The Credit-Based Model: Pay Only for What You Scan
The Problem with Traditional Compliance Pricing
Compliance software has traditionally priced itself like insurance: high minimums, tiered seat counts, and opaque feature unlocks. Organizations pay for access to 50 scans per year whether they run one compliance scan or twenty. They pay for "Professional" features even if they only need three of them. The pricing structure creates friction: deploying new compliance suites requires budget justification because you're committing to another annual contract with no clear ROI metrics.
This model made sense when compliance was static and quarterly. Today, when organizations need to run compliance checks more frequently as systems change, traditional pricing becomes prohibitive. A startup that runs one scan per month pays the same as an enterprise running ten scans per week. Neither gets a transparent picture of what they're actually paying for.
Enter: The Credit-Based Model
A credit-based pricing model inverts the traditional SaaS pricing structure. Instead of paying for theoretical capacity, you pay for actual usage. One credit equals one page or configuration element assessed against one compliance suite. As your environment grows or your compliance needs expand, you consume more credits. As your environment shrinks or stabilizes, your costs decrease accordingly.
This transparency creates three immediate benefits:
- Predictable costs: You know exactly what each compliance check costs. No surprise overage charges or hidden tiers.
- Right-sizing ease: A startup can start on Starter, run a few scans per month, and scale up to Pro or Business+ without a painful budget conversation.
- Multi-suite flexibility: Organizations can enable new compliance suites (SOC 2, ISO 27001, HIPAA) without worrying that they'll face exponential price increases.
Understanding the Tiers
Starter Tier
For developers, integrators, and small teams running their first compliance scans. Includes a monthly credit allotment, one compliance suite (swappable once), and access to all the platform primitives — Evidence Locker, Determinism Ledger, signed evidence at write time.
Team Tier
For small teams that need regular compliance verification across multiple suites. Includes more credits per month, multiple user seats, unlimited compliance suites, and Slack + Microsoft Teams notification integration. Rollover credits let you save unused credits for months when you run additional scans.
Pro Tier
For mid-market organizations managing multiple compliance frameworks. Includes a significantly higher credit allotment, priority support, and advanced evidence export formats. This is where most organizations find the right fit once they're running compliance checks regularly.
Business+ Tier
For larger organizations with complex compliance footprints and multiple teams managing different frameworks. Includes dedicated support, custom reporting integrations, and BAA availability for HIPAA workloads.
Enterprise Tier
For organizations with substantial compliance requirements and need for custom integrations, white-label options, or SLA guarantees. Pricing is custom and based on your specific architecture and requirements.
How Credits Work: Concrete Example
Imagine you're a SaaS company with 500 pages of documentation to review for SOC 2 compliance, 200 cloud configurations to check, and 150 access logs to analyze. That's 850 "assessments" across one compliance framework.
On a credit model, this scan costs 850 credits. If you run this scan once per month, you consume 10,200 credits annually. On the Pro tier, you have comfortable headroom. You also enable the HIPAA suite for your healthcare customer facing features — another 300 credits per scan. Your monthly usage stays well within your plan.
Six months in, your product launches a new cloud infrastructure component. Your next scan jumps to 1,200 credits. Instead of renegotiating your plan or hitting an overage charge, you simply consume more credits from your available pool. Transparent. Predictable. No surprises.
Rollover and Flexibility
Credits don't vanish at month-end. Unused credits rollover to the next month, giving you flexibility in when you run scans. If December is typically light on compliance activity, you bank those credits and use them in January when you run your annual compliance refresh. This prevents the artificial spend pressure that traditional SaaS creates.
Which Tier for Your Organization?
The right tier depends on three variables: the number of environments you're scanning, the frequency of scans, and the number of compliance frameworks you need to cover.
- Single environment, quarterly scans, one framework? Start with Starter.
- Multiple environments, monthly scans, three frameworks? Pro is your target.
- Complex multi-region setup, weekly scans, five frameworks? Business+ or Enterprise.
Because you only pay for what you scan, the friction for expanding compliance coverage disappears. You can enable a new suite, run a few pilot scans, and add it to your regular program without a budget crisis.
Transparency Builds Trust
Compliance is hard enough without wondering if your pricing model is working against you. A credit-based model aligns your costs with your actual compliance needs. You scale up as you need to. You scale down when you don't. And you always know what you're paying for.
Ready to move away from opaque compliance pricing? Explore Acipta's credit-based model and see how much you could save with transparent, usage-based costs.
Check Out Pricing