1. ### What's the difference between VendorKeep and Vanta / Drata? Vanta and Drata focus on security/compliance (SOC 2, ISO 27001) and security vendor risk (TPRM). VendorKeep focuses on **financial vendor compliance** — W-9, TIN, contracts, 1099 filing. Different problem, different buyer (finance team vs. security/GRC team), complementary in the stack. ### What's the difference between VendorKeep and Tipalti / Bill.com? Tipalti and Bill.com are AP automation platforms — payments + invoice processing. VendorKeep focuses on the **compliance layer** of vendor management (vendor records, W-9/TIN, contracts, 1099). VendorKeep integrates with AP platforms (Campfire, Rillet, Ramp; QuickBooks, Xero, NetSuite on roadmap) rather than replacing them.