Pricing  //  Cryptographic evidence custody  //  Regulated frameworks

Priced by scope, not per-receipt.

The system of record for engineering truth. Cryptographically signed, deterministic audit evidence — generated automatically.

Pricing scoped to your compliance footprint — not the volume of incidents your firm experiences. Built for Heads of Risk operating under SOC 2 Type II, ISO 27001, NYDFS Part 500, DORA, SR 11-7, or equivalent. Verifiers are free forever. Charter is closing. Enterprise and Sovereign tiers serve regulated institutions with custom commitments. Exception receipts don't count against your quota — we want you recording the failures. Verification by audit firms — firms such as KPMG, Deloitte, EY, PwC, BDO, Grant Thornton, or independent — is included at every tier.

Exception receipts free forever
Auditor seats always unlimited
Evidence verifies offline forever

What you're paying for

Architecture, not access.

Proof of mechanism

Déjà is not an LLM wrapper. It is a deterministic engine performing raw Abstract Syntax Tree (AST) analysis on every code change. Attribution is computed from a Causal Confidence Score (CCS) using eight weighted scoring factors (W1–W8). Output: a Ed25519-signed receipt written to an immutable, append-only ledger. No probabilistic guessing. No hallucination at audit time. Triggered via background webhook interception on every merge event. The pricing below reflects scope of what's protected — not "premium AI" pretending to be deterministic.

For the engineer · zero-friction

  • Zero-click compliance — receipts auto-generate
  • Background webhook interception — silent on merge
  • No manual screenshotting of Jira / Slack / logs
  • No audit-prep sprints — evidence ready before the auditor calls

For the auditor · instant verification

  • Live Verifier via dsr-verifier-cli — Apache-2.0 open source
  • Independent Ed25519 signature verification, offline
  • No Déjà account required to verify a receipt
  • No source code access — auditors verify attribution, not the codebase

Vs. manual evidence gathering

Based on Déjà's conversations with regulated-firm engineering teams, audit prep can consume multiple FTE-weeks per cycle reconstructing evidence by hand — searching Slack for incident context, screenshotting Jira tickets, copying deployment logs into spreadsheets, manually annotating bundles before the auditor arrives. The cost compounds across SOC 2 Type II, ISO 27001, NYDFS Part 500, DORA, and SR 11-7 cycles. Déjà eliminates the category. The math the CISO uses to justify the budget:

Metric 1 · Engineering hours saved

Engineering time previously spent reconstructing evidence is reclaimed for product work.

Metric 2 · Audit risk reduced

Cryptographically verifiable, tamper-evident receipts eliminate the audit-finding category of "evidence reconstruction was manual."

Zero-trust principle

Receipts are independently verifiable. No implicit trust required between Déjà, the customer, or the audit firm. Every tier below — including Verifier, which is free forever — preserves this property.

Open / VerifierFree forever

Offline verification·CLI + DSR/1.0 spec·Apache-2.0·no account required

Install the CLI
Charter · founding customers

Founding customers get direct product input, white-glove onboarding, and a permanent voice in the DSR/1.0 standard. 15 total seats — Charter closes when filled.

0/ 15seats remaining

Charter

Founding customers·direct product input

$30K

per year · locked for life

75% off Standard · founding pricing held for the life of your subscription

Seats includedUp to 15
  • Full admin & auditor experience
  • Up to 42 receipts / month included
  • Direct product-shaping input
  • DSR/1.0 working group seat
  • White-glove onboarding
  • 30% discount on any future tier upgrade
Apply for Charter →
Most Common

Standard

Mid-market·SOC 2 / HIPAA / equivalent

$10K

per month · annual commitment

$120K / year

Receipts / month209
  • Multi-framework · multi-engagement
  • Up to 30 admin seats · unlimited auditor invites
  • All exception receipts (R1-L, R1-N, R2-F, R2-R)
  • Governance log · exportable audit trail
  • Full Schema Deduction Engine
  • SSO / SAML included
  • Priority support + onboarding call
Create vault →

Enterprise

Regulated financial services·healthcare·critical infrastructure

$300K+

per year · custom contract

2.5× Standard · scoped to your audit footprint

Receipts / yearUnlimited
  • Multi-vault deployment · isolated tenant infrastructure
  • Custom retention · multi-year evidence custody
  • R0 ingestion receipts · upstream-of-attribution evidence
  • Dedicated Customer Success Manager
  • 99.99% uptime SLA · contractually backed · public API; signal-ingest SLO is 99.5% — see /sysdocs
  • Dedicated integration support · custom data residency (US live · EU/APAC coming H2 2026)
  • Full governance export · regulator-direct evidence transfer
Book a call →

Sovereign

Central banks · sovereign wealth
large regulators · government

Isolated dedicated deployment·multi-decade evidence retention·direct DSR/1.0 governance seat·custom regulatory integrations·contractual sovereignty guarantees

$1M+/ year
Book a call

Why these numbers make sense

One eliminated audit-prep cycle pays for four years of Standard.

Pricing is anchored to the real cost of the problem Déjà solves: evidence reconstruction at audit time. At a mid-sized regulated firm running three frameworks (SOC 2 Type II, ISO 27001, HIPAA), audit prep consumes senior engineering and compliance staff for weeks per cycle, every quarter. Déjà replaces reconstruction with retrieval. The math is simple and it's in your favor — even at the Standard tier where most teams land.

anchor: audit_prep_labor_roi

Illustrative model · Annual audit-prep labor cost

~$220K loaded ÷ 52 weeks × 2.2 weeks × 4 cycles/yr × ~1.9 staff

$372,000 per year reconstructing evidence

vs

The Cost · Standard tier annual

$10,000/mo × 12 =

$120,000 per year

One year of recovered audit-prep labor pays for

3.1 yrs

of Standard tier. And that's before counting the audit findings you avoid — a single high-risk finding at a regulated firm typically triggers $200K–$500K in remediation, consultant fees, and regulatory-relationship cost. Avoid one finding, pay for four to seven years.

Scope comparison

Everything, side by side.

Every feature and limit across all five tiers. No hidden asterisks. Exception receipts are never counted.

tiers: 5
Feature
Charter$30K/yr · locked for life
Standard$10K/mo
Enterprise$300K+/yr
Sovereign$1M+/yr
Receipts & quotas
Included receipts per month
42
209
Custom
Unlimited
Exception receipts (R1-L, R1-N, R2-F, R2-R)Free on every paid tier — we want you recording the failures
Receipt retention
2 years
5 years
Custom
Multi-decade
R0 ingestion receiptsRaw-signal audit trail for regulated environments
Signed resolution evidence — pass or failA Resolution Receipt is issued for every resolution attempt, regardless of whether the gates passed
DSR Fix CodeHuman-readable audit reference (DSR-FIX-2026-PMTS-0047) embedded in every signed Resolution Receipt — auditor-friendly by design
Frameworks & audit scope
Compliance frameworks supported
Single
Multi
Unlimited
Unlimited
Multi-engagement supportConcurrent auditor engagements on the same vault
Governance log · exportable audit trail
Deployment & scale
Admin seats
Up to 15
Up to 30
Unlimited
Unlimited
Auditor invitations
Unlimited
Unlimited
Unlimited
Unlimited
Vaults
1
Up to 5
Multi-vault
Isolated
SSO / SAML
Custom data residency (US live · EU/APAC coming H2 2026)
H2 2026
Support & governance
Community + email support
Priority support + onboarding call
Dedicated Customer Success Manager
99.99% uptime SLA (public API) · 99.5% signal-ingest SLO — see /sysdocs for full SLO definitions
DSR/1.0 working group seatPermanent voice in the open standard

Common questions

Honest answers to the hard questions.

The questions we get asked on every sales call. Answered once, here.

What counts as a receipt?
A receipt is one signed attribution event — issued when Déjà identifies the causal PR for an incident with Causal Confidence Score ≥ 0.80. First occurrence or repeat, both count. What doesn't count toward your quota: exception receipts (R1-L, R1-N, R2-F, R2-R) where the system had to work hardest. We explicitly don't charge for those because we want you recording the failures — that's where the evidence matters most.
What if our scope is smaller than Standard?
Standard is the public baseline for regulated firms running multiple frameworks simultaneously (SOC 2 + ISO 27001 + HIPAA + PCI-DSS, for example) or multiple concurrent audit engagements. If you operate at smaller scope — for example, an early-stage regulated startup preparing for your first SOC 2 Type II under a single framework — we have a single-framework tier available — contact sales. Talk to us and tell us about your scope; we'll map you to the right tier.
Why is Charter priced annually if it's a founding-customer program?
Charter is a founding-customer program, not a standard tier. The $30K/year price is locked for life — meaning your annual cost stays at $30K even when Standard reaches $10K/mo ($120K/year), Enterprise reaches $300K+/year, and the regulated-evidence category matures. You get founding pricing held for the life of your subscription. Charter is annual rather than perpetual because that aligns with how regulated firms procure compliance tooling — annual OpEx budget, annual renewal review, annual ROI defense — and because the founders-direct relationship is built around continuous engagement, not a single transaction. Founding-customer benefits: direct founder support, named founding partner status, permanent DSR/1.0 working group seat, 30% discount on any future-tier upgrade (Standard, Enterprise, or Sovereign).
Why are exception receipts free?
Because we want you recording the failures. Exception receipts (R1-L, R1-N, R2-F, R2-R) are the forensic-grade receipts issued when the system couldn't produce a clean high-confidence attribution — low confidence match, no match, fix failure, or recurrence against a prior fix. If we charged for those, we'd be taxing the evidence that matters most to your auditor. Exception receipts are free forever, on every paid tier. We align our pricing with what we want you to do.
What happens to my receipts if I downgrade or cancel?
Receipts you've earned are yours forever. You can export your full receipt ledger at any time as a portable JSON + PDF bundle that verifies offline using our open-source dsr-verifier-cli. If you cancel entirely, export is available for a limited window after cancellation — contact support for details. No vendor lock-in — if Déjà disappeared tomorrow, your evidence is still valid. That's the point of the open Verifier tier.
What's included in Sovereign that Enterprise doesn't have?
Sovereign is for institutions where regulatory posture is the product. It includes isolated dedicated deployment (your own infrastructure, not shared tenancy), multi-decade evidence retention (7+ years minimum, longer on request), direct DSR/1.0 governance seat (you vote on the open standard), and custom regulatory integrations (e.g., direct integration with central bank reporting systems). Enterprise serves regulated companies. Sovereign serves the regulators themselves.
Can I upgrade or downgrade mid-contract?
Upgrade: anytime. Prorated for the remainder of your current annual period. New features unlock immediately. Downgrade: takes effect at annual renewal. Your receipts retain their original retention class. Charter customers upgrading into Standard, Enterprise, or Sovereign get a 30% discount on the new tier — that's part of the founding-customer benefit.
Do you offer nonprofit or academic pricing?
Yes — qualified 501(c)(3) nonprofits and accredited academic institutions are eligible for a 50% nonprofit/academic discount — contact sales with proof of status and we'll confirm eligibility. The Open Verifier tier is always free for everyone, regardless of organizational type.
Does Déjà store our source code?
No. Déjà reads transient webhook diffs and error payloads at merge time and incident time. It never clones your repository, reads historical files, or accesses runtime data. We store fingerprints and correlation evidence — never the underlying code. For the full security posture, see the Security page.

Start building your audit trail today.

Install the free verifier. Start a Standard trial. Apply for Charter while seats remain. Every path gets you to the same signed-receipt evidence that holds up to any audit. Talk to us if your scope is smaller than Standard — we have a single-framework tier available — contact sales.

Create vaultTalk to sales

> free_trial: active  //  no_card_required  //  charter: 0 of 15 seats remaining