Acrossed
Start free

Pricing

Three plans. No surprises.

Every plan includes HMAC-signed responses, AES-256 encrypted rule storage, and sub-ms decisions. You're paying for volume and concurrent rules — never for the security itself.

Pricing

Simple, predictable, no usage surprises.

Every plan includes the full security stack — HMAC, AES-256, sub-ms decisions. You're paying for volume and the number of rules, not for the protections. Hit your monthly cap and we return 402 with an upgrade link instead of failing your app open or closed.

Free

Drop Acrossed in front of one app and try it.

$0forever
  • 10,000 decisions / month
  • Up to 5 active rules
  • Default .acrsd.dev subdomain with TLS
  • AES-256-GCM encrypted rule storage
  • HMAC-SHA256 signed responses
  • JS, Python, and Go SDKs
Start free

Pro

Popular

For production apps that need headroom and custom hosts.

$29per month
  • 1,000,000 decisions / month
  • Up to 100 active rules
  • Up to 3 custom domains with on-demand TLS
  • Country-level geo blocking
  • Per-IP rate limiting at engine speed
  • Optional bring-your-own Postgres for decision logs
  • Email support
Upgrade to Pro

Enterprise

For high-traffic apps that need volume + direct support.

$499per month
  • 100,000,000 decisions / month
  • Up to 5,000 active rules
  • Up to 50 custom domains
  • Country-level geo blocking
  • Per-IP rate limiting at engine speed
  • Bring-your-own Postgres for decision logs
  • Direct email + chat support
Contact sales

Need a custom volume? Email hello@acrossed.com.

Pricing FAQ

What happens when I exceed my monthly decision cap?
Our /check endpoint returns HTTP 402 with an upgrade link. Our SDK treats that as a deny by default so you don't accidentally let traffic through unmetered. You can flip a flag to allow on quota-exceeded if you'd rather.
Is the encryption real, or marketing?
Real. Rules and signing secrets are encrypted with AES-256-GCM before they're written to Postgres. Decryption happens once at API process startup; the plaintext lives in process memory and is never written to disk or logged.
Do you store my user traffic?
No. The /check call carries a small fingerprint — IP, method, path, a handful of headers you choose. We evaluate the rules and forget. We persist counters (decisions/month, allow/deny) for billing and your dashboard, but never the request body.
Why charge for custom domains?
Each custom domain consumes a TLS certificate slot via Let's Encrypt and a small amount of edge capacity. We cap them per plan to keep the platform cheap for everyone.
Can I downgrade?
Yes. Downgrades take effect at the end of your current billing period. Your monthly decision counter does not reset on downgrade.
Do you offer a free trial of Pro?
Free includes the full feature set — there's nothing locked behind Pro that isn't also in Free at smaller scale. So instead of a trial, we just let you build on Free until you outgrow the cap.