Pricing

The Ratify Protocol is Apache-2.0 open source and free forever — every SDK, every primitive, every cryptographic interface. Running your own verifier with the open SDKs costs you nothing and never will.

Ratify Verify is the managed layer maintained by Identities AI. It exists for teams who don’t want to run their own verifier infrastructure, want compliance-grade audit chains, or need to deploy in sovereign / regulated environments. It is sold across four motions, each with a different shape, a different buyer, and a different commitment level.

The four motions

Motion	What it is	Who buys it	Commitment	Price
Open Protocol	The protocol, the spec, and five open SDKs	Anyone	None	Free, forever
Verify Operational	Managed verifier endpoint, hosted Policy Studio, push revocation, integration adapters	Engineering teams putting Ratify into production	Pay-as-you-go	$0.002 / verification (orgs: $50/mo minimum; personal workspaces: no minimum)
Verify Trust	Signed-receipt audit chain, anchor-bound identity, custom constraint registry, SOC2/ISO evidence	Compliance officers, CTOs, regulated industries	Annual contract	From $30,000 / year
Verify Sovereign	Licensed self-hosted Verify control plane, no phone-home, customer-owned keys	EU institutions, federal / defense, regulated finance, healthcare with strict residency	Annual license	From $50,000 / year

Cutting across all four motions is one horizontal capability — the Platform Registry — which is free for any platform that wants to publish a verifiable identity in the Ratify ecosystem. It’s a Plaid-style directory, not a tier. See the dedicated section below the four motions.

Each motion is explicit about what it enables and what it doesn’t. There is no tier ladder to climb — you choose the motion that matches what you’re actually doing, and you can combine them (a customer can be on Operational for day-to-day usage and Sovereign for one regulated workload at the same time).

Surfaces — all four available on all motions

All four adapter surfaces are available to every Verify motion. What changes between motions is the evidence and compliance layer on top — not which surfaces you can access.

Surface	What it authorizes	Example platforms
Meetings	AI agents in structured, multi-party sessions	Zoom, Teams, Google Meet
Conversational AI	AI agents in real-time conversations — voice or video	Bland, Retell, Vapi, ElevenLabs, HeyGen, Tavus
Agentic API	AI agents making programmatic calls via MCP, A2A, REST	Any MCP server, A2A agent, REST API
Physical AI	Embodied AI agents in the physical world	Drones, robots, vehicles, infrastructure

Voice and video are unified under Conversational AI — the authorization model is identical whether the channel is audio or video. Platforms like HeyGen and Tavus (real-time video avatars) and Bland or Retell (voice agents) both fit here. The channel is an adapter configuration detail, not a product distinction.

Capability matrix

	Verify Operational	Verify Trust	Verify Sovereign
All 4 surfaces	✓	✓	✓
All policy modes (Observe / Notify / Challenge / Lock)	✓	✓	✓
Audit retention	30 days	365 days	Customer-defined
Signed VerificationReceipts	—	✓	✓
Anchor-bound identity in audit	—	✓	✓
Custom constraint registry	—	✓	✓
SOC2 / ISO evidence export	—	✓	✓
SAML / SSO	—	✓	✓
Custom DPA	—	✓	✓
4-hour support SLA	—	✓	✓
Self-hosted deployment	—	—	✓
No phone-home	—	—	✓
Customer-owned keys / HSM	—	—	✓

The upgrades are genuine capability differences, not artificial feature flags:

Operational → Trust: you gain cryptographic evidence your verifications happened and are defensible in an audit. You don’t just have logs — you have tamper-evident, independently-verifiable receipts.
Trust → Sovereign: you gain data residency. The entire Verify control plane moves inside your infrastructure. No third party — including Identities AI — is in your verification data path.

Platform catalog — publisher trust levels

Any platform can publish to the Ratify catalog. The trust badge reflects how the publisher’s identity was verified. Downstream consumers (and their connection policies) decide what trust level they require.

Badge	What it proves	Requirements
Personal Publisher	Verified Ratify account	Email verification
Verified Individual	Real identity with established external anchor	Email + GitHub or Google OAuth
Verified Publisher	Organization that owns its claimed domain	Org + DNS TXT record verification

There is no separate “Trust-Verified” catalog badge — the Verify Trust commercial tier gives the buyer better compliance infrastructure; it is not a signal about the publisher’s trustworthiness. A Verified Publisher on Operational and one on Trust are identical in the catalog, because what matters for the catalog is domain verification, not the buyer’s compliance tier.

Platform Registry — free for any platform

Cutting across all four motions is the Platform Registry, a free, public directory of platforms that participate in the Ratify ecosystem. Platforms here include the verifier side (companies that accept Ratify proofs from external agents — meeting hosts, voice gateways, API platforms, custodial wallets) and the issuer side (companies whose users delegate to agents that go act on other platforms).

Registration is free, regardless of which motion (if any) the platform is on. The incentive structure mirrors Plaid’s institution directory or the GitHub Apps marketplace: Identities AI captures value from network effects, not from charging the platforms.

What a registered platform gets

A verified PlatformID (e.g. platform.otter.ai, platform.slack.com). Once claimed and DNS-verified, the ID is yours; nobody else can publish under it.
DNS domain verification via TXT record (same flow as the Organization domain claim).
A public listing at ratify.identities.ai/platforms — discoverable by any other platform looking for who supports what.
A .well-known/ratify-platform.json bundle published at your verified domain. Any verifier anywhere can fetch it offline; this is how third parties discover and trust your public keys.
The “Ratify Protocol Verified Platform” badge for your own site, GitHub repository, README, or product UI.
A profile page with name, logo, what you verify or what you issue, supported scopes, contact, links to your own docs.

What it does NOT cost extra for

Operating a verifier — using the open SDK, your own RevocationProvider, your own audit log — is the Open Protocol motion. Registering as a platform on top of that costs nothing. Many platforms will only ever use the Open Protocol + Platform Registry combination and never pay for Verify managed infrastructure. That’s fine; you’re a brand-credibility signal for the protocol.

Where it lands inside the motions

Account type	Platforms you can claim
Personal Account (Operational)	1 platform under any domain you can DNS-verify
Organization (Operational / Trust / Sovereign)	Unlimited platforms under the Organization’s verified domain

A Personal Account user wanting to register a second platform creates an Organization (the Org owns the platforms, the human is the Owner-role member). This mirrors how GitHub treats @me’s 1 free private repo vs. unlimited under an Organization.

What this means concretely

Otter.ai (verifier-side platform): stays on Open Protocol. Implements verify_bundle() at the meeting-join handler. Registers platform.otter.ai for $0. Gets a public listing and the verified badge. Pays nothing to Identities AI.
Slack (verifier + issuer): registers platform.slack.com for $0. Probably uses Verify Operational ($0.002/verification) because they want push revocation across their global infrastructure, but the registry profile itself is still free.
A solo dev’s hobby project: signs up with Personal Account, registers platform.solodev.dev for $0 under their own verified domain. Starts with $50 in alpha credits (≈25,000 verifications); the platform listing is permanent.

How to register

Once ratify.identities.ai is live (the Verify web app), the flow is:

Sign in with Google, Microsoft, or email magic link.
Choose “Register a platform” from the Studio dashboard.
Enter the domain you want to claim. Studio shows you a DNS TXT record.
Add the TXT record at your DNS provider; click “Verify.”
Fill out the profile page (name, logo, description, supported scopes, contact).
Optional: tick “Publish to public directory.”

Detailed registration steps live at Onboard a platform.

Open Protocol — free, forever

The protocol is yours. Implement it, fork it, run it in production behind your firewall, build a competing managed verifier with it — none of that is gated by anyone.

What you get

The protocol specification (CC-BY-4.0) — the normative source of truth at SPEC.md.
Five reference SDKs (Go, TypeScript, Python, Rust, C/C++) under Apache-2.0. All five produce byte-identical canonical JSON and verify each other’s proofs.
Every cryptographic primitive: hybrid Ed25519 + ML-DSA-65 signing and verification, delegation chains, scope intersection, first-class constraints, revocation lists, session tokens, transaction receipts, witness entries.
Every provider interface defined in SPEC §17: RevocationProvider, PolicyProvider, AuditProvider, ConstraintEvaluator, AnchorResolver. Each comes with a working no-op default; you supply your own implementations.
The full 59-fixture cross-language conformance suite and the cross-SDK byte-equivalence corpus (10 vectors covering BundleHash, VerifierContextHash, PolicyVerdictSignBytes, VerificationReceiptSignBytes).

What you don’t get (without Verify)

A hosted verifier endpoint — you operate your own.
A real-time global revocation push network — you run your own polling / push.
A signed, hash-chained audit archive — you can build one against the open VerificationReceipt primitive, but you maintain it.
Pre-built integration adapters for Zoom / Twilio / AWS API Gateway — those live in the commercial Verify product.
A managed Policy Studio web UI — your team writes policy in code or manages a Rego/OPA service themselves.

Who this is right for

Developers evaluating Ratify before committing.
Open-source projects that need cryptographic agent authorization but don’t need managed infrastructure.
Teams with strong internal infrastructure who prefer to operate the verifier themselves.
Air-gapped deployments where the managed Verify is structurally inappropriate (see Sovereign for an air-gappable commercial alternative).

Verify Operational — managed verifier, pay per verification

The Verify Operational plane gives you a managed verifier endpoint, a hosted Policy Studio to author and distribute policy in real time, and the integration adapters that turn a Ratify proof into a working enforcement gate against Zoom / Twilio / AWS / etc.

Pricing: $0.002 per verification, $50/month minimum. The $50 minimum is your monthly commitment; it includes the first 25,000 verifications. There is no verification cap above that — usage past the minimum bills at the same per-verification rate. Bulk-rate breakpoints kick in past 1M verifications/month under a contract.

Two onboarding paths

The Operational plane supports two account types. The Studio renders identically for both; the only differences are how identity is anchored and whether a Verify Trust contract is possible.

Personal Developer Account

For a solo developer building, evaluating, or running a side project under their own identity. The fastest path from “I want to try Verify” to a working API key.

Sign in with Google, Microsoft, or email magic link.
Account ID is auto-generated (usr_xK2pA9...); no domain claim required.
$50 in alpha credits on first sign-in (≈25,000 verifications) so you can integrate and ship before putting in a card. Credits are pre-loaded automatically.
Same Studio, same API, same pricing past the credits ($0.002/verification). Personal workspaces have no monthly minimum — you pay for exactly what you use.
Cannot enter into a Verify Trust contract (Trust requires a verified legal entity).
Can create an Organization later. Creating an Organization does not consume or change your Personal account; both coexist.

Organization

For teams putting Ratify into production behind a company or product.

One human creates the Organization. That human becomes the first Owner. They invite teammates (Owner / Admin / Member roles).
Organization claims a domain via DNS TXT verification. The verified domain becomes the Organization’s Publisher Domain — visible in any Anchor records the Organization signs on behalf of human roots.
Same pricing as Personal: $0.002/verification, $50/month minimum. Organizations do not receive the $50 alpha credit.
An Organization can be the legal-entity counter-party to a Verify Trust or Sovereign contract.

A single human can own one Personal account and be a member of any number of Organizations. The Studio’s top-left context switcher (same UX as GitHub, Stripe, Vercel) lets you move between contexts; each has its own billing, audit history, and API keys.

Migration and lifecycle

A Personal account can create an Organization, but cannot convert itself into one. Both coexist after creation.
An Organization can transfer specific platforms to itself from any member’s Personal account, with audit-log entries on both sides.
An Organization can be deleted by an Owner (irreversible, members lose access, billing closes out, optionally exports the audit archive on the way out).
An Organization cannot downgrade to a Personal account. Legal-entity boundaries and audit-trail attribution must stay intact.

What Verify Operational enables

Managed verifier endpoint. A signed, monitored verifier at ratify.identities.ai/v1/verify (or your own subdomain on Organizations).
Hosted Policy Studio. Author, review, distribute, and revoke PolicyProvider policies in real time across your fleet. Versioned, with rollback.
PolicyVerdict cache backend. Cuts policy-server round-trips by ~95% on streaming workloads. Verdicts are HMAC-bound and context-pinned (SPEC §17.6).
Push-based revocation. Sub-100ms global propagation when a delegation is revoked, via Verify-operated edge nodes.
30-day searchable audit retention.
Pre-built integration adapters for Meetings (Zoom / Teams / Meet), Voice gateways (Twilio / Daily / LiveKit), API Gateway (AWS / Cloudflare / Kong), Model Context Protocol (MCP), and Agent-to-Agent (A2A) flows. Each is a one-line install.
Webhook outputs for verification events into your existing log / SIEM pipeline.

What Verify Operational does NOT include

Signed VerificationReceipt archive. You can issue receipts via the open SDK; the managed, chained, signed-with-Verify’s-keys archive is part of Verify Trust.
Anchor-bound audit. The open AnchorResolver interface is yours to wire to your own IdP; Verify’s managed SSO-attested identity binding is part of Verify Trust.
Custom constraint type registry. Anyone can register mycompany.* constraint evaluators in their own SDK call; the managed cluster-wide registry that survives the customer’s deployment is part of Verify Trust.
365-day audit retention, SAML/SSO into Studio, custom DPAs. All part of Verify Trust.
Self-hosted / air-gapped deployment. Part of Verify Sovereign.

Verify Trust — annual contract for compliance-grade audit

Trust is the layer that says “if something goes wrong with an agent, this is what defends you.” It is sold as an annual contract because the value is in the contractual commitments — data retention, audit-trail integrity, identity attestation — not in per-call metering.

Pricing: From $30,000 / year. Custom past $200K/year, typical for >5M verifications/month with full audit retention.

What Trust enables on top of Operational

Signed VerificationReceipt archive. Every verification produces a hybrid-signed, hash-chained receipt (see SPEC §17.5). Receipts are downloadable as a SOC2/ISO-ready evidence bundle. The chain is tamper-evident — missing or backdated entries are detectable cryptographically.
Custom constraint type registry. Define mycompany.max_daily_spend, mycompany.region_allow, mycompany.parental_consent, etc., and Verify maintains the cluster-wide registry so any of your tenants’ agents can reference them. Issuers using Trust-registered types implicitly require Verify-aware downstream verifiers — that’s the moat lever.
Anchor-bound audit. Every verification chain links to the human root’s SSO assertion (Okta, Azure AD, Google Workspace). Auditors can prove “this verification was tied to a SAML-asserted identity from Okta”, not just “this verification happened.”
SAML / SSO for the Studio web app itself. Admins sign in via your IdP.
90-day standard audit retention. Optional 365-day retention for regulated industries.
Custom DPA, sub-processor list, contractual data-residency commitments (US / EU / Switzerland).
Priority support with a 4-hour SLA.

Who Trust is right for

Companies pursuing SOC2 / ISO 27001 / HIPAA / PCI-DSS and needing a defensible audit chain for AI-agent-driven actions.
Mid-market and enterprise customers whose agents touch money, identity, or regulated data.
Anyone selling agent-driven products to enterprise customers who will ask for SOC2 evidence.

Verify Sovereign — licensed, self-hosted, no phone-home

Sovereign is for customers who cannot have a third-party verifier in their data path. The EU institution, the federal agency, the regulated bank with national-residency requirements. They take the Verify binaries, run them inside their own infrastructure, and hold 100% of the root revocation keys themselves.

Pricing: From $50,000 / year as a base license for ≤1M verifications/year. Scales with usage. Optional 24/7 support + dedicated Technical Account Manager contract priced separately at $50K–$200K/year.

What Sovereign enables

Every Trust feature, but running entirely inside the customer’s network.
No phone-home. Verifier never communicates with Identities AI infrastructure.
Customer-owned root revocation keys. Identities AI never has access.
Delivery as a Helm chart for Kubernetes, a Docker image, or a hardened VM image (KVM / VMware / Hyper-V).
Customer-side air-gapped upgrade pipeline. Signed Verify releases are verifiable via the open VerificationReceipt chain — recursive trust, no manual download.
Contractual data-residency commitment tied to the customer’s chosen geography.

Who Sovereign is right for

EU sovereign deployments (Schrems-II strict residency).
Federal / defense customers requiring FedRAMP-style isolation.
Regulated finance customers with national-residency requirements.
Healthcare systems with HIPAA + state-specific residency.
Customers in F500 industries with internal-only AI deployments and “no SaaS on this data” policies.

Why this model, and not tiered SaaS

The “Bronze / Silver / Gold” SaaS tier ladder works when the underlying product is the same and you’re price-discriminating on feature flags. Verify is structurally different from that. The four motions correspond to four genuinely different things you can be buying:

The Open Protocol is a public good — a standard you can adopt without a vendor relationship.
Verify Operational is a service — managed infrastructure that you pay for as you use it, no commitment, no tier negotiation.
Verify Trust is a contractual artifact — an audit chain that defends you in a dispute, sold on annual contract because the value is the commitment.
Verify Sovereign is a licensed product — software you operate yourself, with contractual support.

These are different motions because they involve different commitments, different relationships, and different buyers. Collapsing them into a tier ladder would have hidden the actual structure of the offering.

Specifically, this model rejects three common SaaS-era pricing patterns that don’t fit:

No per-seat pricing. Agents make calls; seats don’t. Charging per seat is a pre-AI assumption that no longer maps to how AI products operate.
No artificial verification caps as upgrade gates. Volume is metered honestly across motions; it’s never the lever that forces an upgrade. The lever is whether you need signed-receipt-archive (Trust) or self-hosting (Sovereign) — capabilities, not counters.
No black-box “Contact Sales for Enterprise.” Trust starts at $30K/year. Sovereign starts at $50K/year. Both are published floors. Contracts above those numbers are negotiated; nothing below.

When the open protocol is enough

You do not need to pay Verify if you are:

Building an open-source tool that uses the Ratify primitive for local-only checks.
Operating your own verifier infrastructure with self-managed revocation, policy, and audit.
Building inside an air-gapped environment where the managed Verify is structurally inappropriate (and you don’t need a Sovereign license).

Specifically: enforcement, observability, and identity binding are all in the protocol. A PolicyProvider returning false rejects the bundle (enforcement). An AuditProvider sees every verification (observability). An AnchorResolver binds verifications to external identity (attestation). The open SDK ships interfaces and working defaults for all of it.

What Ratify Verify sells is not the ability to enforce — it is the operational surface that makes enforcement defensible at scale: real-time policy distribution, hash-chained signed-receipt archives, SSO-bound identity lookups, regulated air-gap deployments, and last-mile platform adapters that turn one line of integration code into a working enforcement gate.

The protocol is a public good. We charge for the infrastructure that makes it enterprise-ready.

Maintained by Identities AI, Inc. Ratify Protocol™ and identities.ai™ are trademarks of Identities AI, Inc. U.S. patent application pending.