One free tier. Two team tiers.
Personal use is free and always will be. Teams pay for the hosted collector, admin dashboard, and policy push.
- Encrypted local vault (AES-GCM)
- Anthropic, OpenAI, Gemini
- Per-origin consent, three durations
- Sharing dashboard with revoke
- Local audit log, 365-day default retention
- Clipboard-less capture from provider pages
- Everything in Personal
- Hosted audit collector
- Admin dashboard (SSO via Google & Microsoft)
- MDM policy push (Chrome enterprise)
- Configurable retention up to 7 years
- Anomaly & leak alerts to Slack / email
- Up to 50 users
- Everything in Team, unlimited users
- Self-host or BAA / private cloud
- SOC 2 Type II evidence pack
- Custom data retention & deletion
- SAML 2.0, SCIM provisioning
- Dedicated Slack channel
- 99.9% SLA
Common questions
Do you ever see our API keys?
No. Keys are encrypted on the device with a key derived from each user's vault password. The cleartext is decrypted briefly in the extension service worker only to make a proxy call. Even on the Team and Enterprise plans, only structured event metadata leaves the device — origin, service, fingerprint, status, latency. Never the bytes.
What's a key fingerprint?
A short salted SHA-256 hash of the key, computed on-device. It lets an admin recognize when the same key is being used in two places (or after a rotation) without ever seeing the key itself.
Can we self-host?
Yes, on the Enterprise plan. The collector is a single Next.js app with a Postgres database. We provide a deploy template for Vercel, AWS, and Cloud Run.
What about reveal mode?
Reveal mode hands the raw key to the page for legacy SDKs that insist on it. Org admins can disable reveal mode entirely via policy. Every reveal event is logged.