Free for evaluation. AICVS at €49/month with 200 credits — full feature set, including the things enterprises pay six figures for. Academic plan for verified faculty.
No artificial gating between SME and Enterprise. Same product. Same SAML 2.0. Same RFC 3161 timestamping. Pay for what you produce — exports, certificates, evidence — not for which seat tier we put you in.
A credit is consumed when AICVS produces an artefact you'd take away — a scan result, a PDF, an evidence record. Viewing things on screen never consumes credits. The mental model: looking is free, taking home costs credits.
We're explicit about gating because compliance buyers are professional skeptics. The Free tier is designed to let you evaluate the product end-to-end — see findings, classify systems, browse the obligation list — but not to capture exportable, dated evidence you could use without paying. That artefact-capture is what the AICVS plan delivers.
If you only ever need to classify your system once and read the obligation list, the Free tier really is enough — and we'd rather you do that and tell a colleague than feel tricked into a subscription you didn't need.
For organisations consistently exceeding 1,000 scans per month, regulated industries needing custom DPA review, or buyers needing on-premise deployment, we run negotiated contracts. No quote calculator on the page; we give you a number after one short conversation.
hello@aicvs.ioTypical response time: same business day, Irish time.
| Feature | Free €0 · 5 credits | AICVS €49 · 200 credits | Academic €25 · 200 credits |
|---|---|---|---|
| Scanning & detection | |||
| Languages supported | 19 | 19 | 19 |
| Detection rules116+ across 6 layers | ✓ | ✓ | ✓ |
| Per-rule false-positive rates | ✓ | ✓ | ✓ |
| Context-aware severity (Annex III) | ✓ | ✓ | ✓ |
| Bulk ZIP upload | — | ✓ | ✓ |
| Compliance frameworks | |||
| EU AI Act article mappingReg (EU) 2024/1689 · 47 articles | ✓ | ✓ | ✓ |
| System classification (Annex III selector) | ✓ | ✓ | ✓ |
| ISO 42001 control mapping | ✓ | ✓ | ✓ |
| ISO 27001 + SOC 2 cross-mappingcybersecurity findings only | — | ✓ | ✓ |
| GPAI model registry (browse) | ✓ | ✓ | ✓ |
| GPAI documentation export | — | 3 credits | 3 credits |
| Conformity assessment workflow (Art.43 Module A) | — | ✓ | ✓ |
| Post-market monitoring (Art.72) | — | ✓ | ✓ |
| Incident reporting (Art.73) | — | ✓ | ✓ |
| Evidence & integrity | |||
| SHA-256 evidence chain (view) | ✓ | ✓ | ✓ |
| RFC 3161 trusted timestamp | — | ✓ | ✓ |
| PDF certificate per scan | — | 1 credit | 1 credit |
| Annex IV evidence bundle | — | 5 credits | 5 credits |
| Permanent scan record (7-year retention) | — (30 days) | ✓ | ✓ |
| Public verification page | ✓ | ✓ | ✓ |
| Identity & team | |||
| OAuth login (Google · Microsoft) | ✓ | ✓ | ✓ |
| SAML 2.0 SSO | — | ✓ | — |
| SCIM 2.0 user provisioning | — | ✓ | — |
| Six-level RBAC + admin audit log | — | ✓ | ✓ |
| API keys | 0 | 20 | 10 |
| GitHub Action | — | ✓ | ✓ |
| Slack · Jira webhooks | — | ✓ | ✓ |
| Limits & support | |||
| Monthly credit allowance | 5 | 200 | 200 |
| Maximum overage / month | — | 1,000 credits | 500 credits |
| Overage price per credit | — | €0.30 | €0.20 |
| Support | Docs · forum | Email · 24h | Email · 72h |
Compliance tooling has different buyer dynamics than productivity SaaS. A 10-person SME and a 200-person company need essentially the same features from a compliance tool: scans, evidence, mappings, PDFs. The "Enterprise tier" pattern in compliance SaaS exists mostly because legacy GRC vendors had to differentiate against each other, not because customers naturally cluster that way.
We give everyone the same product — same SAML, same RFC 3161 timestamping, same EU residency, same article mapping — and let them pay for what they actually consume. If you scan a lot and export a lot, you pay more. If you don't, you don't. That's it.
Then the Free tier really is enough, and we'd rather you do that than feel tricked into a subscription. The Annex III selector and obligation list view are free. You can read what your system needs to comply with, screenshot or copy the result, and walk away.
What you can't do on Free is generate a dated, exportable, signed compliance report you could hand to an auditor. That's what the credits buy. If you ever need that artefact, you can subscribe for one month, export, and cancel — same UX as Claude or Linear, two clicks.
Free: See findings, classify systems, view obligation lists, view evidence chains. Everything works on screen. Scans are kept for 30 days. 5 credits/month.
AICVS (€49/month): Same product plus the artefacts — export PDFs, get RFC 3161 timestamps, save scans for 7 years, bulk upload, API access, GitHub Action, SAML/SCIM, all the integrations. 200 credits/month, €0.30 per overage credit.
The principle: Free lets you evaluate. AICVS lets you produce evidence you can use.
On the AICVS plan, you can purchase overage credits at €0.30 each, up to 1,000 per billing period. You'll see your balance in the dashboard at all times; the system warns you when you reach 25%, 10%, and 0%. If you're regularly hitting overage, that's the moment to email us — we'll quote a higher-volume plan.
On the Free plan, you'll see findings up to your 5-credit limit and then be asked to upgrade to continue. Your balance resets at the start of your next billing period.
Cancel anytime, two clicks, no retention prompts, no "are you sure?" page beyond the original confirmation. Same UX as Claude or Linear.
You keep paid features until the end of your current billing period. After that, your account flips to Free — your scan history and account remain accessible, but you can't generate new artefacts without re-subscribing or buying credits.
For monthly plans, partial-month refunds are not provided (consistent with Irish consumer law for digital services). Annual plans receive a pro-rated refund within the first 14 days.
You're grandfathered. Your subscription continues at the same price; you keep all features at parity with the new AICVS plan (which means most of you actually gain features — SAML, SCIM, RFC 3161 timestamping, full conformity tooling — without paying more).
The legacy plan name will display as "Pro (Legacy)" or similar in your account. If you'd prefer to switch to the AICVS plan name, contact billing@aicvs.io; we'll move you over with no price change.
We don't have one. Deliberately.
What an Enterprise tier usually means in SaaS — SAML SSO, audit log, role-based access, 24h support, custom DPA — is on the AICVS plan at €49/month. There's no artificial gating designed to push you up a ladder.
If your needs are genuinely beyond what one paid plan covers — sustained 1,000+ scans/month, on-premise deployment, regulator-facing audit support, named CSM — email hello@aicvs.io and we'll quote a custom contract. Most of those conversations end up with a multiple of the standard plan and clear scope, not a per-seat licence.
No. Files are read into memory, analysed, and immediately discarded. We store only scan metadata — filename (sanitised), score, findings, article references, SHA-256 hash, timestamp.
The hash proves a specific file was scanned at a specific time. It does not let us reconstruct the file. All processing happens in EU infrastructure (Render Frankfurt + Supabase EU-West-1) under GDPR and supervised by the Irish Data Protection Commission.
Filenames you submit can sometimes contain personal data (e.g. a developer name in a path). Filenames are sanitised on upload but the basename is stored. Where possible, submit non-sensitive filenames.
Privacy Notice · §5 — Source Code Special HandlingStripe — credit/debit card, SEPA Direct Debit (for EU customers), Apple Pay, Google Pay. Annual billing available with 17% discount; email billing@aicvs.io for invoiced annual contracts.
Because we wanted to be honest about who the product is for. AICVS is built for SMEs and mid-size SaaS companies — the segment most often excluded by enterprise compliance tools' five-figure entry pricing. €49/month is what an in-house compliance officer can approve without going through procurement.
If you want enterprise-pricing behaviour — quotes, RFPs, multi-year discounts, named CSM — that's available via custom contract. But the page price is the page price. No dark-pattern "starting at €49 but actually €499 once you find out what's gated."
Start with 5 free credits this month. Run a scan, see the findings, classify your system. If the product is what you need, the upgrade path is two clicks.