Plans & Billing
DriftWise offers three plan tiers. Billing runs through Stripe — upgrade, downgrade, and payment management happen on Stripe-hosted pages the app redirects you to. For the underlying HTTP endpoints, see the billing tag of the API reference.
Plan comparison
| Limit | Free | Team | Enterprise |
|---|---|---|---|
| Cloud accounts | 1 | 10 | Unlimited |
| State sources | 1 | 10 | Unlimited |
| Scheduled scans | 1 | 20 | Unlimited |
| API keys | 2 | 10 | Unlimited |
| Seats | 1 | 10 | Unlimited |
| AI analyses (platform LLM) | 5 / week | Unlimited (20/hr rate limit) | Unlimited (contract rate limit) |
| AI analyses (BYOK) | Unlimited | Unlimited | Unlimited |
| History retention | 24 hours | 30 days | Unlimited |
| Concurrent scans | 1 | 20 | Unlimited |
The platform weekly quota resets at 00:00 UTC each Monday (ISO week). The hourly rate limit is a fixed bucket (not sliding) — a burst of 20 calls at 12:59 followed by 20 more at 13:00 is intentional for runaway protection and does not degrade to a lower effective cap. BYOK requests bypass both the weekly quota and the hourly rate limit entirely. See LLM providers to configure a persisted BYOK credential.
Feature flags
| Feature | Free | Team | Enterprise |
|---|---|---|---|
| Slack notifications | - | Yes | Yes |
| SSO / SAML | - | Yes | Yes |
| SCIM provisioning | - | - | Yes |
| Compliance Pack (SOC 2 evidence export) | - | Yes (30-day window) | Yes (unlimited window) |
Usage
The usage endpoint returns current seat counts and subscription
status. seats.included of -1 means unlimited. The legacy monthly
analysis count was removed in migration 00037 — platform-LLM
throttling now lives on a weekly quota + hourly rate-limit pair,
exposed separately at GET /orgs/:id/llm-usage. See
Platform LLM Quotas for the quota
mechanics.
Upgrading
Via the UI
Go to Settings > Billing and click Upgrade. This is the path 99% of users take.
Via the API
The checkout endpoint creates a Stripe Checkout session and returns a
hosted URL you redirect the user into. Accepts month or year as
the billing interval. The route is OIDC-only — API keys are rejected
outright because billing changes must map to a specific human in the
audit log.
Managing your subscription
The Stripe-hosted Customer Portal is where subscription changes, payment method updates, invoices, and cancellations live. DriftWise doesn't replicate that UI — we generate a one-time portal URL and redirect you to it.
Enforcement
Plan limits are enforced at the handler layer, not at billing time.
Every block returns the canonical PaymentRequiredResponse shape
(code, message, required_plan, plan, plus code-specific
details); the code field is the stable discriminator callers
should switch on. The full code set:
code | HTTP | Emitted when | Extra fields |
|---|---|---|---|
plan_limit_exceeded | 402 | Resource-count limits: cloud accounts, state sources, scheduled-scan count, API keys, seats | resource, limit, used |
plan_concurrent_limit | 402 | Bulk or scheduled scan would push concurrent scans over cap | limit, current |
plan_schedule_frequency | 402 | Cron expression fires more often than the plan's minimum interval | min_interval, interval |
plan_feature_unavailable | 402 | Feature gate: Slack, SSO, SCIM, Compliance Pack | feature |
plan_weekly_quota_exhausted | 402 | Platform-LLM weekly quota reached | used, cap, week_resets_at, byok_config_url |
plan_hourly_rate_limit | 429 | Platform-LLM hourly rate limit reached; response carries Retry-After | used, cap, hour_resets_at, byok_config_url |
plan_hard_off | 402 | Plan has the platform-LLM gate explicitly disabled (cap=0) | bucket |
See Platform LLM Quotas for the weekly / hourly / BYOK interaction.
What gets enforced
| Limit | Enforcement |
|---|---|
| Cloud accounts | 402 plan_limit_exceeded on account creation |
| State sources | 402 plan_limit_exceeded on state source creation |
| Scheduled scans | 402 plan_limit_exceeded on schedule creation |
| API keys | 402 plan_limit_exceeded on key creation |
| Seats | 402 plan_limit_exceeded on member invitation |
| Concurrent scans | 402 plan_concurrent_limit on bulk/scheduled scan |
| Schedule interval | 402 plan_schedule_frequency if cron fires more often than plan allows |
| Feature gates (Slack, SSO, SCIM, Compliance Pack) | 402 plan_feature_unavailable on feature access |
| Platform-LLM weekly quota | 402 plan_weekly_quota_exhausted on analyze / fix / drift narrative |
| Platform-LLM hourly rate limit | 429 plan_hourly_rate_limit with Retry-After |
Legacy count/cost caps (max_analyses_per_month, daily_token_limit)
were replaced by the weekly/hourly gate pair in migration 00037 —
those columns still exist for analytics back-compat but are all -1
(unlimited) and no longer enforced.
BYOK bypasses both the weekly quota and the hourly rate limit — you pay your LLM provider directly, and platform counters are never touched.
Seat overage
Team plans include 10 seats. Additional seats are $12/month each, billed automatically through Stripe. Seat overage is best-effort: membership creation is never blocked by a failed Stripe seat-sync call. The Stripe call runs in a background goroutine after the membership row commits, so a transient Stripe outage leaves the member added but under-billed until the next sync.
Endpoint reference
All billing endpoints are documented in the billing tag of the API reference.