Enterprise tier is for firms whose in-house counsel, procurement, and CISO all have opinions — and whose clients downstream demand answers before business day one. The table-stakes SaaS features you expect, plus a set of security guarantees that most of our competitors haven't thought of yet.
Tell us about your firm and we'll follow up with pricing, a live demo, or answers to your procurement checklist — your call.
No spam, unsubscribe anytime. We respect your privacy.
Every enterprise procurement checklist asks for the same two dozen items. Here's where we stand on each — no footnotes, no "contact sales for details," no surprises at the end of a 90-day pilot.
Four 9s measured monthly, with automatic credits if we miss. Posted on your status-page dashboard, not self-reported.
Wire transfer, ACH, check, and purchase-order billing. Multi-year contracts with volume pricing. No credit-card hostage situation.
One CSM, one security engineer, one named account director. Email, phone, Slack Connect, or Microsoft Teams — your preference.
Critical incidents reach a human within 60 minutes, any time. P1 production issues have a 4-hour response SLA written into the contract.
Data migration from your existing system, directory setup, SSO configuration, admin training, and end-user sessions — all included.
SAML 2.0, OIDC, and SCIM 2.0 against Okta, Entra ID, Google, Ping, JumpCloud, OneLogin, Auth0 — or custom IdPs we'll integrate on request.
SOC 2 Type 1 readiness in progress (self-policed). HIPAA Business Associate Agreement on roadmap / available on request. ISO 27001 on roadmap.
Ready to co-sponsor FedRAMP Moderate with a federal agency partner. StateRAMP and CJIS on request for state/local engagements.
Dedicated Kubernetes cluster, single-tenant database, private sub-processor list. Deploy in AWS, Azure, GCP, or your own VPC.
Pin storage to any region we operate in — EU, UK, US, Canada, Brazil, Singapore, Japan, Australia — and we'll add new regions for qualifying contracts.
Executive sponsor, roadmap input rights, incident review, usage analytics, renewal planning. We read your feedback and ship.
Our annual third-party penetration test report is available to Enterprise customers under NDA, unredacted except for other customer identifiers.
Escrow with a bonded third party. If we cease operations or breach SLA for more than 30 days, release clauses trigger automatically.
Dedicated sandbox for integration testing, separate staging that mirrors production config. Included, not billed per-seat.
The difference between a vendor that passes SOC 2 and a vendor your CISO actually trusts is the stuff nobody asked about on the questionnaire. Here's what we've built for customers whose counterparties will still exist in 2046.
On the first business day of each month we publish a signed statement that we have received zero national security letters, zero gag orders, and zero secret warrants. If the canary ever stops publishing, the silence itself is a signal — one we are legally permitted to give.
Designate a verified professional successor who inherits read access to your sealed archive in case of retirement, incapacitation, or death. Trigger rules are configurable: voluntary handoff, 180-day inactivity, court order, or family-initiated. Successor must complete identity verification before access activates.
For safety-critical roles — structural engineers on open projects, notaries in active closings — you can set a deadman switch: if you don't sign in within your declared interval, your ability to issue new seals pauses automatically. Past seals remain valid; new ones require re-verification.
High-stakes documents can require N of M professionals to co-sign — 3 of 5 structural engineers on a stadium design, 2 of 3 partners on an M&A closing. Each signer authenticates independently, and the final seal records each professional's contribution cryptographically.
Every seal event records the issuing device's Apple App Attestation, Android Play Integrity, or Windows TPM attestation. If a device is later found compromised, you can see exactly which seals came from it — without having to assume the worst about every seal you issued that year.
For regulator disclosures and privacy-sensitive audits, verifiers can prove "this person held an active license in Utah on date X" without learning the holder's name, license number, or any other identifier. Uses a standard zero-knowledge proof any auditor can verify independently.
Every 24 hours we compute a Merkle root over all seals issued in the preceding day and publish it to a public blockchain (Bitcoin and Ethereum). Anyone — including us, later — can prove a seal existed on its claimed date without needing to trust our internal audit chain.
Every Enterprise seal comes with a professional liability insurance rider through our underwriter — coverage scaled by document class. If a seal is ever later found invalid due to platform error, the rider pays out directly; your firm doesn't have to litigate us to get made whole.
When your firm needs to hand audit data to a regulator or counsel, we generate an encrypted package that can only be opened by the recipient's verified device. No bulk email, no "blast to counsel" leak, no USB stick lost in a cab. Delivery is end-to-end encrypted and fully logged.
You don't need a 90-day pilot to evaluate cryptographic evidence. Spin up a free account, seal a real document, hand the verification artifact to your security team — and bring us back when you're ready to scale.
The boring ones. The legally-fraught ones. The "nobody warned me about this" ones. Here's the short list of scenarios we shipped support for before anyone asked — because firms that do professional work long enough will hit every single one of these.
Structural engineer updates a report after a site inspection. The old version stays verifiable forever with a clear 'superseded' banner; the new version links to the old one both forward and backward in the audit chain. Downstream parties see the whole story.
A board auditor drops in unannounced. You provision them a read-only audit portal scoped to the last 90 days, with expiring access links. They see everything they're entitled to see, nothing else, and the portal closes itself automatically on exam completion.
Firm closes. Partners' sealed work must continue to verify for years under professional record rules. Succession custody transfers the archive to a designated continuing firm with full cryptographic continuity — no 'trust us, it's the same archive' assertion required.
Buyer's counsel gets a scoped, time-boxed view of all sealed deliverables relevant to the diligence scope. Access is logged per document, per counsel member, and auto-expires. If the deal dies, access dies with it.
JV between two firms on a single deliverable. Sealed document records both firms' professionals with their respective licenses, and either firm can issue revocations only for its own professionals — no unilateral hostage situations.
CPA firm hires 20 contractors for tax season. Team seats scale up and park when not in use; you don't pay for the 20 seats in August. Audit trail shows exactly which contractor touched which filing, indefinitely.
Engineer moves from CA to TX. Old CA seals remain valid for the CA work they certified. New TX license issues a fresh key, fresh seals for TX work. Cross-state board reciprocity filings auto-generate from the credential history.
Professional dies or becomes incapacitated. Designated successor completes step-up verification and inherits read access to the sealed archive. No court order required. Family members can retrieve final deliverables without hiring probate counsel.
Anonymous or attributed complaints to a state licensing board can be sealed with time-locked delivery. The filing is cryptographically committed today but only unsealed on a declared future date or event — protecting the complainant during retaliation windows.
Your firm publishes a verifiable roster of its licensed professionals — updated in real time as licenses renew, move, or lapse. Potential clients can confirm any named professional is active in your firm today, not in a PDF from 2021.
| Capability | Free | Pro | Team | Enterprise |
|---|---|---|---|---|
| Uptime SLA | — | 99.5% | 99.9% | 99.99% + credits |
| Billing | Credit card | Credit card | Card · ACH | Invoice · NET 30/60/90 |
| Support response | Best effort | < 4 bus. hrs | < 4 bus. hrs | < 1 hr · 24/7 |
| Customer Success Manager | — | — | Shared | Dedicated · named |
| SSO — SAML / OIDC / SCIM | — | — | SAML only | All + custom IdPs |
| Audit log retention | 90 days | 1 year | 3 years | 7+ years · exportable |
| Data residency | Default region | Default region | EU or US | Any region · pinned |
| Deployment | Multi-tenant | Multi-tenant | Multi-tenant | Private single-tenant |
| Bring your own keys (BYOK) | — | — | — | AWS KMS (pilot) |
| HIPAA BAA | — | — | — | On request / Roadmap |
| SOC 2 Type II report | — | — | — | Coming soon |
| Warrant canary access | Public | Public | Public | Direct notification |
| Successor custody | — | — | Basic | Configurable triggers |
| N-of-M sealing | — | — | Up to 3-of-5 | Unlimited threshold |
| Insurance-backed seals | — | — | — | Included |
| Annual pen test report | — | — | — | Shared under NDA |
| Source code escrow | — | — | — | Included |
We'll stand up a dedicated environment with your SSO, data residency, and sub-processor exclusions. Named CSM, named security engineer, weekly check-ins. Cancel any time in the first 90 days — no long-term commitment until you've seen it work in your workflow.