Skip to main content

Proof before pricing

What you receive with ProvenanceOS

Every claim below maps to a code path that ships today. No fabricated customer logos, no testimonials — we are early access and we say so.

Interactive sample report

A completed provenance scan with confidence score, AI-origin distribution, evidence signals, dependency lineage, and a policy decision. Labeled “Example” so it is never mistaken for live data.

Example
Provenance scan — github.com/acme/payments-service @ main

Provenance confidence

87/ 100

87%

Source provenance

Illustrative — rolling out
Human 62%AI-assisted 28%AI-generated 10%

Top evidence signals

  • Dependency manifest resolved (npm)94%
  • Known vulnerability match (OSV.dev)91%
  • Repository metadata + commit history88%
  • AI-origin stylometric signal (47-signal)Illustrative — rolling out72%

Dependency lineage

Available now

47 dependencies traced across npm + PyPI

3 known vulnerabilities matched (OSV.dev) · 1 high · 2 medium

Policy decision

Pass0 policy violations

Block critical-severity dependencies on release branches

Illustrative — rolling out

Signed evidence ID

EV-2026-07-11-A1B2C3

2026-07-11T14:32:00Z

What you receive in the first 15 minutes

  • Authenticated scan intake (archive upload or repository URL)
  • Durable queued job tracking with job ID + status
  • Repository metadata extraction (branch, commit, manifest discovery)
  • Dependency resolution across npm + PyPI (commits #34/#36)
  • Known-vulnerability match against OSV.dev with severity counts
  • Exportable job status + scan summary

Architecture & data flow

What ships today (Loop A intake + Loop B1 metadata + real dependency/vulnerability analysis). Source-analysis worker (B2) is planned.

Browser/app/scans/new/api/scan/uploadauth · validate · sha256scan_jobsdurable queue (RLS)Worker (Loop B1)metadata + dep/vuln analysisResultsdeps · vulns · job statusSource analysis (B2)AI-origin 47-signal · plannedSolid = ships today · Dashed = planned (Loop B2)

Sample policy decision

rule: block-critical-deps-on-releasePass

0 policy violations · 0 critical-severity dependencies on the release branch.

Example — the policy engine (log & warn) is rolling out; this shows the shape of a decision it will produce.

Download sample compliance report

A redacted, audit-ready PDF export of the sample report above. Available once the compliance-report artifact is wired (Sprint 4) — until then, request early access and we will share a preview under NDA.

Download sample report (PDF) — coming soon

Founder credibility

ProvenanceOS is built by Edward Brooks, an AV systems engineer and software builder. Read the founder profile and the legal/operator relationship with Developer312 on the About page.

Provenance intelligence,
priced to scale

Plans published for transparency. Self-serve signup opens as each phase reaches general availability.

SOC 2 Ready

Built to SOC 2 controls — Type II certification in progress

AES-256

Encryption at rest

TLS 1.3

In transit

Scan intake is live now; AI-origin scoring, lineage, policy, and compliance reports are rolling out in phases.

Launch

For growing teams that need provenance tracking and compliance basics.

$299/mo

Available now

  • Authenticated repository / archive scan intake
  • Queued job tracking with job ID + status
  • Repository metadata history (branch, commit, manifest discovery)
  • Email support

Included as released

  • AI-origin detection (47 signals) — rolling out
  • npm / PyPI / Maven dependency lineage — coming at GA
  • Policy engine (log & warn actions) — rolling out
  • SOC 2 compliance reports — rolling out

Usage limits

  • Up to 10 repositories
  • Up to 50 scans / month (Edward to confirm)
  • Up to 5 users (Edward to confirm seat count)
  • Metadata retained for the life of the account
Request Launch access
Most popular

Growth

For scaling organizations that need full policy enforcement and multi-standard reporting.

$999/mo

Available now

  • Everything available now in Launch, plus:
  • Priority email support

Included as released

  • Policy engine (block & require-review actions) — coming at GA
  • EU AI Act & GDPR compliance reports — coming at GA
  • SBOM generation & validation — coming at GA
  • Slack & webhook integrations — coming at GA

Usage limits

  • Up to 50 repositories
  • Up to 250 scans / month (Edward to confirm)
  • Up to 25 users (Edward to confirm seat count)
  • Metadata retained for the life of the account
Book a technical demo

Control

For enterprises that need SLSA Level 3 provenance, custom policies, and dedicated support.

$2,500/mo

Available now

  • Everything available now in Growth, plus:
  • Direct founder access

Included as released

  • Custom policy rules engine — rolling out

Requires enterprise review

  • SLSA Level 3 provenance attestation — requires enterprise review
  • HIPAA compliance reports — requires enterprise review
  • SSO / SAML (Okta, Azure AD, Google) — requires enterprise review
  • High-availability infrastructure — requires enterprise review

Usage limits

  • Unlimited repositories
  • Custom scans / month (Edward to confirm)
  • Custom seat count (Edward to confirm)
  • Custom retention windows per enterprise agreement
Contact enterprise sales

Plan comparison

Side-by-side usage limits, retention, support, and contractual terms. Values marked Edward to confirm are pending operator confirmation — the qualitative state (what is limited, what is retained, what is included as released) is accurate today.

Capability / limitLaunchGrowthControl
RepositoriesUp to 10 repositoriesUp to 50 repositoriesUnlimited repositories
Scans / monthUp to 50 scans/month (Edward to confirm)Up to 250 scans/month (Edward to confirm)Custom (Edward to confirm based on engagement)
Users / seatsUp to 5 users (Edward to confirm seat count)Up to 25 users (Edward to confirm seat count)Custom seat count (Edward to confirm)
Data retentionRepository metadata retained for the life of the account; derived signals retained with the scan job. Edward to confirm the exact window.Same as Launch: metadata retained for the life of the account; signals retained with the scan job. Edward to confirm the exact window.Custom retention windows per the enterprise agreement. Edward to confirm the contracted window.
Report retention / exportCustomer-controlled. You can delete a report at any time; export retains your copy. Edward to confirm export limits.Customer-controlled, with priority export. Edward to confirm export limits and retention after deletion.Custom report retention + export terms per the enterprise agreement. Edward to confirm.
Overage behaviorOverage is not sold on the Launch plan. When the repository or scan limit is reached, new scans are queued until the next cycle or until you upgrade. Edward to confirm overage pricing.Overage scans are billed at a per-scan rate on Growth. Edward to confirm the overage rate and cap.Overage is contracted per engagement; no per-scan overage on Control. Edward to confirm the terms.
Trial feature availabilityNot applicable in the early-access state — self-serve signup and paid trials are not open yet. Join the waitlist to be notified when trials open.Not applicable in the early-access state. Edward to confirm which Growth features are trial-accessible when trials open.Not applicable — Control is a sales-led engagement with a scoped proof-of-value period instead of a self-serve trial. Edward to confirm the proof-of-value terms.
Onboarding / implementation feeNo onboarding fee on the Launch plan. Edward to confirm.No onboarding fee on Growth; a guided setup call is included. Edward to confirm.Implementation fee is scoped per engagement and may be waived for design partners. Edward to confirm.
Cancellation timingCancel anytime; changes take effect at the end of the current billing cycle. Edward to confirm the notice window.Cancel anytime; changes take effect at the end of the current billing cycle. Edward to confirm the notice window.Annual contract; cancellation terms are scoped per engagement. Edward to confirm the renewal and exit terms.
SLA applicabilityNo contractual SLA on the Launch plan. The platform is operated to SOC 2 controls; a formal SLA is available on Control. Edward to confirm.No contractual SLA on Growth. A formal SLA is available on Control. Edward to confirm.Contractual SLA is included on Control. Edward to confirm the uptime, response, and resolution targets.
Support hours + time zoneEmail support, business hours (Edward to confirm time zone and response window).Priority email support, business hours (Edward to confirm time zone and response window).Direct founder access + dedicated support, extended hours (Edward to confirm time zone and coverage).
SSO availability timingSSO/SAML is planned for a future phase and is not included in the Launch plan at GA. Edward to confirm the SSO roadmap window.SSO/SAML is planned for a future phase and is not included in the Growth plan at GA. Edward to confirm the SSO roadmap window.SSO/SAML is included on Control when the SSO phase ships. Edward to confirm the delivery window in the enterprise agreement.
Data residency optionsSingle-region hosting today; multi-region data residency is not yet available. Edward to confirm the primary region.Single-region hosting today; multi-region data residency is a roadmap item. Edward to confirm.Data residency is scoped per engagement; a single-tenant VPC is a roadmap item. Edward to confirm available regions.
Future features contractually includedRoadmap capabilities (AI-origin scoring, dependency lineage, policy enforcement, compliance reports) are included as released at no extra charge during early access. Edward to confirm the contractual inclusion terms.Roadmap capabilities included as released, same as Launch. Edward to confirm the contractual inclusion terms.Roadmap capabilities are contractually included as released under the enterprise agreement. Edward to confirm the inclusion terms.
Compliance statusBuilt to SOC 2 controls — Type II certification in progress

Need Enterprise?

Custom pricing, annual contracts, dedicated support, and procurement-friendly terms for organizations with advanced security and compliance requirements.

Contact salesExplore features

Billing and usage FAQ

How do I get access?

ProvenanceOS is rolling out in phases. Join the launch waitlist to get notified as each phase ships — including AI-origin scoring, dependency lineage, policy evaluation, and compliance reports. Existing teams can contact us to start a scoped early-access engagement.

When can I sign up for a paid plan?

Pricing is published for transparency, but self-serve signup is not open yet. We open paid plans as each phase reaches general availability. Join the waitlist to be first in line when self-serve opens.

What counts as a repository for pricing?

A repository is a single source repository (for example, github.com/acme/payments-service) that you scan under one ProvenanceOS account. A repository counts against your plan limit once you create a scan job for it; rescanning the same repository does not consume an additional slot.

What are the scan and compute limits?

Scan limits are scoped per plan (Launch: up to 50 scans/month; Growth: up to 250 scans/month; Control: custom). Each scan is one queued analysis job. Overage behavior differs per plan — see the plan comparison table below. Edward to confirm the exact scan caps and overage rates.

What are the user / seat limits?

Each plan includes a seat count (Launch: up to 5 users; Growth: up to 25 users; Control: custom). Edward to confirm the seat counts before self-serve opens. Control seats are scoped per the enterprise agreement.

What is the data retention and report retention policy?

Repository metadata is retained for the life of the account so job history is queryable. Derived signals are retained with the scan job. Reports are customer-controlled — you can delete a report at any time and export retains your copy. See the /security data-processing table for the full retention policy. Edward to confirm exact windows.

What happens if I exceed a usage limit (overage)?

On Launch, overage is not sold — new scans queue until the next cycle or until you upgrade. On Growth, overage scans are billed at a per-scan rate. On Control, overage is contracted per engagement. Edward to confirm the overage rates and caps.

What trial features are available, and when do trials expire?

Not applicable in the early-access state — self-serve signup and paid trials are not open yet. When trials open, the trial will include the capabilities available at GA at that time. Edward to confirm the trial expiration behavior when self-serve opens.

Are there onboarding or implementation fees?

No onboarding fee on Launch or Growth; a guided setup call is included on Growth. On Control, the implementation fee is scoped per engagement and may be waived for design partners. Edward to confirm the implementation-fee schedule.

When can I cancel, and how does cancellation timing work?

On Launch and Growth, cancel anytime; changes take effect at the end of the current billing cycle. On Control, cancellation terms are scoped per the annual enterprise agreement. Edward to confirm the notice windows.

Is an SLA included?

No contractual SLA on Launch or Growth. A formal SLA is included on Control. The platform is operated to SOC 2 controls regardless of plan. Edward to confirm the Control SLA targets (uptime, response, resolution).

What are the support hours and time zone?

Launch: email support, business hours. Growth: priority email support, business hours. Control: direct founder access + dedicated support, extended hours. Edward to confirm the time zone and response windows.

When will SSO / SAML be available?

SSO / SAML is planned for a future phase and is included on Control when the SSO phase ships. It is not included in Launch or Growth at GA. Edward to confirm the SSO roadmap window.

What data residency options are available?

Single-region hosting today; multi-region data residency is a roadmap item. Control engagements can scope data residency per contract. Edward to confirm the primary region and available regions for Control.

Are future features contractually included?

Roadmap capabilities (AI-origin scoring, dependency lineage, policy enforcement, compliance reports) are included as released at no extra charge during early access. Edward to confirm the contractual inclusion terms in the paid-plan agreement.

Can I switch plans later?

Yes. When self-serve opens, you can upgrade or downgrade at any time. Changes take effect on your next billing cycle.

Do you offer discounts for startups or nonprofits?

Yes. Contact us at hello@developer312.com for startup and nonprofit pricing.

What's the Enterprise plan?

Enterprise is for organizations with custom procurement, security review, or data residency requirements. Pricing is annual-only and determined per engagement. Contact sales to get started.

Is my code data secure?

Source content may be processed transiently to compute provenance signals and is never retained — there is no stored repository mirror. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Built to SOC 2 controls — Type II certification in progress.

How ProvenanceOS processes your data

ProvenanceOS may process source content transiently to calculate provenance signals. Source files are not retained after processing, are not used to train models, and are not stored as a repository mirror. We retain only the account, job, repository metadata, derived signals, policy outcomes, and reports needed to provide the service.

Data typeProcessedRetainedRetentionThird-party access
Source files[data-handling:Source files]Yes, transiently. Archive uploads are SHA-256 hashed for integrity; source content is not stored as a repository mirror.NoDeleted after job completion/failure window. Archive bytes are never persisted; only the hash is stored on the scan job.No third-party access to source content. Processing runs in ProvenanceOS infrastructure. (Subprocessor list: see /security.)
Repository metadata[data-handling:Repository metadata]Yes. Repository URL, provider, default branch, and commit reference are read to create a durable scan job.YesRetained for the life of the account so job history is queryable. Deleted on account deletion. Edward to confirm exact retention window.Hosted on InsForge (managed Postgres). No source content is sent to third parties.
Derived signals[data-handling:Derived signals]Yes. Provenance signals (AI-origin indicators, confidence scores, policy outcomes) are computed as each enabled capability completes.YesRetained with the scan job so results remain queryable and exportable. Deleted with the job or on account deletion. Edward to confirm exact window.Stored in ProvenanceOS infrastructure (InsForge managed Postgres). Not shared with third parties.
Reports[data-handling:Reports]Yes. Audit-ready compliance and provenance reports are generated from derived signals as report generation rolls out.YesCustomer-controlled. You can delete a report at any time; export retains your copy. Deleted on account deletion.Only when you explicitly export or share a report. No automatic third-party access.
Credentials/tokens[data-handling:Credentials/tokens]Yes. OAuth tokens for repository providers are stored to read repository metadata on your behalf.Yes, encryptedRetained until you revoke the connection or delete your account. Revocation removes the token immediately.Stored in managed secret storage (InsForge). Provider tokens are used only to read repository metadata you have authorized.

Still have questions? Contact our team

Be the first to know when each phase ships

ProvenanceOS is rolling out in phases. Get launch updates as AI-origin scoring, lineage, policy, and compliance reports come online.

Get launch updates

We value your privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more