Pricing & tiers

The Ratify Protocol and reference SDKs are free forever under Apache-2.0. Ratify Verify — the managed control plane — is a commercial product priced on verifications per month plus per-seat for team administration.

Pricing model at a glance

                  Verify-call billing                Per-seat billing
                  ──────────────────                 ────────────────

   Every successful verify_bundle()                  Every admin / member
   call against your tenant's policy                 with access to the
   counts as one verification.                       Verify dashboard,
                                                     audit log, or API
   No charge for SDK-side verify                     keys.
   calls that never hit Verify
   (offline / self-hosted).

Tiers

Note: Pricing is currently in alpha-pricing mode. Final tiers and dollar amounts may move before v1.0 stable. Design partners pay introductory rates; standard tiers below are the current target for GA.

Tier	Verifications / month	Audit retention	Seats	Surfaces	Support	Price
Personal	100	7 days	1	API only	Community	Free
Org Free	500	7 days	5	API + Meetings (observe)	Community	Free
Org Pro	10,000	30 days	25	All 4 surfaces (enforce)	Email (48h)	$49 / mo
Org Business	100,000	90 days	Unlimited	All 4 + high-assurance verify	Priority (4h)	$199 / mo
Enterprise	Unlimited	365 days	Unlimited	All 4 + SAML SSO + on-prem	Dedicated + SLA	Custom

What “verifications” means

Each call to verify_bundle() routed through Verify counts as one verification. Three things are NOT counted:

Offline SDK verifies — verify_bundle() called locally without contacting Verify. The SDK never phones home. If you self-host the verifier and just use Verify for revocation hosting, you’re billed only for revocation-list fetches.
Failed verifications — invalid bundles that the verifier rejects don’t count. Only valid verifications burn quota.
Internal/admin operations — logging in, fetching audit logs, listing platforms. Those are covered by the per-seat charge.

Overage policy

Free and Pro tiers are hard-capped — once you hit your monthly quota, additional verifications return 429 over_quota until the month resets. This prevents accidental bill spikes.

Business and Enterprise are soft-cap with metered overage — additional verifications are billed at $0.001 each (Business) or per-contract (Enterprise). You get an email alert at 80%, 100%, and every 25% above 100%.

Surface differentiation

Each tier unlocks different adapter surfaces:

                          Free / Personal      Pro              Business          Enterprise
                          ───────────────      ───              ────────          ──────────

   API Gateway            ✓ (built-in)         ✓                ✓                 ✓
   Meetings (observe)     ✓ (Org Free)         ✓                ✓                 ✓
   Meetings (enforce)     ✗                    ✓                ✓                 ✓
   Voice gateway          ✗                    ✓                ✓                 ✓
   Physical AI            ✗                    ✗                ✗                 ✓
   High-assurance verify  ✗                    ✗                ✓ (available)     ✓ (default)

API Gateway is built into every tier — that’s the baseline. Meeting verification gradates from “observe and log” (free tier — useful for visibility) to “enforce policy” (Pro+). Physical AI requires Enterprise because the geo-attestation patterns demand custom integration.

Per-seat charge

The dashboard, audit viewer, and admin API are per-seat. Every user with access to the Verify console counts as a seat.

Tier	Included seats	Additional
Org Free	5	n/a (locked)
Org Pro	25	$10/seat/mo
Org Business	Unlimited	n/a
Enterprise	Unlimited	Per-contract

Read-only auditor seats (audit log + reporting access only, no policy edit) cost half as much.

On-prem and self-hosted Verify

Enterprise tier includes the option to deploy Verify entirely on customer infrastructure (VPC or on-prem). Pricing in that mode is annual contract, not per-verification — the customer runs the infra, Identities AI licenses the binaries and provides upgrade/support.

This is the right mode for:

Air-gapped or partially air-gapped deployments
Regulators who require source-code escrow
Customer-controlled key custody where Identities AI must not have access
High-volume verifiers where per-verification pricing exceeds infrastructure cost

When the protocol is enough (no Verify needed)

You don’t need Verify if:

All your verifiers run in environments where you can fetch revocation lists yourself (a single corporate network, an embedded fleet on a custom protocol, etc.)
Your audit requirements are satisfied by your existing logging stack
Your principals are technical users comfortable with self-custody
You don’t need policy gating beyond what scope, constraints, and revocation_list already provide at the SDK layer

Most early-stage projects, research demos, hackathons, and open-source side projects don’t need Verify. The protocol is yours.

Where to next

What Verify adds — feature-by-feature comparison
Onboard a platform — how an agent platform integrates with Verify
Callback contract — the webhook surface