The Rust proxy is free forever under Apache 2.0 — full detection pipeline, deterministic pseudonymization, and MCP server included. You pay when you want managed hosting, the policy engine, RBAC, compliance evidence, and support: the things that make CloakPipe production-ready for regulated industries.
Start free on your own infrastructure. Move to managed cloud when you want a dashboard and audit logs. Add the policy engine, RBAC, and a HIPAA BAA when you sell into regulated industries. Everything above Community is the commercial platform.
The detection pipeline, vault, and pseudonymization are open and free. The managed platform, policy enforcement, identity, compliance, and SLA are what you pay for. Every capability, mapped to every tier.
The free tier is not a trial. Detection and pseudonymization are commoditized and open — the proxy, CLI, vault, and MCP server are Apache 2.0 forever, and self-hosters can run them air-gapped at $0/GB. Paid tiers add managed operations and the governance layer regulated buyers require.
Open source is not a discount. It is how trust infrastructure earns its way into the stack — auditable, forkable, and free to run — while the managed platform funds the engineering behind it.
The open-source proxy is distribution. Detection is already free — OpenAI, Google, Microsoft, and the open-source community commoditized PII detection long ago. The hard problem was never finding sensitive data; it is building the complete trust infrastructure around it. So we give the proxy, the detection pipeline, and reversible pseudonymization away under Apache 2.0. Developers self-host, evaluate, fork, and embed it without a sales call.
The managed platform is revenue. Self-hosters get full detection and pseudonymization for free. Paying customers get the vault operations, policy engine, RBAC, audit exports, compliance evidence, and support that make CloakPipe production-ready for healthcare, legal, finance, insurance, and government — the part that closes enterprise deals.
This is the open-core model proven by Redis, Supabase, GitLab, and HashiCorp: an open foundation drives adoption and earns trust; a commercial layer of hosting, governance, and compliance generates the revenue. The open core is honest open source, not a crippled teaser — and the platform is worth paying for because it solves the operational and regulatory problems that open source alone cannot.
Enterprise data-security vendors hide behind opaque custom quotes. CloakPipe publishes its pricing, ships a free tier, and offers a self-host option that costs nothing per gigabyte. You always know what you would pay before you talk to anyone.
Straight answers on what is free, what is paid, how we treat your data, and how calls are counted. Anything else, email us directly.
Yes — free forever, Apache 2.0. The Rust proxy and CLI, the full tiered detection pipeline (OpenAI Privacy Filter, GLiNER2-PII, and regex/checksum validators), deterministic pseudonymization, the encrypted vault primitives, and the MCP server are all open source. You can self-host on Docker, Kubernetes, or fully air-gapped with no license and no per-call fee. There is no usage cap on the community tier when you run it yourself.
No. CloakPipe never trains on your prompts, responses, or vault contents. Detection runs locally on your infrastructure — no data leaves your perimeter to be detected. On managed cloud, data is processed in-transit only and the real values live exclusively in your encrypted vault. Audit logs record entity types and actions, never raw sensitive values, so the audit trail itself is privacy-safe.
Self-host (Community) if you want full control of infrastructure and keys, an air-gapped environment, or zero per-gigabyte cost. Choose managed (Pro and up) when you would rather not operate the service yourself and want a hosted dashboard, audit retention, and API key management. The same Rust binary, detection pipeline, and vault encryption run in both — managed simply adds operations, governance, and support on top.
Yes, starting on the Growth tier and included on Enterprise. CloakPipe provides encryption at rest and in transit, access controls, and audit logging, and gives healthcare AI companies exportable evidence that PHI is pseudonymized before it reaches any third-party model — supporting the HIPAA de-identification safe harbor. Enterprise adds VPC, on-prem, or air-gapped deployment and customer-managed KMS for the strictest environments.
One API call is one request that passes through the managed proxy — typically one prompt forwarded to an LLM provider and rehydrated on the way back. Streaming responses count as a single call regardless of how many SSE chunks are rehydrated. Async batch and directory scans are metered separately; talk to us if your workload is scan-heavy. Self-hosted Community usage is never metered.
Yes — that is the Platform tier. CloakPipe is designed to embed into AI gateways and model routers as middleware: one integration protects every downstream model call for all of your users. It includes a white-label option, per-request or flat licensing, co-marketing, and dedicated engineering support. Reach out at hello@rohan.sh.