Enterprise

The Enterprise tier adds the controls large organizations actually get blocked on: identity, data governance, isolation, and contractual guarantees. The API surface is identical — these are platform-level controls, not API forks.

Identity and access

• ↳SAML / OIDC SSO with enforced session policies
• ↳SCIM provisioning — joiners, movers, leavers sync from your IdP
• ↳Role-based access: owner, admin, developer, auditor (read-only, audit log included)
• ↳Per-project key policies — mandatory expiry, scope ceilings, IP allowlists

Data governance

• ↳Region pinning per project (US, EU, IN at launch) with no cross-region replication
• ↳Configurable retention windows for traces and files, down to 24 hours
• ↳Customer-managed encryption keys (CMEK) via your KMS
• ↳Zero training on customer data — contractual, not just policy
• ↳Export-everything APIs: graph, traces, audit log, on demand

Isolation and scale

Enterprise projects run on dedicated compute pools — no shared GPU residency with other tenants — with custom rate limits and reserved deep-run concurrency. Self-hosting (see /docs/self-hosting) is the further step when even dedicated pools are not enough.

Support and guarantees