What Enterprise actually gets

Honest list of what the Enterprise tier includes — and what it doesn't yet. No marketing fluff.

The /enterprise page sells the Enterprise tier in marketing language. This page is the honest engineering-honest version.

What's in production today

These are working, persisted, in the codebase:

  • All Pro features, including 5+ concurrent jobs (raised case-by-case)
  • Per-org isolation — every source, project, notebook, audit row, review item is scoped to your org. Cross-tenant leakage isn't possible without exploiting an auth bug; defense in depth via per-row org_id checks.
  • Cryptographic audit chain (SHA-256 per row, per-org chain). Verifiable via GET /api/audit-log/verify. See backend/CLAUDE.md Audit section.
  • Lineage exports (CSV + JSON sidecar) — every golden record points back to source rows with per-scorer decisions
  • Review queue for stewardship (manual flag + postflight auto-flag + approve/split/merge)
  • Direct support — Slack channel or email, founder-direct response
  • Custom contract, security review, DPA — the legal-and-procurement layer

What's in the roadmap, not yet shipped

The truthful list — these are real product gaps:

PPRL (Privacy-Preserving Record Linkage)

The cross-org matching capability the /enterprise page advertises. Not yet built. The audit + crypto-chain plumbing exists; PPRL itself (Bloom-filter or hash-based linkage between two orgs without exchanging raw data) is on the Phase 11+ roadmap.

What this means for you: if PPRL is a hard requirement, we'll quote you with a build-along delivery date (typically 8-12 weeks). If it's a "nice to have", we ship without it and revisit when it's GA.

SOC2 Type 2 attestation

We are SOC2-aligned (the controls match), but not attested yet. Type 2 attestation is a 6-12 month process with an external auditor; we're in evidence-collection now.

What this means for you: if your security team requires a SOC2 Type 2 report before signing, we're not there today. We can share our SOC2 readiness assessment, gap analysis, and control inventory. The full report is targeted for end of 2026.

Per-tenant secrets envelope encryption

Today: source credentials encrypted with a single symmetric key (pgcrypto). Phase 8-B work is migrating to per-org DEKs wrapped by a rotatable KEK. Not yet shipped.

What this means for you: if your contract specifies "tenant-isolated key material", we're a few weeks away. If "encrypted at rest" is enough, we're already there.

SSO + SAML

Clerk supports SSO + SAML on its enterprise plan. We pass through. What this means for you: if your IdP is OneLogin / Okta / Azure AD, we can wire it; contact us for the integration spec.

Custom retention windows on audit log

Today: audit log retains indefinitely (we don't auto-delete). Not yet shipped: a configurable retention window per org. Most enterprise customers want 7y; that's covered by "retain indefinitely". Some want strict 30/90/365-day with auto-purge; that's TODO.

SOC2-grade log retention

JSON structured logs land in Railway stdout today. Retention is whatever Railway gives us (~1 week). For SOC2/HIPAA/regulated workloads, we ship a daily S3 export of structured logs to a customer-controlled bucket with whatever retention your security team specifies.

What we will NOT do at the Enterprise tier

Worth being explicit:

  • On-prem self-host — engine is open-source (MIT goldenmatch); the platform is cloud-only. Self-host requests get answered with "use the open-source engine directly, here's the support tier we offer for that".
  • Custom UI builds — the workbench is one workbench. We won't fork it per customer.
  • Per-feature gating between Enterprise customers — every Enterprise customer gets the same surface. Features are shipped to everyone or to nobody.

How to actually buy

  1. Submit the Enterprise form with your team size + use case + the one or two things that are dealbreakers from the lists above
  2. We email back within 24h with a discovery call slot
  3. Discovery call (60 min) — your security team, our founder. Output: gap analysis + draft scope + indicative price
  4. Pilot — 4-6 weeks on a real dataset, no contract, refundable if it doesn't fit
  5. Annual contract, paid quarterly, custom MSA/DPA

Indicative pricing: $25k+/yr for typical mid-market, scales with seat count + concurrent-job needs + PPRL inclusion. Cheaper than Reltio/Tamr/Stibo by 5-10x; more honest about what's shipped vs. what's coming.

Questions? ben@bensevern.dev.

Team plan use cases — when collaboration is the bottleneckCustomer 360 with Golden Suite