Built to start free.
Priced to scale honestly.
Sentinel is in open beta. The free plan covers most production workloads while we move toward GA. No credit card. No expiry. No artificial monthly cap. Custom enterprise contracts with contractual SLAs and a signed DPA are available now.
Use it in production. Many beta customers do.
Sign up — no card- 1,000 requests / hour per API key
- 500 requests / hour per source IP (anti-abuse cap)
- All detection signals — VPN, proxy, datacenter, Tor, antidetect, automation, emulator
- Device intelligence (visitor ID, tampering score)
- Webhooks (Slack / Discord / custom)
- Dashboard, CSV export, Recent Activity, IP lookup
- 2FA, audit log of active sessions
- Community support via [email protected]
Best-effort uptime targeting 99.9% measured at /status. No contractual SLA on the free plan during beta.
Predictable pricing tied to volume + commitment, not a "Contact us" black hole.
Talk to sales- Everything in the free plan
- Custom request volume — 100 K, 1 M, 10 M / month or higher
- Contractual uptime SLA with service credits (typical 99.95%)
- Signed DPA aligned to UK / EU GDPR Art. 28, with SCCs
- 30-day sub-processor change notice with right to object
- Dedicated support channel + named technical contact
- Vendor security questionnaire responses (SIG-Lite, CAIQ, bespoke)
- MSA available for procurement that can't accept click-through Terms
- Volume webhook delivery + custom data residency on request
- Onboarding assistance + integration review
Sentinel is pre-audit for SOC 2 Type II. We do not currently hold SOC 2, ISO 27001, HIPAA BAAs, or PCI DSS attestation, and will not claim otherwise. Audit firm engagement and timeline shared on request under NDA.
What's included on each plan
No tier-locked detection signals. The expensive end of the platform is volume + commitment, not capability.
| Capability | Free (open beta) | Enterprise |
|---|---|---|
| Network detection (VPN, proxy, datacenter, Tor) | ✓ | ✓ |
| Device intelligence (antidetect, automation, emulator, VM) | ✓ | ✓ |
| Visitor ID + tampering score | ✓ | ✓ |
| Webhooks | ✓ | ✓ |
| Sub-40ms global edge response | ✓ | ✓ |
| Rate limit | 1,000 / hour per key | Custom — typical 100K – 10M / month |
| Contractual uptime SLA | Best-effort 99.9% | Yes (typical 99.95%) |
| Signed DPA (UK/EU GDPR Art. 28 + SCCs) | On request | Standard |
| 30-day sub-processor change notice | Public list | Direct notification |
| MSA / custom contract | Click-through Terms | Available |
| Vendor security questionnaire (SIG-Lite, CAIQ) | — | Completed responses |
| Dedicated technical contact | Email support | Yes |
| Custom data residency | EU (default) | On request |
Common questions
If we're missing something, email [email protected].
What happens when the free tier limit is hit?
You receive an HTTP 429 response with a Retry-After header indicating seconds until the limit resets. Your existing valid evaluations continue to be served — no broader account effects. The hour rolls forward; no monthly quota involved.
Will the free plan stay free?
Yes. The free plan is part of how we get developers started. We may revise the rate-limit numbers as the platform evolves, but we will give at least 30 days' notice via email and on the changelog before any change to commercial terms takes effect, and your existing free-tier traffic will not be retroactively charged.
Do you offer an enterprise SLA today?
Yes — for enterprise customers under a signed agreement. Typical terms: 99.95% monthly uptime, service credits if missed, 24-hour incident response, named technical contact. The free plan has best-effort uptime targeting 99.9% measured at /status, but no contractual SLA.
Is a Data Processing Agreement available?
Yes. Our DPA is aligned to UK GDPR / EU GDPR Article 28 with Standard Contractual Clauses for international transfers, and includes a current sub-processor list (also published in our Cookie Policy). Available on request from [email protected] for any customer; signed as standard for enterprise.
What compliance certifications do you hold today?
None. Sentinel is in open beta and is pre-audit for SOC 2 Type II. We do not currently hold SOC 2, ISO 27001, HIPAA BAAs, or PCI DSS attestation, and we will not claim otherwise. Roadmap detail (selected audit firm, scope, timeline) is shared with serious enterprise prospects under NDA.
Where is data hosted?
Application infrastructure runs on Railway. The primary database is Turso (managed libSQL) with EU edge replicas. Sub-processors are listed in our Privacy Policy and Cookie Policy. Custom data residency arrangements (EU-only, US-only) are available for enterprise customers on request.
How do I report a security issue?
Email [email protected] with the subject prefix [SECURITY]. Full scope, response targets, and safe-harbour terms are documented at /responsible-disclosure.
Can I evaluate Sentinel before signing a contract?
That's exactly what the free plan is for — production-grade access, no card required, no expiry. Most enterprise prospects integrate on the free plan first, validate detection rates against their existing fraud signal, and negotiate the enterprise contract once the technical fit is proven.