Start free. Upgrade when you need more gateways, actions, or features. Every plan is self-hosted on your infrastructure.
Monthly and annual billing available
Get started with core policy enforcement. Self-hosted only. All features testable — no time limit.
For teams shipping to production. Full enforcement and integrations.
Unlimited gateways, batch API, and config management for growing teams.
Unlimited actions, custom SLAs, SSO/SAML, dedicated support engineer, and on-premise deployment. Built for organizations with compliance requirements.
Contact salesSide-by-side breakdown of every plan
| Feature | Starter | Pro | Team | Enterprise |
|---|---|---|---|---|
| Limits | ||||
| Gateways | 3 | 10 | Unlimited | Unlimited |
| Actions / month | 1,000 | 10,000 | 50,000 | Custom |
| Audit retention | 30 days | 30 days | 1 year | Custom |
| Rate limit | 120 req/min | 120 req/min | 120 req/min | Custom |
| Core enforcement | ||||
| Transparent HTTP/HTTPS proxy | ||||
| CLI proxy mode (tf run) | ||||
| Credential vault | ||||
| Per-gateway permissions | ||||
| Policy engine (14 operators) | ||||
| ES256 decision tokens | ||||
| Kill switch (global + scoped) | ||||
| Encryption at rest (AES-256-GCM) | ||||
| Connectors | ||||
| GitHub | ||||
| OpenAI | ||||
| Anthropic | ||||
| Stripe | ||||
| Slack | ||||
| Generic HTTP | ||||
| Webhook connector | ||||
| Dashboard & monitoring | ||||
| Traffic log | ||||
| Audit log | ||||
| Analytics charts | ||||
| Dashboard approvals | ||||
| Prometheus metrics | ||||
| Webhook callbacks | ||||
| Slack approval notifications | ||||
| Advanced features | ||||
| Batch API (up to 20/call) | ||||
| Config export / import | ||||
| SSO / SAML | ||||
| WebSocket proxy | ||||
| Custom SLAs | ||||
| Dedicated support engineer | ||||
| On-premise deployment support | ||||
| Support | ||||
| Community (GitHub) | ||||
| Email support | 48h response | 4h response | 1h response | |
| Dedicated Slack channel | ||||
| Annual billing (~17% savings) | ||||
Solo developer
1-2 gateways · ~500/month
Starter (free)
Personal projects, experimentation, single-agent workflows
Small team (3-5 engineers)
3-8 gateways · ~5,000/month
Pro ($20/mo)
Multiple agents in staging/production, webhook integrations
Platform team (10+ engineers)
10-50 gateways · ~30,000/month
Team ($49/mo)
Many agents across services, batch API, config export/import
TameFlare is source-available under the Elastic License v2 (ELv2). Every plan is self-hosted on your own infrastructure. Action data stays on your servers — external integrations (Slack, webhooks) send data only to endpoints you configure.
An action is a single HTTP request that matches a connector and is parsed into a structured action (e.g., github.pr.merge). Requests to domains without a connector are blocked but not counted. Dashboard usage, health checks, and dry-runs do not count.
Yes. All plans are self-hosted. Your subscription upgrades your instance's tier, limits, and features via Stripe. No external license server required.
The API returns a 402 response with your current usage and a link to upgrade. Your existing actions and policies continue to work — only new action requests are blocked until the next billing period or an upgrade.
Subscribe via Stripe Checkout from the pricing page or dashboard. Your plan tier is stored in the database and updated automatically by Stripe webhooks. You can manage your subscription, update payment methods, and view invoices from the dashboard.
Total registered gateways, not concurrent. A gateway is a named proxy instance in TameFlare (e.g., 'production', 'staging'). You can deactivate and reactivate gateways without counting toward the limit.
Your instance continues to run with Starter-tier limits (3 gateways, 1,000 actions/month). No data is lost. Resubscribe from the dashboard to restore your tier.
Yes. Toggle between monthly and annual billing at the top of the pricing cards. Annual plans save approximately 17% compared to monthly billing.
There is no time-limited trial. Instead, the Starter tier includes all core features (proxy, 7 connectors, credential vault, dashboard, audit) so you can fully evaluate TameFlare before upgrading. The only differences in paid tiers are higher limits and additional features like webhooks and batch API.
Yes. The Gateway proxy intercepts all HTTP traffic, injects credentials, and enforces permissions structurally. It is the core enforcement mechanism — there is no alternative path. Run any process through it with a single CLI command.
Yes. The Starter tier is free forever with no credit card required. It includes the full proxy gateway, all 7 connectors (GitHub, OpenAI, Anthropic, Stripe, Slack, generic HTTP, webhook), credential vault, dashboard, and 30-day audit retention.
For unlimited actions, custom SLAs, dedicated support, and on-premise deployment, contact us for custom pricing. SSO/SAML is available starting from the Team tier.