← Back to home

Compare plans

Pick how you want to run VaultGuard. Self-host the open-source Community Edition on your own AWS for free, or let us run it for you on VaultGuard Cloud. Every plan ships with the same client-side content encryption, per-file permissions, and managed access-revocation primitives. Try Pro free for 14 days before you decide.

Plans at a glance

CapabilityCommunity Edition
Self-host · free
Pro
Cloud · Pro Edition
Enterprise
Cloud · Pro Edition + SSO
PriceFree, self-hosted€12 / user / monthCustom
Where it runsYour own AWSOur AWS (managed)Dedicated infra
LicenseSustainable Use LicenseCloud ToSCommercial contract
User capYour deployment limitUp to 100By agreement
StorageYour AWS configuration100 GB includedBy agreement
TrialClone + deploy14-day free trialSales call

Security you get on every plan

The same client-side encryption and access-control primitives — with operations and limits determined by your deployment.

CapabilityCommunity Edition
Self-host · free
Pro
Cloud · Pro Edition
Enterprise
Cloud · Pro Edition + SSO
Client-side content encryption (AES-256-GCM + managed KMS keys)
Per-file permissions with role inheritance
Visual permission graph + in-Obsidian access management
Session, permission, and renewable-lease revocation
Time-bound key leases (1h default, configurable)
Multi-vault support per organization
Plugin allowlist enforcement
Cognito auth (federate to your IdP)
Local at-rest encryption via OS keychain
TLS 1.2+ in transit (TLS 1.3 when negotiated)

AI in your vault

Use AI on your notes through the same encryption, permissions, and audit gates — on every plan.

CapabilityCommunity Edition
Self-host · free
Pro
Cloud · Pro Edition
Enterprise
Cloud · Pro Edition + SSO
Built-in Claude chat panel (bring your own Anthropic key or Claude subscription)
AI agent bridge — scoped MCP server for Claude Code / Cursor / Claudian
Every AI file access permission-checked and audit-logged

Running it day-to-day

What you get back when we run the infrastructure for you.

CapabilityCommunity Edition
Self-host · free
Pro
Cloud · Pro Edition
Enterprise
Cloud · Pro Edition + SSO
In-Obsidian admin (users / permissions / settings / recovery)
Hosted web admin panel (admin.vaultguard.cloud)
Share links — send a teammate a clickable link to a specific file
Basic audit log (GET /audit/logs)
Advanced audit — dashboards, alerts, CSV export, per-user / per-file reports
Audit retention30 days (configurable)1 yearCustom
Stripe-backed billing
Transactional email (invites, password reset)Your SESManagedManaged
Org signupSingle-tenant lockdownMulti-tenantCustom
Managed AWS infrastructure
Managed security update process
Managed backup operations
Uptime targetNone99.9% targetCustom by agreement
Support targetCommunity (GitHub)Email, 1-business-day targetPriority by agreement

Enterprise-only

CapabilityCommunity Edition
Self-host · free
Pro
Cloud · Pro Edition
Enterprise
Cloud · Pro Edition + SSO
SAML / OIDC SSO integration
SOC 2 / HIPAA evidence packagesAvailable by agreement
Dedicated infrastructure
Custom data residency
Custom key rotation & retention policies

Who handles what

What stays on your plate if you self-host, and what we take off it on Cloud.

CapabilityCommunity Edition
Self-host · free
Pro
Cloud · Pro Edition
Enterprise
Cloud · Pro Edition + SSO
Deploy the backendYou (terraform apply)UsUs (or you, with license)
Patch Lambda runtimes / dependenciesYouUsUs
Rotate KMS keysYouUsUs / custom
Run backupsYouUsUs
Monitor uptime / page on-callYouUsUs
Pay AWS billYouCustom
Compliance evidenceYouUs

Which plan fits you?

For most teams, Pro is the best place to start. You get the full security stack, admin panel, user permissions, secure note sharing, readable audit trails, managed backup operations, and a 99.9% uptime target — without managing AWS yourself.

Start with Pro and try it free for 14 days →

Choose Community Edition only if you are a solo user or technical team that wants to self-host and manage AWS, backups, patches, and uptime yourself.

Choose Enterprise if you need SSO, dedicated infrastructure, or signed compliance attestations.

What you get if you self-host

  • The same client-side content encryption, per-file permissions, and access-revocation primitives as Pro
  • Your data stays in your own AWS account
  • The same plugin connects automatically — no special build
  • One-command Terraform deploy; infrastructure code is open for you to audit
  • Cost: just your AWS bill
  • You're the on-call: patching Lambda runtimes, rotating KMS keys, running backups, and monitoring uptime is on you

What's not included in self-hosted version

  • No web admin panel — every user invite, permission change, and recovery flow happens inside Obsidian, which gets painful past a handful of users
  • No share links — teammates can't get a one-click URL to a specific note; they navigate the folder tree themselves
  • No audit dashboards, alerts, or CSV exports when your compliance team asks for an audit trail
  • No managed uptime commitment, backup operations, or patch pipeline — AWS deprecations and incident response land on you
  • No single sign-on or signed compliance attestations — those live on Enterprise