01 Pricing

What it costs.

Three tiers, transparent ranges, no per-seat pricing. A short pilot to figure out if the substrate fits, then a production license sized to your deployment footprint and compliance surface. We are early, the ranges below will tighten as the customer base grows.

02 The three tiers

Pilot, Production, Enterprise.

Pilot is for finding out if Cullis fits your compliance surface. Production is for running it in one or two environments with normal support. Enterprise unlocks the plugin set you need when the deployment spans multiple orgs, federates externally, or integrates with cloud KMS and external identity providers.

Pilot
EUR 15-25k all-in · 90 days

Decide cleanly.

One AI lab business unit, five to ten agents in non-production-critical workloads. We are looking for two to three insurance design partners in EU for H2 2026 at this tier.

  • Mastio license for the pilot scope
  • External Phase-1 pentest with Letter of Attestation
  • Onboarding workshop, 2 days
  • Weekly fortnightly review call, 30 minutes
  • Source code escrow registration
  • 30-day termination clause

No SLA. No 24/7 support. No enterprise plugins.

Schedule a pilot conversation
Production
from EUR 40k per year · 12 months min

Run it for real.

One Mastio per organization, up to 50 agents and 500 audited daily transactions. Production support, normal roadmap influence, the same open-source codebase as the community build.

  • Mastio license, one organization
  • Email support, SLA P1 4h ack, P2 24h ack
  • Customer-facing CHANGELOG
  • DR runbook + tested recovery procedures
  • Status page + incident notifications
  • Quarterly compliance touch-points

No SAML / SCIM. No cloud KMS plugins. No multi-org federation. No 4-eyes RBAC.

Talk pricing
Enterprise
from EUR 120k per year · scoped

The whole stack.

Multi-Mastio deployments, cross-organization federation, enterprise identity, cloud KMS, separation-of-duty. Sized on agents and audited transactions; pricing scales with deployment footprint, not seats.

  • Everything in Production, plus:
  • SAML 2.0 + OIDC enterprise identity plugins
  • SCIM provisioning (when shipped)
  • Cloud KMS providers: AWS, Azure, GCP
  • Multi-admin RBAC + 4-eyes workflow (when shipped)
  • S3 / MinIO audit export
  • Cullis Court federation license
  • Annual external pentest, LoA renewed
  • Dedicated support channel
Talk pricing
03 What's in each tier

The feature matrix.

Every capability mapped to its tier. Items marked "(roadmap)" are committed for shipping but not in the current release. Items marked "community" are in the public repository and available to all tiers without separate licensing.

Capability Pilot Production Enterprise
Cryptographic identity
x509 + SPIFFE per agent		 community community community
Policy enforced pre-call
PDP, OPA-compatible		 community community community
Tamper-evident audit chain
hash-chain, RFC 3161 anchor		 community community community
Connector (laptop daemon)
Claude Desktop, Cursor, Cline		 community community community
SDK Python community community community
Sandbox demo (all components) community community community
Email support, SLA no P1 4h / P2 24h priority channel
Pentest LoA Phase-1 included no annual renewal
DR runbook + tested recovery no included included
Status page + incident notifications no included included
SAML 2.0 + OIDC no no plugin
SCIM provisioning no no roadmap
Cloud KMS providers (AWS / Azure / GCP) no no plugin
Multi-admin RBAC + 4-eyes workflow no no roadmap
S3 / MinIO audit export no no plugin
Cullis Court federation (multi-org) no no included
Source code escrow registered registered registered
04 Questions we hear a lot

What buyers ask first.

  1. How is the pilot priced?

    Fixed EUR 15-25k all-in for 90 days. The variance depends on integration scope and whether you bring your own pentest vendor. We typically work with mediaservice.net or NCC Group for the Phase-1 pentest; the Letter of Attestation is yours at pilot end regardless of whether you go to production.

  2. Does the pilot auto-convert to a production contract?

    No. Pilot end is a clean decision point. You receive the pentest LoA, the audit bundle for the agents you ran, and a compliance mapping against your in-house controls. You decide separately, no automatic billing rollover.

  3. What if my deployment outgrows Production?

    Upgrade path is documented and priced ahead of time. The Production tier covers one Mastio with up to 50 agents and 500 audited daily transactions. Past those thresholds the contract moves to Enterprise pricing, prorated to the remaining months. No surprise invoicing.

  4. Do you accept public-sector procurement processes?

    Yes, in scope. We work with DORA-bound and NIS2 essential entities, including procurement frameworks that require third-party ICT risk assessment, source code escrow, and documented exit strategies. We have not yet completed a framework agreement under SEAC, MEPA, or similar; reach out and we coordinate the paperwork.

  5. What does "FSL-1.1-Apache-2.0" mean for my deployment?

    Cullis Mastio and Cullis Court ship under the Functional Source License 1.1 with an Apache-2.0 grant after a two-year delay. You can deploy, modify, and audit the source. Production use is permitted under the license terms. The SDK and the Connector are Apache-2.0 and MIT respectively from day one. Enterprise plugins live in a separate private repository under a commercial license and are not source-available to non-Enterprise customers.

  6. Can I see the contract template before signing?

    Yes. We share the pilot agreement and production MSA on request before any conversation moves to legal. Both are short documents, two to four pages, mostly liability and termination clauses. Source escrow is via a registered third-party escrow agent (NCC Escrow or equivalent EU).

05 Talk to us

The pricing page is short on purpose.

We are an early vendor with a small customer base. Your scope, your compliance surface, and your timeline matter more than the matrix above. Reach out, we tailor the first conversation to your context.

Schedule a 30-min call Insurance use case GitHub