Annual licences. Flat rate. Self-hosted on your infrastructure.
Annual licences paid upfront — aligned with EU enterprise budget cycles. All plans include self-hosted deployment. No per-seat pricing, no usage-based surprise invoices.
Self-hosted deployment with core audit logging, access controls, and MongoDB support. Advanced compliance features and SSO require a paid tier.
Engineering teams evaluating before procurement. Self-hosted on your own infrastructure — no vendor relationship required until you need compliance reporting or SSO.
- Full self-hosted deployment
- Core audit log — INSERT-only, tamper-evident
- MongoDB support
- Database access control
- Scripts, files, and scheduled jobs
- Community support
Full compliance evidence, automated DSR processing, and priority support. Pass security reviews and satisfy auditors.
Series A scale-ups with 15–50 employees in fintech, healthtech, or SaaS that need to pass security reviews and respond to DSRs.
- Everything in Community
- Full audit log with compliance export
- Automated DSR processing
- Role-based access and privilege management
- GDPR & NIS2 compliance reporting
- Priority email support
- Onboarding assistance
- Optional 2-year discount — 10% off
DORA & NIS2 compliance module, air-gapped deployment, and a dedicated support SLA.
Fintech and healthtech teams with 50–150 engineers facing regulator scrutiny or enterprise procurement requirements.
- Everything in Professional
- DORA & NIS2 compliance module
- Air-gapped / on-premise deployment
- Dedicated support with SLA
- Privilege escalation detection and alerting
- Multi-team / multi-environment access management
- Quarterly security review calls
- Custom contract and invoicing
- Multi-year discount — 10% off 2-year
All prices are annual licences paid upfront · Aligns with EU enterprise budget cycles (Q4/Q1 approval) · All prices exclude VAT · EU reverse charge applies for VAT-registered buyers
Frequently asked questions
Is there a free tier for Scalple?
Yes. The Community tier is free and includes self-hosted deployment on your own EU infrastructure, core INSERT-only audit logging, MongoDB support, scripts, files, and scheduled jobs. ARCHIVE & WORM storage, compliance documentation AI, and SSO integration are available on paid tiers. There is no time limit on the Community tier.
Does Scalple charge per seat for read-only users?
No. Read-only access — viewing audit logs, running approved saved queries, and reviewing permissions — is not counted toward seat limits on any tier. Per-seat pricing applies only to operators: users who can create database connections, write and execute TypeScript queries, and manage permissions. Most teams have a small number of operators and many reviewers, so this model significantly reduces licence cost compared to conventional per-seat tools.
Is there a SaaS or cloud-hosted version of Scalple?
No. Scalple is self-hosted only. Your database credentials, query results, and audit logs never leave your infrastructure. There is no managed cloud version and no plan to introduce one. This is an architectural decision, not a roadmap gap — a SaaS model would require your data to transit a third-party environment, which contradicts the zero-credential-exposure and data-sovereignty guarantees the product provides.
Are licences annual or monthly?
All paid licences are annual, paid upfront. This aligns with EU enterprise procurement cycles — most security tooling budgets are approved quarterly (Q4/Q1) as annual line items. Monthly billing is not available. Community tier is free with no billing cycle.
What is included in Enterprise tier that Professional does not have?
Enterprise adds: custom data retention policies for the audit trail, dedicated support with a named technical contact, a signed GDPR Article 28 Data Processing Agreement, custom field-level redaction rules, and priority access to new database connector releases. Professional includes SSO integration, compliance reporting exports, and standard support. Both tiers include all core features: audit logging, field-level permissions, V8-sandboxed query execution, and zero credential exposure.