PRICING

Open core. Three additive tiers. Pick the rung your audit posture needs.

Self-host the BSL Core for free, forever. Each commercial tier adds to the one below it. There is no “we left a feature out of your tier” — there is only “how far up the Defense-in-Depth Ladder does your compliance posture require you to be”. Every commercial feature has a BSL Change Date of four years — after that, it becomes Apache 2.0.

Core(BSL)

$0

Self-host, source-available BSL 1.1

Can a non-compliant write enter the catalog?

  • Catalog-level pre-commit validation
  • OSI v1.0 semantic engine — bit-identical metric semantics
  • Snapshot pinning and schema cache invalidation
  • Audit log foundation with SOC 2 control mapping
  • Basic Iceberg maintenance orchestration
  • Policy definition language (define once, compile to any engine)
  • Post-commit anomaly detection baseline
View on GitHub →

Multi-Engine

Talk to us

The Contract enforced identically on every engine you run

Does my governance posture hold when external engines read through Iceberg REST?

  • everything in Core
  • write-path enforcement across Spark, Trino, Snowflake, Dremio
  • cross-engine row filters and column masks compiled at runtime
  • cross-engine semantic consistency — same metric, any engine
  • multi-engine compaction coordination and conflict resolution
Talk to us →

Defense-in-Depth

Talk to us

Catalog + write-path + continuous scan + compute isolation

Can my auditor demand defense in depth on the write path?

  • everything in Multi-Engine
  • continuous compliance scan — automated evidence collection
  • GRC platform adapters (Vanta, Drata, Secureframe)
  • GDPR data subject request automation
  • branch-aware lifecycle policies and partition-spec versioning
  • cryptographic audit chain (HSM integration)
  • HIPAA technical safeguards bundle
  • dedicated Postgres pool with per-tenant RLS
  • custom retention policy templates
Talk to us →

Intelligence

Talk to us

ML detection, semantic anomaly, agent observability

What about leaks the upstream controls didn't see?

  • everything in Defense-in-Depth
  • ML-based anomaly detection on access and write patterns
  • semantic drift detection across engine consumers
  • agent observability — MCP tool call audit under Contract policy
  • per-tenant ML fine-tuning on your governance graph
  • compute isolation with managed credential vending gate
  • multi-region lifecycle coordination
  • quarterly executive review with founders
  • white-glove migration from any existing governance setup
Talk to us →

Additive tier coverage

Core
Core
Multi-Engine
Core
Multi-Engine
Defense-in-Depth
Core
Multi-Engine
Defense-in-Depth
Intelligence
Core
Multi-Engine
Defense-in-Depth
Intelligence
FAQ

Frequently asked about the four tiers

Why BSL and not Apache 2.0 for Core?

Business Source License 1.1 lets us keep the source available while preventing hyperscalers from hosting Neksur as a managed service without contributing back. Every release becomes Apache 2.0 four years after its release date — that is contractual, not promissory. You can read, modify, self-host, and study the source today.

What does "Change Date" mean for the commercial tiers?

Every Neksur release — Core and the three commercial tiers (Multi-Engine, Defense-in-Depth, Intelligence) — has a Change Date exactly four years from its release date. After that date, the code is Apache 2.0 permanently, regardless of our business state. There is no cliff: you keep the software you deployed.

Can we mix self-host Core and managed SaaS?

Yes — explicitly supported. Run Core self-hosted for highly-regulated tables that cannot leave your VPC, managed SaaS for the rest, with shared policy definitions and a single audit log. The Contract layer is the same whether you self-host or we operate it.

What happens at the design-partner cohort cap?

We are running a Q3 2026 cohort of six design partners. Once the six spots are filled, the cohort closes and the next intake is Q1 2027. Design partners get the Defense-in-Depth tier free for 12 months from proof of concept, plus a 50% discount on the first 24 months post-GA.

Do you have published price points or is this all "contact us"?

The four tiers have published floor prices ($0 / $48k / $150k / $250k annual). Final price depends on engine count, table volume, deployment model, and SLA. We tell you the price on the first call; we do not multi-week-sales-cycle.

How do I tell which tier I need?

Match the audit question. Can a non-compliant write enter the catalog → Core. Does my governance hold across engines → Multi-Engine. Does my auditor require defense in depth on the write path → Defense-in-Depth. Do I need detection beyond enforcement → Intelligence.

Get in touch

Q3 2026 design partner cohort

Six spots. Free Defense-in-Depth tier for 12 months from PoC. 50% off the first 24 months post-GA. Direct line to founders. Three-engine minimum. Apply by July 1, 2026.

Product The Contract Compare Pricing Customers Talk to us