v0.0.1 · system status
Open APIOpenAPI 3.1Zero token storage
§ 06 · PRICING Per verify · No per-seat tax · USD · Billed monthly

Plans for every
trust boundary.

Start on Starter to build against the same engine that scales to billions of verifications. Upgrade when verification volume — not headcount — calls for it.

v0.0.1 launch pricing — tiers may evolve alongside the roadmap below.
Starter
$0
forever, free
  • 500 verifies / month
  • 1 issuer
  • All algorithms
  • Community support
Get started
Developer
$49 /mo
billed monthly
  • 100K verifies / month
  • 1 issuer
  • Email support · 48h
  • Evidence retained 7 days
Get started
Startup
$99 /mo
billed monthly
  • 500K verifies / month
  • 3 issuers
  • Email support · 24h
  • Evidence retained 14 days
Get started
Team
$199 /mo
billed monthly
  • 5M verifies / month
  • 10 issuers
  • CI regression suite
  • Evidence retained 30 days
  • Slack support · 4h
Get started
Enterprise
Custom
volume contract
  • Unlimited verifies
  • Custom volume contract
  • Direct support channel
  • Named contact · 1h
  • See roadmap for SOC 2 / on-prem
Talk to sales
§ 06.A Feature comparison Per-tier matrix
Feature StarterDeveloperStartupTeamEnterprise
Verifies / month 500100K500K5MUnlimited
Issuers 11310Unlimited
JWKS regional cache
All algorithms (RS · ES · EdDSA · HS)
OIDC discovery + lint
Issuer profiles
CI regression suite
Evidence retention 24h7d14d30dCustom
SLA best-effortbest-effortbest-effortbest-effortbest-effort
Support communityemail · 48hemail · 24hslack · 4hnamed · 1h
§ 06.B Coming Tracked targets · not shipped
Feature StarterDeveloperStartupTeamEnterprise
SIEM streaming ◷ Q3 2026 ◷ Q3 2026
SOC 2 Type II report ◷ Q3 2026 ◷ Q3 2026
Dedicated region ◷ 2027
On-prem option ◷ 2027
SLA contract · 99.99% ◷ Q4 2026 ◷ Q4 2026
SAML SSO · named contact ◷ Q3 2026
ISO 27001 · HIPAA · GDPR ◷ 2027 ◷ 2027
§ 06.C Frequently asked Procurement, residency, retention
Q.01

What counts as a verify?

Each call to /v1/validate/jwt or /v1/validate/ci-oidc, including failed ones. /v1/inspect/token (decode-only) does not count. Cached JWKS lookups are free.

Q.02

Are SDKs available?

JWTShield is exposed as an HTTP API. Examples in curl, Node, Python, GitHub Actions, and GitLab CI live in the docs. The OpenAPI 3.1 spec is downloadable from the docs index for client generation.

Q.03

Can I self-host?

Enterprise only. The same container image we run, with a license-bound JWKS cache and your own evidence pipeline.

Q.04

What is your data residency?

Choose a region per issuer. Tokens never leave the region; evidence streams to the destination of your choice.

Q.05

Do you store my tokens?

No. We hash for the audit trail and discard the bearer. Evidence records the verification decision, not the token.

Q.06

What happens at the cap?

Verification continues. We email you, then bill overage at $0.00004/verify. No surprise rate-limits in production.