For teams · validated · sovereign · cost-cutting

Memory your team can
trust, own, and afford.

Validated, private, sovereign AI memory that cuts cost. FaultLine returns the one grounded fact instead of re-sending the whole history, so you spend fewer tokens per turn — while a per-tenant schema keeps your data physically separable and yours. Lower bills, provable answers, no procurement games.

Transparent pricing. Your $750 or $1,500 monthly base is the tenant portal — and it buys every seat down. Team seats from $12.50, Enterprise from $10. Every number on the page, no contact-sales gate.

The bottom line · cost & ROI

Two ways it hands you spend back.

AI cost is tokens, and tokens are money. FaultLine cuts your bill in two independent, compounding ways — one on every single call, one that grows with scale. So you spend less to get a better answer.

Context reduction — fewer tokens per turn

Instead of re-sending the whole conversation history (or a pile of fuzzy RAG chunks) into the model on every call, FaultLine returns the one grounded fact the question needs. You pay for a sentence, not a haystack — so you cut token cost on every single turn, and latency drops with it.

The agent's own memory — no wasted re-work

The serving agent keeps its own operational memory — what worked, what failed, the gotchas. So agents stop re-deriving problems they already solved and stop walking back into dead ends. No churn on known, repeated issues means fewer wasted API calls at scale — real money back where tokens are literally money.

  • Fewer tokens / callone scoped fact, not the whole transcript
  • Fewer wasted callsagents don't re-solve solved problems
  • Lower latencyless to send, less to read, faster replies
  • Compounds at scalethe savings grow with call volume

Both levers point the same way: spend reduction. Send the model one true thing and let your agents keep their own lessons, and the per-call and per-scale savings stack up into a real line-item win. (Illustrative — the exact figure depends on your workload; see the Numbers page.)

Trust & compliance

Credibility your procurement team can sign off.

Cheaper only matters if it's also safe. FaultLine is built so the trust lives in the memory, not the model — isolated, sovereign, owned by you, and honest about what it knows.

Per-tenant schema isolation

Every tenant gets a dedicated PostgreSQL schema — your data is physically separable, with no shared table and no cross-talk between tenants. Database-level isolation is a stronger, more auditable posture than row-filtering in a shared table — the aid your procurement team can actually verify, not a config flag. (It's an isolation aid, not a certification in itself — a BAA or SOC2 attestation is a separate, additional conversation.)

Canadian-hosted 🍁 sovereignty

Sovereign infrastructure, hosted in Canada 🍁. Your memory lives where you expect it to — and we never train on it, ever.

You own it

Export the entire graph or delete it on demand — no lock-in, no data hostage. Point the engine at your own model endpoint whenever you want. The data lifecycle is yours.

The epistemic firewall

A hard line between what you stated and what it merely inferred. Stated facts come back asserted; guesses come back flagged as tentative. It never presents a guess as a fact — so decisions rest on knowledge, not a confident hallucination.

Validated writes only

No unsupervised model writes — every fact passes the validation gate before it lands. The truth lives in the memory, not the model, so any model you connect reads the same verified memory.

Traceable to a real row

Recall is a deterministic walk of real rows, not a fuzzy vector guess — every answer traces back to a fact that was actually stored. Auditable by design, which is exactly what a compliance review wants to see.

Isolated
A physically separable schema per tenant. No shared table, no cross-talk.
Sovereign
Canadian-hosted 🍁. Privacy-first — we never train on your memory.
Yours
Export the whole graph or delete it on demand. Own the lifecycle.
Validated
No unsupervised model writes — every fact passes the gate.

Regulated & clinical · a physical boundary per patient

One patient, one database schema.

For healthcare, legal, and other regulated builders, FaultLine offers a dedicated clinical account type where every patient (or matter, or client) gets their own physically-separable PostgreSQL schema — the strongest, database-enforced separation FaultLine has, the same isolation every tenant already runs, now minted one-per-patient. Not a row filter in a shared table. A wall the database enforces — governed by per-doctor keyed access with full attribution and an append-only, medical-grade audit.

Physical schema-per-patient

Each patient is provisioned into their own faultline_<id> schema with no shared table and no cross-patient path. Separation is enforced by the database itself, so cross-patient bleed is demonstrable and auditable — you can point a reviewer at the boundary, not at a query you're trusting to always filter correctly. This is the direct answer to the "row-level security alone was enough" cautionary tale: here the wall is structural, not a WHERE clause.

Per-doctor keys, full attribution

Clinical is its own account type with a strict separation of duties. The practice admin governs doctors — creates them, suspends them, grants or revokes each one's key ability — but never holds a key. Each doctor mints their OWN provisioning key, shown once, in their own session, and every patient they mint traces back to that doctor. A revoked doctor's keys die immediately; attribution is always answerable.

Append-only medical-grade audit

Every governance action — a doctor created or suspended, a key ability granted or revoked, a key minted, a patient provisioned — writes one immutable row to an append-only compliance log. Filter it by action, page through it, and export it to CSV from the console. The trail is account-scoped, so a practice can only ever read its own, and it is the record you hand an assessor.

Per-patient lifecycle

Legal-hold, export, and delete operate at the granularity of one patient. Honour a records request or a right-to-erasure against a single patient's schema without touching anyone else's — export that patient's graph, or drop the entire schema on a purge. The lifecycle is per-person, because the storage is per-person.

Straight talk: what this is, and what it isn't

Physical schema-per-patient isolation is a compliance aid — it makes cross-patient separation demonstrable and auditable, which is exactly what an assessor wants to see. It is not, by itself, a BAA, a HIPAA/PHIPA certification, or a finished compliance program. It doesn't replace encryption in transit and at rest, access management, audit logging, or a signed agreement — those are separate, additional work we scope with you. We'd rather tell you that plainly than let the word "isolation" do more work than it should.

Talk regulated deployment ▸
Clinical account type
$4,000/ mo base + per-patient capacity

A higher regulated tier: a $4,000/mo base (with a block of patients included) plus per-patient capacity purchased in volume-tiered blocks — the more patients, the lower the per-patient rate. A net-new account type, governed from a dedicated console (doctor sub-admins, per-doctor keys, attribution, audit) and built on the /v1 developer API. Final numbers are ratified per engagement — contact us for regulated pricing.

Transparent pricing

Every price on the page. No sales gate.

The full ladder is published below, in CAD, billed monthly, cancel anytime. The monthly base fee is your tenant portal / control layer — and it buys every seat down. Team and Enterprise are what most businesses buy; Clinical is a distinct regulated account type ($4,000/mo + per-patient); Individual is shown for reference. The only "talk to us" is genuinely bespoke (on-prem, regulated, custom isolation). See the full side-by-side matrix ▸

Team$750/mo base + cheaper seats, up to 15

Base = tenant portal + 2 Standard seats · seats $12.50–$100 · up to 15 total.
Everything in Individual, plus —

Outgrew solo, but you're not an enterprise? This is your tier. The $750/mo base is your tenant portal — seat management, logins, MFA, dashboards, oversight — with 2 Standard seats included, and it buys every added seat down to the Team rate. The affordable bridge, so you never jump from solo straight to the enterprise base.

  • Tenant portal & seat control — logins, MFA, dashboards, memory usage
  • 2 Standard seats included in the base
  • Mixed seat types, up to 15 seats
Team base
$750/ mo base — the tenant portal + 2 Standard seats

Your control layer for seats, logins, MFA and memory oversight — and it buys every seat down to the Team rates below. Add up to 15 seats total.

Add seats above the included two — any type, at the bought-down Team rate:

Standard
$12.50/ seat / mo

Core validated memory per teammate.

Advanced
$35/ seat / mo

Bigger memory + own-endpoint control.

Expert
$50/ seat / mo

High quota, priority recall, power features.

Agent
$100/ seat / mo

Agent memory + agent voice for your builders.

Need more than 15 seats? That's Enterprise — a bigger base, and the seats drop again.

Enterprise$1,500/mo base + the cheapest seats, unlimited

Base = portal + 5 Standard + SSO/isolation/SLA/compliance · seats $10–$80 · unlimited.
Everything in Team, plus —

The $1,500/mo base is the tenant portal with 5 Standard seats included and the enterprise controls — and it buys every seat down to the lowest rates on the page.

  • Unlimited seats
  • SSO
  • Dedicated isolation
  • SLA
  • Compliance controls
  • Support
Enterprise base
$1,500/ mo base — the tenant portal + 5 Standard seats

SSO, dedicated isolation, SLA, compliance controls, and support on the same validated engine — and the deepest seat buy-down. Bring your own model brain; we host the memory.

Add unlimited seats above the included five — any type, at the lowest per-seat rates on the page:

Standard
$10/ seat / mo

Core validated memory per teammate.

Advanced
$30/ seat / mo

Bigger memory + own-endpoint control.

Expert
$45/ seat / mo

High quota, priority recall, power features.

Agent
$80/ seat / mo

Agent memory + agent voice — lowest Agent rate.

Clinical$4,000/mo base + per-patient · Regulated

Regulated / Clinical · a net-new account type (not a seat add-on) · base includes a patient block · per-patient $8 / $6 / $4 by volume.
A distinct, regulated account type —

For healthcare, legal, and other regulated builders: a net-new clinical account where every patient (or matter, or client) gets their own physically-separable database schema, governed by per-doctor keys with full attribution and an append-only, medical-grade audit. Its own account type with its own console — not a bolt-on to a Team or Enterprise seat. See the regulated lane ▸

  • Physical schema-per-patient isolation — demonstrable and auditable
  • Per-doctor provisioning keys with full mint attribution
  • Append-only medical-grade audit + CSV export
  • Per-patient legal-hold, export & delete
Clinical account type · Regulated
$4,000/ mo base + per-patient capacity

A higher regulated tier: a $4,000/mo base with a block of patients included, plus per-patient capacity purchased in volume-tiered blocks — the more patients, the lower the per-patient rate. Database-level isolation is a compliance aid, not a HIPAA/PHIPA certification. Final numbers are ratified per engagement.

Per-patient capacity above the included block — volume-tiered, in CAD:

≤ 250 patients
$8/ patient / mo

Entry volume band.

≤ 1,000 patients
$6/ patient / mo

Mid volume — the rate steps down.

1,001+ patients
$4/ patient / mo

High volume — lowest per-patient rate.

Individual — one person, no base, for reference

First month free · retail per seat · Standard $15 · Advanced $40 · Expert $60 · Agent $120.
The foundation Team & Enterprise build on —

No portal, no base — retail per seat, first month free. Same four seat types as every tier; committing a Team or Enterprise base is what buys them cheaper.

  • Personal validated memory for one person
  • Grounded, deterministic recall across every model
  • Any seat type — export & purge anytime
Standard
$15/ mo

Personal memory for everyday AI chats.

Advanced
$40/ mo

Bigger memory + own-endpoint control.

Expert
$60/ mo

High quota, priority recall, power features.

Agent
$120/ mo

Self-serve validated memory for agents & devs.

Custom — the only "talk to us"

That's the full price list above. Need something we don't list — on-prem, regulated / PHIPA, or custom isolation? Talk to us and we'll build it. Everything else, you can start today.

Talk to us ▸

Governance

You own the data lifecycle.

Seats aren't just billing — they're control. Right-size each person to a tier, and put the expensive part of the pipeline on a switch you own.

Seat tiers

Standard, Advanced, Expert, and Agent seats let you match spend to need per person. An admin assigns tiers; nobody self-upgrades onto your bill.

Train mode

Ingest ON — the memory learns and writes. This is the richer, metered pipeline, so you turn it on when you're building the memory and account for it deliberately.

Serve mode

Ingest OFF — read-only. Recall stays fully on, writes are rejected, and the deterministic walk is cheap. Freeze the memory and let the team query it without surprise cost.

Train then serve. The train/serve switch is the billing lever and the governance lever: your admins decide when a seat is building memory versus simply reading it — so the org, not the model, owns the data lifecycle.

Building on FaultLine? A developer API (V1, in preview) lets you embed the same validated memory in your own apps — and it's an explicit opt-in add-on, off by default and granted per-seat, so it's never a surprise line on your bill or an armed door on every seat. See the API ▸

Trusted, owned, and cheaper to run.

Start free — first month on us. Validated, sovereign memory your team can prove and your finance team can afford.