You pay for edge reads and monthly active users. Encryption, consistency, and the edge itself are not premium features.
We also meter config writes and secret operations — so you can see them. Included in every tier, never billed.
The MIT core on your own Cloudflare account: same workers, same Durable Objects, no telemetry, no callback. Enterprise identity features (SSO, SCIM, advanced RBAC) are commercial and entitlement-gated.
Allowance, rate, and support figures are launch placeholders — Stripe pricing is not yet activated. Tier structure and entitlements match the control plane. "Talk to us" appears only where a human is genuinely required.
| per-secret DEK | AES-GCM-256 |
| workspace KEK | HKDF from MASTER_KEK |
| plaintext scope | api worker, transient |
| delivery plane | cannot decrypt |
| stat | value | where |
|---|---|---|
| p99 edge read | <10 ms | in-memory L1 over KV |
| cities serving reads | 300+ | Cloudflare network |
| consistency at the core | strong | one Durable Object per workspace |
| plaintext lifetime | microseconds | api worker boundary only |
| telemetry phoning home | 0 | policy, enforced in CI |
One GET against the delivery plane (cdn.edgevault.io). L1 cache hits count; your origin reads don't exist because there is no origin.
A unique end-user identity evaluated for flags in a calendar month. Anonymous percentage rollouts don't create MAUs.
An allowance, stated above. When you outgrow it, the Pro meter starts. That's the catch.
No. The MIT core is the same code path the managed edge runs. Enterprise identity features (SSO, SCIM, advanced RBAC) are commercial and gated by signed entitlements.
No. They're metered so you can see them in your usage, and included in every tier.
No. The open-core boundary check in CI fails any build that adds telemetry to core.
Yes. Export is a first-class API, and the data model is the same Drizzle schema either way.