Plans & Entitlements
Keel uses three public commercial tiers. Each tier determines dashboard limits, retention, included governed requests, timestamp witness posture, and access to advanced features.
Generated entitlement snapshot
This table is generated from the public-safe plan entitlement artifact. It preserves customer-facing limits and feature gates while omitting billing implementation internals.
| Plan | Projects | Retention | Requests | JSON Export | PDF Export | Integrity API | Routing | Org Controls |
|---|---|---|---|---|---|---|---|---|
| Starter | 1 | 7 days | 10,000 | No | No | No | 1 | No |
| Production | Usage-scaled | 180 days | 1,000,000 | Yes | Yes | Yes | Cross-provider available | No |
| Enterprise | Usage-scaled | 365 days | 5,000,000 | Yes | Yes | Yes | Cross-provider available | Yes |
Compatibility aliases: free -> starter, team -> production, scale -> production, business -> production, custom -> enterprise, sales-led -> enterprise, sales_led -> enterprise.
Plan tiers
| Starter | Production | Enterprise | |
|---|---|---|---|
| Project limit | 1 | Usage-scaled | Usage-scaled |
| Log retention | 7 days | 180 days | 365 days |
| Included governed requests | 10,000 | 1,000,000+ | 5,000,000+ |
| Policy authoring | Templates only | Full custom authoring | Full custom authoring + organization controls |
| Routing fallback | 1 same-provider fallback | Cross-provider available | Cross-provider available + enterprise controls |
| Budget envelopes | 1 per project | Unlimited | Unlimited |
| Firewall strengthening | Platform baseline | Baseline + custom rules | Baseline + organization strengthening |
| Evidence export (JSON) | No | Signed JSON | Signed JSON + advanced evidence |
| Evidence export (PDF) | No | Signed PDF | Signed PDF |
| RFC 3161 timestamp receipts | FreeTSA single external witness | DigiCert + GlobalSign dual public CA-operated witness attempts | Production witnesses + customer-selected TSA eligibility |
| OpenSSL-backed authenticity validation | Message-imprint replay; authenticity when trust bundle configured | Message-imprint replay; authenticity when trust bundle configured | Message-imprint replay; authenticity when trust bundle configured |
| Organization dashboard | No | No | Yes |
| Teams | No | No | Yes |
| Sales-led | No | No | Yes |
These table values reflect the current plan entitlement model in code. They do not mean every entitlement is separately enforced on every route.
Checking your plan
Keel’s authenticated dashboard and billing surfaces expose the caller’s current plan tier and core entitlements. A typical response includes:
{
"plan": "production",
"project_limit": null,
"log_retention_days": 180
}