PubSentry's pricing has one unusual property worth stating up front: every detection, DEFEND, and AI feature is on every plan — including free. Tiers differ only by volume: how many pageviews you can score, how many sites you can run, and how far back your history goes. The only feature gate is the Enterprise contractual set (SSO, SOC 2 DPA, data residency, SLA, priority support) — and those are sales terms, not product capability.
This page explains exactly what each plan includes, what is metered, what is enforced today, and what is still on the roadmap.
The free plan: 500 lifetime pageviews
Every new account starts on the free plan with 500 pageviews. Two things to be precise about:
- It is a lifetime budget, not a monthly reset and not a time-limited trial. Those 500 pageviews are counted across all sites you own, all-time. There is no clock; there is a counter.
- It is enough to install the tag, verify the end-to-end loop, and watch real verdicts land in your dashboard before you commit to a paid plan.
The free plan includes 1 site and 7 days of history retention. Once you spend the 500 pageviews, the dashboard paywalls the data screens — Overview, Live Feed, Threats, and the rest go behind an upgrade prompt — while your billing and account screens stay reachable so you can pick a plan. Your tag keeps running and beacons keep being recorded; you just can't read the analytics until you upgrade.
<script async src="https://pubsentry.com/t.js" data-site="st_xxxx"></script>That one async tag is the entire install, on every plan. Replace st_xxxx with your real site ID from the dashboard.
Paid plans
Paid plans are self-serve via card checkout and differ only by volume:
| Plan | Price/mo | Monthly pageviews | Sites | History |
|---|---|---|---|---|
| Starter | $199 | 1,000,000 | 1 | 30 days |
| Growth (anchor) | $499 | 5,000,000 | 5 | 90 days |
| Scale | $999 | 20,000,000 | unlimited | 365 days |
| Enterprise | custom | custom | unlimited | 365 days |
Every one of these — Starter included — ships the full product: the deterministic engine, IP intelligence, behavioral signals, the Overview dashboard, Live Feed, email + Slack/webhook alerts, ML scoring, threats breakdown, the AI daily digest, recommend-then-apply agent actions, forecasting, attack detection, and the ad-policy engine. You are not buying features as you climb the ladder. You are buying headroom.
Enterprise adds the contractual set on top: SSO, a SOC 2 DPA, data residency, an SLA, and priority support. That tier is contact-sales, not card checkout, because those are negotiated terms.
What is actually enforced
Three limits are enforced server-side today (admin/owner accounts bypass all of them):
- Sites — enforced at site-creation time. A Starter or free account creating a second site is rejected; Growth caps at five; Scale and Enterprise are unlimited.
- History retention — the analytics window is clamped to your plan's
historyDays. Ask for 90 days on Starter and the query is silently capped at 30. This is a hard clamp in the insights service, not a UI hint. - Free pageviews — the
over_limitstate genuinely gates the dashboard once a free account spends its 500 included pageviews, as described above.
Paid pageview overage is a warning, not a hard lockout. If a paid plan runs past its monthly pageview ceiling, the dashboard surfaces a usage warning and prompts an upgrade — it does not stop scoring traffic or block your access. We would rather keep protecting your site and talk to you about the right tier than fail closed on a busy month.
Usage metering
The billing screen shows you two numbers, computed in one pass over your events:
- All-time pageviews — the free-plan meter. This is the counter that determines whether a free account has hit 500.
- Rolling 30-day pageviews — what a paid plan's monthly ceiling is measured against.
Because raw IP and User-Agent are HMAC-SHA256 hashed and then dropped server-side, metering counts events, never personally identifiable visitors. A "pageview" here is a scored beacon — one tag fire on one page load.
Billing: DodoPayments
PubSentry bills through DodoPayments (not Stripe). It's live. Three flows you'll touch:
- Checkout. From the billing screen, picking a paid plan starts a hosted DodoPayments checkout and redirects you to it. The plan and your account ID travel with the subscription as metadata so the webhook can attribute it back to you. You can buy a paid plan up front, or after exhausting the free budget — either way it's the same checkout.
- Customer portal. Once subscribed, the billing screen mints a portal link where you manage your card, view invoices, or cancel. Cancelling drops you back to the free plan at the end of the period.
- Webhook. DodoPayments calls a webhook that flips your
account.planand billing status. A successful subscription sets your plan active; a failed renewal degrades topast_duebut keeps your plan during a grace window rather than cutting you off immediately; a cancelled/ended subscription falls back to free. This webhook is the one/v1/*endpoint that is public — it is verified with a Standard-Webhooks signature (webhook-id/webhook-timestamp/webhook-signature), so an unsigned or tampered call is rejected.
If checkout returns a "merchant not live" error, that's a one-time activation step on the payments side, not a problem with your account — it clears once merchant verification completes.
Changing plans
- Upgrade — buy a higher plan via checkout. Higher limits apply as soon as the webhook confirms the subscription.
- Downgrade / cancel — use the customer portal. At period end you move to the lower plan (or free), and the corresponding limits re-apply: a downgrade to a single-site plan won't delete extra sites, but you won't be able to create new ones beyond the new cap, and your history window shortens to the new plan's retention.
What's coming (not shipped)
In the spirit of saying only what's true:
- A documented public API and outbound webhooks are on the roadmap (coming), not shipped. The
/v1/*endpoints that exist today are session-scoped to power the dashboard; they back the UI, not a stable public integration, and may change. If you need programmatic access now, tell us what you're building so we can scope it honestly. - Email delivery for invoices/receipts beyond what DodoPayments sends depends on our outbound email channel, which is still being wired up.
The honest summary
Pick a plan on volume, not features — because you get all the features regardless. Start free to prove the loop works on your real traffic, then upgrade when 500 pageviews runs out or when you want longer history and more sites. Billing is real, card-based, and self-serve through DodoPayments, and the limits that matter — sites, history, and the free pageview budget — are enforced where they should be: on the server.