Proof before pricing
What you receive with ProvenanceOS
Every claim below maps to a code path that ships today. No fabricated customer logos, no testimonials — we are early access and we say so.
Interactive sample report
A completed provenance scan with confidence score, AI-origin distribution, evidence signals, dependency lineage, and a policy decision. Labeled “Example” so it is never mistaken for live data.
Provenance confidence
87%
Source provenance
Illustrative — rolling outTop evidence signals
- Dependency manifest resolved (npm)94%
- Known vulnerability match (OSV.dev)91%
- Repository metadata + commit history88%
- AI-origin stylometric signal (47-signal)Illustrative — rolling out72%
Dependency lineage
Available now47 dependencies traced across npm + PyPI
3 known vulnerabilities matched (OSV.dev) · 1 high · 2 medium
Policy decision
Pass — 0 policy violations
Block critical-severity dependencies on release branches
Signed evidence ID
EV-2026-07-11-A1B2C3
2026-07-11T14:32:00Z
What you receive in the first 15 minutes
- Authenticated scan intake (archive upload or repository URL)
- Durable queued job tracking with job ID + status
- Repository metadata extraction (branch, commit, manifest discovery)
- Dependency resolution across npm + PyPI (commits #34/#36)
- Known-vulnerability match against OSV.dev with severity counts
- Exportable job status + scan summary
Architecture & data flow
What ships today (Loop A intake + Loop B1 metadata + real dependency/vulnerability analysis). Source-analysis worker (B2) is planned.
Sample policy decision
0 policy violations · 0 critical-severity dependencies on the release branch.
Example — the policy engine (log & warn) is rolling out; this shows the shape of a decision it will produce.
Download sample compliance report
A redacted, audit-ready PDF export of the sample report above. Available once the compliance-report artifact is wired (Sprint 4) — until then, request early access and we will share a preview under NDA.
Download sample report (PDF) — coming soonFounder credibility
ProvenanceOS is built by Edward Brooks, an AV systems engineer and software builder. Read the founder profile and the legal/operator relationship with Developer312 on the About page.
Provenance intelligence,
priced to scale
Plans published for transparency. Self-serve signup opens as each phase reaches general availability.
SOC 2 Ready
Built to SOC 2 controls — Type II certification in progress
AES-256
Encryption at rest
TLS 1.3
In transit
Scan intake is live now; AI-origin scoring, lineage, policy, and compliance reports are rolling out in phases.
Launch
For growing teams that need provenance tracking and compliance basics.
Available now
- Authenticated repository / archive scan intake
- Queued job tracking with job ID + status
- Repository metadata history (branch, commit, manifest discovery)
- Email support
Included as released
- AI-origin detection (47 signals) — rolling out
- npm / PyPI / Maven dependency lineage — coming at GA
- Policy engine (log & warn actions) — rolling out
- SOC 2 compliance reports — rolling out
Usage limits
- Up to 10 repositories
- Up to 50 scans / month (Edward to confirm)
- Up to 5 users (Edward to confirm seat count)
- Metadata retained for the life of the account
Growth
For scaling organizations that need full policy enforcement and multi-standard reporting.
Available now
- Everything available now in Launch, plus:
- Priority email support
Included as released
- Policy engine (block & require-review actions) — coming at GA
- EU AI Act & GDPR compliance reports — coming at GA
- SBOM generation & validation — coming at GA
- Slack & webhook integrations — coming at GA
Usage limits
- Up to 50 repositories
- Up to 250 scans / month (Edward to confirm)
- Up to 25 users (Edward to confirm seat count)
- Metadata retained for the life of the account
Control
For enterprises that need SLSA Level 3 provenance, custom policies, and dedicated support.
Available now
- Everything available now in Growth, plus:
- Direct founder access
Included as released
- Custom policy rules engine — rolling out
Requires enterprise review
- SLSA Level 3 provenance attestation — requires enterprise review
- HIPAA compliance reports — requires enterprise review
- SSO / SAML (Okta, Azure AD, Google) — requires enterprise review
- High-availability infrastructure — requires enterprise review
Usage limits
- Unlimited repositories
- Custom scans / month (Edward to confirm)
- Custom seat count (Edward to confirm)
- Custom retention windows per enterprise agreement
Plan comparison
Side-by-side usage limits, retention, support, and contractual terms. Values marked Edward to confirm are pending operator confirmation — the qualitative state (what is limited, what is retained, what is included as released) is accurate today.
| Capability / limit | Launch | Growth | Control |
|---|---|---|---|
| Repositories | Up to 10 repositories | Up to 50 repositories | Unlimited repositories |
| Scans / month | Up to 50 scans/month (Edward to confirm) | Up to 250 scans/month (Edward to confirm) | Custom (Edward to confirm based on engagement) |
| Users / seats | Up to 5 users (Edward to confirm seat count) | Up to 25 users (Edward to confirm seat count) | Custom seat count (Edward to confirm) |
| Data retention | Repository metadata retained for the life of the account; derived signals retained with the scan job. Edward to confirm the exact window. | Same as Launch: metadata retained for the life of the account; signals retained with the scan job. Edward to confirm the exact window. | Custom retention windows per the enterprise agreement. Edward to confirm the contracted window. |
| Report retention / export | Customer-controlled. You can delete a report at any time; export retains your copy. Edward to confirm export limits. | Customer-controlled, with priority export. Edward to confirm export limits and retention after deletion. | Custom report retention + export terms per the enterprise agreement. Edward to confirm. |
| Overage behavior | Overage is not sold on the Launch plan. When the repository or scan limit is reached, new scans are queued until the next cycle or until you upgrade. Edward to confirm overage pricing. | Overage scans are billed at a per-scan rate on Growth. Edward to confirm the overage rate and cap. | Overage is contracted per engagement; no per-scan overage on Control. Edward to confirm the terms. |
| Trial feature availability | Not applicable in the early-access state — self-serve signup and paid trials are not open yet. Join the waitlist to be notified when trials open. | Not applicable in the early-access state. Edward to confirm which Growth features are trial-accessible when trials open. | Not applicable — Control is a sales-led engagement with a scoped proof-of-value period instead of a self-serve trial. Edward to confirm the proof-of-value terms. |
| Onboarding / implementation fee | No onboarding fee on the Launch plan. Edward to confirm. | No onboarding fee on Growth; a guided setup call is included. Edward to confirm. | Implementation fee is scoped per engagement and may be waived for design partners. Edward to confirm. |
| Cancellation timing | Cancel anytime; changes take effect at the end of the current billing cycle. Edward to confirm the notice window. | Cancel anytime; changes take effect at the end of the current billing cycle. Edward to confirm the notice window. | Annual contract; cancellation terms are scoped per engagement. Edward to confirm the renewal and exit terms. |
| SLA applicability | No contractual SLA on the Launch plan. The platform is operated to SOC 2 controls; a formal SLA is available on Control. Edward to confirm. | No contractual SLA on Growth. A formal SLA is available on Control. Edward to confirm. | Contractual SLA is included on Control. Edward to confirm the uptime, response, and resolution targets. |
| Support hours + time zone | Email support, business hours (Edward to confirm time zone and response window). | Priority email support, business hours (Edward to confirm time zone and response window). | Direct founder access + dedicated support, extended hours (Edward to confirm time zone and coverage). |
| SSO availability timing | SSO/SAML is planned for a future phase and is not included in the Launch plan at GA. Edward to confirm the SSO roadmap window. | SSO/SAML is planned for a future phase and is not included in the Growth plan at GA. Edward to confirm the SSO roadmap window. | SSO/SAML is included on Control when the SSO phase ships. Edward to confirm the delivery window in the enterprise agreement. |
| Data residency options | Single-region hosting today; multi-region data residency is not yet available. Edward to confirm the primary region. | Single-region hosting today; multi-region data residency is a roadmap item. Edward to confirm. | Data residency is scoped per engagement; a single-tenant VPC is a roadmap item. Edward to confirm available regions. |
| Future features contractually included | Roadmap capabilities (AI-origin scoring, dependency lineage, policy enforcement, compliance reports) are included as released at no extra charge during early access. Edward to confirm the contractual inclusion terms. | Roadmap capabilities included as released, same as Launch. Edward to confirm the contractual inclusion terms. | Roadmap capabilities are contractually included as released under the enterprise agreement. Edward to confirm the inclusion terms. |
| Compliance status | Built to SOC 2 controls — Type II certification in progress | ||
Need Enterprise?
Custom pricing, annual contracts, dedicated support, and procurement-friendly terms for organizations with advanced security and compliance requirements.
Contact salesExplore featuresBilling and usage FAQ
How do I get access?
ProvenanceOS is rolling out in phases. Join the launch waitlist to get notified as each phase ships — including AI-origin scoring, dependency lineage, policy evaluation, and compliance reports. Existing teams can contact us to start a scoped early-access engagement.
When can I sign up for a paid plan?
Pricing is published for transparency, but self-serve signup is not open yet. We open paid plans as each phase reaches general availability. Join the waitlist to be first in line when self-serve opens.
What counts as a repository for pricing?
A repository is a single source repository (for example, github.com/acme/payments-service) that you scan under one ProvenanceOS account. A repository counts against your plan limit once you create a scan job for it; rescanning the same repository does not consume an additional slot.
What are the scan and compute limits?
Scan limits are scoped per plan (Launch: up to 50 scans/month; Growth: up to 250 scans/month; Control: custom). Each scan is one queued analysis job. Overage behavior differs per plan — see the plan comparison table below. Edward to confirm the exact scan caps and overage rates.
What are the user / seat limits?
Each plan includes a seat count (Launch: up to 5 users; Growth: up to 25 users; Control: custom). Edward to confirm the seat counts before self-serve opens. Control seats are scoped per the enterprise agreement.
What is the data retention and report retention policy?
Repository metadata is retained for the life of the account so job history is queryable. Derived signals are retained with the scan job. Reports are customer-controlled — you can delete a report at any time and export retains your copy. See the /security data-processing table for the full retention policy. Edward to confirm exact windows.
What happens if I exceed a usage limit (overage)?
On Launch, overage is not sold — new scans queue until the next cycle or until you upgrade. On Growth, overage scans are billed at a per-scan rate. On Control, overage is contracted per engagement. Edward to confirm the overage rates and caps.
What trial features are available, and when do trials expire?
Not applicable in the early-access state — self-serve signup and paid trials are not open yet. When trials open, the trial will include the capabilities available at GA at that time. Edward to confirm the trial expiration behavior when self-serve opens.
Are there onboarding or implementation fees?
No onboarding fee on Launch or Growth; a guided setup call is included on Growth. On Control, the implementation fee is scoped per engagement and may be waived for design partners. Edward to confirm the implementation-fee schedule.
When can I cancel, and how does cancellation timing work?
On Launch and Growth, cancel anytime; changes take effect at the end of the current billing cycle. On Control, cancellation terms are scoped per the annual enterprise agreement. Edward to confirm the notice windows.
Is an SLA included?
No contractual SLA on Launch or Growth. A formal SLA is included on Control. The platform is operated to SOC 2 controls regardless of plan. Edward to confirm the Control SLA targets (uptime, response, resolution).
What are the support hours and time zone?
Launch: email support, business hours. Growth: priority email support, business hours. Control: direct founder access + dedicated support, extended hours. Edward to confirm the time zone and response windows.
When will SSO / SAML be available?
SSO / SAML is planned for a future phase and is included on Control when the SSO phase ships. It is not included in Launch or Growth at GA. Edward to confirm the SSO roadmap window.
What data residency options are available?
Single-region hosting today; multi-region data residency is a roadmap item. Control engagements can scope data residency per contract. Edward to confirm the primary region and available regions for Control.
Are future features contractually included?
Roadmap capabilities (AI-origin scoring, dependency lineage, policy enforcement, compliance reports) are included as released at no extra charge during early access. Edward to confirm the contractual inclusion terms in the paid-plan agreement.
Can I switch plans later?
Yes. When self-serve opens, you can upgrade or downgrade at any time. Changes take effect on your next billing cycle.
Do you offer discounts for startups or nonprofits?
Yes. Contact us at hello@developer312.com for startup and nonprofit pricing.
What's the Enterprise plan?
Enterprise is for organizations with custom procurement, security review, or data residency requirements. Pricing is annual-only and determined per engagement. Contact sales to get started.
Is my code data secure?
Source content may be processed transiently to compute provenance signals and is never retained — there is no stored repository mirror. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Built to SOC 2 controls — Type II certification in progress.
How ProvenanceOS processes your data
ProvenanceOS may process source content transiently to calculate provenance signals. Source files are not retained after processing, are not used to train models, and are not stored as a repository mirror. We retain only the account, job, repository metadata, derived signals, policy outcomes, and reports needed to provide the service.
| Data type | Processed | Retained | Retention | Third-party access |
|---|---|---|---|---|
| Source files[data-handling:Source files] | Yes, transiently. Archive uploads are SHA-256 hashed for integrity; source content is not stored as a repository mirror. | No | Deleted after job completion/failure window. Archive bytes are never persisted; only the hash is stored on the scan job. | No third-party access to source content. Processing runs in ProvenanceOS infrastructure. (Subprocessor list: see /security.) |
| Repository metadata[data-handling:Repository metadata] | Yes. Repository URL, provider, default branch, and commit reference are read to create a durable scan job. | Yes | Retained for the life of the account so job history is queryable. Deleted on account deletion. Edward to confirm exact retention window. | Hosted on InsForge (managed Postgres). No source content is sent to third parties. |
| Derived signals[data-handling:Derived signals] | Yes. Provenance signals (AI-origin indicators, confidence scores, policy outcomes) are computed as each enabled capability completes. | Yes | Retained with the scan job so results remain queryable and exportable. Deleted with the job or on account deletion. Edward to confirm exact window. | Stored in ProvenanceOS infrastructure (InsForge managed Postgres). Not shared with third parties. |
| Reports[data-handling:Reports] | Yes. Audit-ready compliance and provenance reports are generated from derived signals as report generation rolls out. | Yes | Customer-controlled. You can delete a report at any time; export retains your copy. Deleted on account deletion. | Only when you explicitly export or share a report. No automatic third-party access. |
| Credentials/tokens[data-handling:Credentials/tokens] | Yes. OAuth tokens for repository providers are stored to read repository metadata on your behalf. | Yes, encrypted | Retained until you revoke the connection or delete your account. Revocation removes the token immediately. | Stored in managed secret storage (InsForge). Provider tokens are used only to read repository metadata you have authorized. |
Still have questions? Contact our team
Be the first to know when each phase ships
ProvenanceOS is rolling out in phases. Get launch updates as AI-origin scoring, lineage, policy, and compliance reports come online.
Get launch updates