Aleutian Logo Aleutian
Book a Technical Briefing

For AI products selling into the enterprise

Pricing that grows with your audit chain.

Three ways to engage — a 90-day production pilot, a standard subscription for live AI products, or a custom enterprise contract for regulated and high-volume deployments.

Pilot

$599/month

90 days

For teams who want to integrate Aleutian and validate in real production before committing.

  • 150,000 events per month
  • Full feature set — audit chain, DSAR portal, verifier SDKs, operator dashboard
  • 90-day term with one renewal extension available
  • We never auto-upgrade — you tell us when to move you to Standard
  • Same trust posture as Standard; no feature gating
Start a Pilot

Standard

$2,299/month

+ usage. 500,000 events included.

The plan most production AI products land on once they have paying enterprise customers.

  • 500,000 events per month included
  • $0.99 per 1,000 events above; rates drop at 5M and 25M
  • Full feature set from day one — nothing gated by tier
  • Month-to-month; no annual commit required
  • No surprise upgrade conversations
Talk to us

Enterprise

Talk to us

Custom contract

For organizations whose volume or compliance posture needs a custom contract.

  • Sustained volume above 25 million events per month
  • Custom data-residency (sovereign-cloud, single-region pinning)
  • Regulated-industry posture (FedRAMP, StateRAMP, IL4+, CJIS)
  • Dedicated single-tenant infrastructure and named technical contact
  • Custom commercials, terms, and annual commit
Talk to us

How Standard scales

Standard runs on a single pricing line, with volume bands that kick in automatically and no cliff-style overages to surprise you at month-end.

Events per month Price per 1,000
First 500,000 (included)
500,001 – 5,000,000$0.99
5,000,001 – 25,000,000$0.74
25,000,001+Custom contract (Enterprise)

An event is any signed entry in your audit chain — a prompt, a response, a consent grant, a consent revoke, a DSAR action, or a deletion — and your running totals are visible in the dashboard on an hourly basis so you can see usage building toward the next band well before it arrives.

How to think about the cost

If you compare to… The number lands as…
Your AI inference billTypically 5–10% on top
The enterprise deal you're trying to closeAbout 1% of a $250k ACV — a rounding error against the deal at stake
A single regulatory-inquiry response by outside counselLess than two days of billable partner time
One in-house privacy attorney's total annual compRoughly 10% of one full-time-equivalent
Building the audit chain in-houseFour to six months of engineering, then six to twelve more months on edge cases — most teams don't finish

What's in every plan

Tamper-evident audit chain.

Every prompt, response, consent grant, and deletion event signed with ML-DSA-65, the FIPS 204 post-quantum signature standard, under a per-tenant key in your own Cloud KMS keyring.

End-user DSAR portal.

A self-serve right-to-access, right-to-erasure, and right-to-portability flow that covers GDPR Articles 15, 17, and 20. Aleutian-hosted today, magic-link authenticated, no password required for your end users.

Signed deletion certificate.

Standalone, regulator-verifiable, no Aleutian dependency.

Per-tenant Service Account isolation.

Identity-bound IAM scoped to your dataset, auditable in your own Cloud Audit Logs.

Open-source verifier SDKs.

Go, Python, JavaScript. Verify your chain offline with no Aleutian dependency.

verify.aleutian.ai.

Public hosted verifier for your customers and regulators.

What Aleutian sees of your data.

Aleutian operates by default in zero-knowledge (ZK) mode, in which content flowing through the proxy is forwarded to your AI provider and never stored or logged on our side. In proxy mode, cleartext content is visible only at the ingest moment required to forward the request to your AI provider — by design, because today's AI provider APIs require cleartext to function. We do not persist that content unless you explicitly choose encrypted-storage mode, in which case it is encrypted with your own KMS wrap key at ingest and we cannot decrypt it afterward without your time-limited, chain-anchored consent.

Customers who require zero cleartext visibility at any moment can use SDK-only mode: your application hashes prompts and responses locally with our open-source SDK and Aleutian receives only the cryptographic fingerprint and audit metadata, never the underlying content. Either way, the audit chain entries themselves remain tamper-evident and verifiable independently of which capture path you use.

Multi-Tenant by Design

Your data lives in a per-tenant BigQuery dataset, with dedicated Pub/Sub topics and GCS buckets, hosted in your choice of US, EU, or JP regions. We never co-mingle storage between customers, and a per-tenant Service Account scopes IAM access down to your dataset alone — which means access is auditable in your own Cloud Audit Logs rather than in our internal systems.

Independent Verifiability

Every audit record is verifiable offline, with tampering detectable without contacting Aleutian. Open-source Go, Python, and JavaScript SDKs let your customers and their regulators run the same verification we do, against our published per-tenant public keys at verify.aleutian.ai. GDPR Art. 17 deletion events are anchored in the same chain and issue a standalone-verifiable signed certificate.

FAQ

Is there a free tier?

No. We're sales-led and every customer talks to us first. The Pilot at $599/month for 90 days is the lowest-friction commitment available.

What counts as an event?

Any signed entry in your audit chain — prompt, response, consent grant, consent revoke, DSAR action, deletion. We don't meter API calls separately, we don't meter seats, and we don't gate features by tier.

What happens if I exceed my plan's events in a month?

Standard has no overage cliff — volume bands kick in automatically and you see running totals hourly. Pilot overages get a one-time grace; we talk before any second overage. We never auto-upgrade you to Standard.

Can I cancel?

Yes. Standard is billed month-to-month unless we have a written annual agreement in place, Pilot runs for 90 days unless you decide to upgrade, and Enterprise contracts run on terms you negotiate at signature.

Do you offer annual prepay?

Yes, on Standard and Enterprise. Talk to us about discount and reserved-volume terms.

Does Aleutian see my data?

In proxy mode, briefly — at the ingest moment when we forward the request to your AI provider, because the provider APIs require cleartext. Nothing is stored or logged unless you explicitly opt into encrypted storage (in which case we encrypt with your KMS key and cannot decrypt afterward) or PII scanning (which is time-limited and the consent is logged in your own chain). Customers who want zero visibility can use SDK-only mode, where your application hashes content locally and only the fingerprint reaches us.

Where does my data live?

Your data lives in a per-tenant BigQuery dataset, with dedicated Pub/Sub topics and GCS buckets, hosted in your choice of US, EU, or JP regions. We never co-mingle storage between customers, and a per-tenant Service Account scopes IAM access down to your dataset alone — which means access is auditable in your own Cloud Audit Logs rather than in our internal systems.

How does this integrate with my existing privacy stack?

We sit underneath it. OneTrust, Transcend, DataGrail, or in-house tooling call our API for the cryptographic layer; we don't replace their workflow, dashboard, or training. The DSAR endpoints are designed to be called by whatever you already use.

Is there a non-profit or research discount?

We evaluate non-profit and academic-research requests case by case. Email us with a short description of what you're working on and we'll come back with terms that make sense for the project.

Not sure which plan?

Twenty minutes is usually enough to know which path is right.

Book a call

Get in touch

Send us a note.

Prefer async? Leave your contact details and we'll follow up within one business day.