Sovereign AI, priced like capacity you control — never metered by the token.

Iftah installs a complete governed-access and governance layer inside your own Kubernetes cluster, in your own region — prompts, inference, model weights, and audit data never leave that boundary. We don't host your data; we operate your install remotely under a time-bound, client-approved, fully audited break-glass key. So we price the platform, not your usage: a fixed-fee 90-day pilot to de-risk, then a committed annual subscription sized to the governed capacity you already own. No per-token meter, no phone-home — and the GPUs and cloud you run on stay yours.

Talk to an engineerSee the 90-day pilot

How pricing works

  • Capacity-based, not consumption-based — license governed capacity per year, never per token or request
  • No telemetry callback — the control plane carries health, version, and latency metrics only, never content
  • Four costs, named plainly — platform, deployment, operations, and your own infrastructure (not Iftah revenue)
  • Air-gap honest — offline license enforcement means pricing works with zero egress to meter against

How Iftah is priced — four costs, fully separated.

We charge for the governance platform and its remote, audited operation — not for the silicon you already own, and not for tokens we cannot and will not see. Procurement can budget all four lines before the first technical call.

Annual · Iftah

Platform subscription

An annual, capacity-based license for the full single-tenant governed stack — all six products on one install. Sized by governed accelerator-node band or as a flat per-cluster site license; 3- and 5-year terms lower the effective rate. Enforced offline — no phone-home, no usage meter inside your perimeter.

One-time · Iftah

Deployment & hardening

The fixed-fee 90-day pilot: we install into your cluster, integrate your identity provider via a client-local key mirror, tune guardrails for Arabic and Gulf identifiers, and drive the production cutover gate-set. Credited toward your production contract on cutover.

Annual · Iftah

Operations & support

An annual contract for remote, break-glass operation under a written RACI — signed GitOps releases, fleet patch and CVE management, and SLA-backed support. Standard support is included; 24/7 mission-critical response and a named lead are priced as upgrades.

Paid to your provider

Your GPUs & infrastructure

You pay your cloud provider or hardware vendor directly for compute, storage, and accelerators — in your account, in your region. We never resell, mark up, or meter it. Stated plainly so total cost of ownership is honest from day one.

From a fixed-fee pilot to fully sovereign production.

One spine: prove it, run it, then sovereign-harden it. Every tier ships the full governance floor — deployment mode and operations depth are priced on top, never the entry.

Pilot

Prove governed AI on your own infrastructure — before committing budget.

How it's billed

Fixed-fee · 90 days

One number, no usage variability — credited toward production on cutover. Design Partners receive reduced founding-customer pricing.

  • Single-tenant install into your cluster and region — synthetic / non-PHI traffic during the pilot
  • Federated SSO via a client-local key mirror; default-deny authorization on every call
  • Self-hosted guardrails (Presidio PII/PHI, NeMo injection/jailbreak), tuned for Arabic and Gulf identifiers
  • Drives the production cutover gate-set with signed evidence
  • Bring your own open models, including Arabic-capable (Falcon, Jais, ALLaM) — no per-model fee
  • Fixed scope, fixed price — a de-risking entry point, not a feature-starved trial
Talk to an engineer
Most chosen

Production

Live production on cloud, private, or sovereign-regional cloud — real users and data, one region.

How it's billed

Committed annual · 3 & 5-yr terms

Operations & support contracted alongside; air-gap, 24/7, and a multi-cloud control plane are priced as upgrades.

  • The full governed stack — all six products: Deploy, Gateway, Observe, Gatekeeper, AI Service, ClusterGuard
  • Digest-pinned model routing and signed GitOps releases — even Iftah cannot hand-edit a running install
  • Immutable in-region WORM audit trail, fail-closed — no audit, no request, never a silent gap
  • Remote break-glass operation under a written RACI — time-boxed, client-approved, logged in your own trail
  • Per-data-class RPO/RTO targets, multi-AZ high availability, in-region backup and restore
  • RAG, fine-tuning (LoRA/QLoRA), and agents — all inside your boundary, no content egress
Talk to an engineer

Sovereign

On-prem or fully air-gapped for government, defense, central banks, and critical infrastructure.

How it's billed

Custom annual / multi-year

A capacity site license plus a dedicated managed-operations fee, billed as separate line items.

  • Fully air-gapped install — offline license enforcement, signed offline update bundles, zero egress
  • Portable WORM and secrets substrate for on-prem and OpenShift, in-region only
  • Dedicated operations: 24/7 mission-critical response, named lead, accelerated RPO/RTO
  • Department-level isolation and the strictest residency, clearance, and approval controls
  • Optional multi-cloud / hybrid central control plane — metrics-only, never content
  • Configured per enclave — drivers and structure published so procurement can budget up front
Talk to an engineer

Four drivers. No surprises.

Pricing tracks the governance value you deploy and the depth at which we operate it — not your token usage.

Governed capacity in your cluster

Priced by accelerator-node band — or a flat per-cluster site license — not per physical GPU, so dense, partitioned, or idle hardware is never punitively taxed. You scale capacity you control; the license tracks governance value, not silicon.

Deployment mode

Cloud VPC and private / regional sovereign cloud sit at the base; on-prem and fully air-gapped carry a sovereignty premium for the heavier assurance, offline enforcement, and operations they demand.

Term length

Annual is the floor; 3- and 5-year committed terms lower the effective rate, rewarding the budget-stable horizon sovereign and government buyers prefer. Committed-capacity bands lower it further.

Operations & support depth

Standard support is included in the subscription. Business-critical 24/7 response, a named operations lead, and accelerated per-data-class RPO/RTO are premium upgrades — never baked into the entry price.

The sovereignty floor is never an upgrade.

Every install — pilot to sovereign — ships the same governance guarantees. These are standard, not paywalled.

  • Identity & policy on every call

    Federated SSO and service-account identity via a client-local key mirror — no per-request egress to your IdP — with policy-as-code making a default-deny, fail-closed authorization decision on every request.

  • Self-hosted guardrails, tuned for Arabic

    Presidio PII/PHI detection and NeMo injection/jailbreak rails run in-region as local pods — never a SaaS guardrail API — tuned for Arabic-script and Gulf-specific identifiers. PHI handling is fail-closed by default.

  • Immutable in-region WORM audit

    Every governance decision and outcome is written to a tamper-evident, append-only, in-region store with a partitioned hash-chain. If the audit sink is unavailable the platform fails closed to a durable buffer — never a silent gap.

  • Break-glass operation, never standing access

    Iftah operates your install under a time-bound, client-approved, fully audited break-glass key governed by a written RACI. We hold no standing access to your prompts, responses, or pods; all changes flow as signed GitOps artifacts.

Answers for your procurement and security teams.

The questions regulated buyers ask first.

Because a per-token meter would have to count usage inside your sovereign boundary and export it — the exact data movement the platform exists to prevent. Our architecture forbids telemetry callbacks, enforces default-deny egress that carries no content, and runs fully air-gapped where there is no egress to meter against. So we price capacity you control, not usage we cannot see — and you get a predictable, budgetable annual number with no usage surprises.
We publish the structure openly — the unit (governed accelerator-node band or per-cluster site license), the four cost lines, the price drivers, and the term-discount mechanics. We don't publish a fixed public dollar table, because each single-tenant install is configured per client and we won't quote a number we'd have to walk back. As soon as you qualify, we provide indicative budgetary bands so your budget cycle can proceed.
Iftah revenue is three lines: the platform subscription, the one-time deployment and hardening, and the operations and support contract. Your GPUs, compute, storage, and cloud or hardware are not Iftah revenue — you pay your provider directly, in your own account and region. We never resell, mark up, or meter your infrastructure, so your total cost of ownership is honest from day one.
We operate your install remotely but hold no standing access to your prompts, responses, or pods. Any access is break-glass: pre-defined, client-approved, time-boxed, and logged in your own audit trail under a written RACI. All configuration and releases flow as signed GitOps artifacts — even Iftah cannot hand-edit a running install outside that path. The control plane sees health, version, and latency metrics only, never content.
Yes. Licensing enforces offline, updates arrive as signed offline bundles, your identity provider's public keys are mirrored locally so there is no per-request egress, and the WORM audit and secrets run on a portable in-region substrate. Air-gapped is the top assurance tier, priced with a sovereignty premium for the heavier operations it demands — not an afterthought.
No. Iftah produces evidence for your review — immutable audit trails, signed provenance, policy decisions, and guardrail baselines — but compliance is the data controller's obligation. We give your auditors and your regulator (SAMA, NDMO, or your health authority) defensible, tamper-evident evidence; we do not and cannot certify compliance on your behalf.

Next step

Review Iftah AI against your environment before choosing the first workload.

Talk to an engineer