Pricing & Packaging — Ironframe GRC
Status: Board-sanctioned commercial framework (Q2 2026) · Release: v0.1.0-ga-epic17
Engineering bind: Epic 17 billing architecture
Ironframe is positioned as the quantitative GRC command post for regulated mid-market organizations and MSSPs — defensible ALE, zero-trust ingest, and an observable agent workforce, not heatmap theater or bolt-on AI chat.
Constitutional pricing standard
Ironframe rejects per-user, per-month seat licensing to eliminate fractional float billing and renewal escalators common in first-generation compliance automation (Vanta, Drata, Sprinto).
| Principle | Implementation |
|---|---|
| Flat annual platform fees | Stored as BigInt integer cents in PostgreSQL — never float |
| Predictable renewal | No seat-count multiplier; tier scoped by organization envelope |
| Value over cheapest entry | Premium vs $6/user tools; accessible vs ServiceNow / MetricStream / Optro services lock-in |
Board-approved SKUs (design-partner GA)
| Commercial SKU | Annual fee (USD) | basePriceCents (BigInt) | Employee envelope | Engineering plan tier | Primary modules |
|---|---|---|---|---|---|
| Fintech Seed Gate (Tier 1) | $35,000 | 3500000 | 5–25 | BASELINE | GRC Command Center, Irongate ingest, Ironquery exports, SOC2/ISO27001 pressure workflows |
| Series A Growth Shield (Tier 2) | $75,000 | 7500000 | 26–50 | SUSTAINABILITY | Tier 1 + Ironbloom (kWh, L, km), carbon pulse, sustainability analytics |
Reference tenant slugs (demo / design partner): medshield → BASELINE · vaultbank → VAULT (financial WORM add-on path) · gridcore → SUSTAINABILITY.
Tier 1.5 — Vault track (financial services)
| Commercial SKU | Positioning | Engineering tier | Notes |
|---|---|---|---|
| Vault Shield | Regulated financial enclave | VAULT | Evidence locker WORM, boardroom audit logs, dual-gate vault UX — custom annual quote until Stripe Price object published; target between Tier 1 and Tier 2 |
MSSP Platform (multi-tenant operators)
| Commercial SKU | Positioning | Notes |
|---|---|---|
| MSSP Command Post | Global Command Center, scoped tenant fleet | Volume tenant discount · Contact sales · not self-serve |
Stripe Price IDs and checkout metadata (plan_sku, basePriceCents) — Phase 2 engineering bind. See Epic 17 §10.
Product packaging matrix (engineering entitlements)
Maps to app/lib/auth/tenantFeatureEntitlement.ts — enforced server-side when billing is ACTIVE.
| Plan tier | Slug examples | Entitled features | Export quota / mo |
|---|---|---|---|
| BASELINE | medshield, defense, acmecorp | GRC_DASHBOARD, IRONQUERY_EXPORT | 25 |
| VAULT | vaultbank | + EVIDENCE_LOCKER_WORM, BOARDROOM_AUDIT_LOGS | 200 |
| SUSTAINABILITY | gridcore | + SUSTAINABILITY_ANALYTICS, CARBON_PULSE | 100 |
Ironbloom physical-unit ingress (kWh, liters, km) is never priced inside telemetry rows — monetary translation occurs only in downstream BigInt reconciliation loops.
Competitive positioning (2026 mid-year)
| Segment | Examples | Ironframe wedge |
|---|---|---|
| Compliance automation | Vanta, Drata, Secureframe, Sprinto | Deeper quantitative ALE, 19-agent workforce, Irongate DMZ, immutable evidence — not checkbox + chat wrapper |
| Enterprise GRC | ServiceNow IRM, RSA Archer, MetricStream, Optro | Transparent flat annual fee, faster time-to-value, agentic system-of-action without multi-month SI engagement |
| Aggressive entry | Risk Cognizance (~$6/user/mo) | We do not compete on cheapest seat — we compete on architectural integrity and CFO-defensible ROSI |
Full analysis: Competitive Analysis · Competitive landscape
Value-based justification (sales narrative)
Use in board/CFO conversations — validate with design-partner metrics before external hard claims:
| Value lever | Target narrative | Evidence source |
|---|---|---|
| Manual compliance reduction | Up to ~80% reduction in spreadsheet re-key labor | Pilot time-study (TBD) |
| Audit defensibility | Up to ~40% reduction in billable audit prep hours | Immutable ledger + Ironquery exports (TBD) |
| Financial risk clarity | ROSI in integer cents for board packs | Irontrust ALE baselines (Medshield $11.1M, etc.) |
| Time-to-value | Weeks vs multi-month legacy GRC implementations | Onboarding + checkout provision path |
Deferred billing dimensions (Phase 3 — not GA)
These remain documented but unpriced until metered reconciliation ships:
| Dimension | Notes |
|---|---|
| Export volume overage | Beyond tier quota — BigInt cents per export batch |
| WORM storage | GB-month sealed evidence (Epic 12 GA) |
| Agent orchestration meter | Sovereign bus cycles (Epic 10+) |
| Ironbloom physical overage | kWh/L/km above included envelope — reconciled from existing physical telemetry tables, not a separate “metric log” SKU |
Formula (Phase 3): totalInvoiceCents = basePriceCents + (overageUnits × overageRateCents) — pure BigInt, no float.
Promotions (internal)
- GA pilot: 90-day shadow-plane tenant + integration report
- Audit season: Bundled Ironquery export hours with Fintech Seed Gate
- Energy vertical: Gridcore template + carbon pulse setup waived on Series A Growth Shield
Procurement notes
- SOC 2 / ISO mapping: Security & Compliance
- Data residency: Supabase region selection at contract
- SLA: tied to Vercel/Supabase enterprise agreements when applicable
- Billing hold UX:
/account/billing-hold· checkout viaNEXT_PUBLIC_STRIPE_COMMAND_TIER_CHECKOUT_URL