Compliance, identity, signed audit chain, and optional PHI redaction are included on every paid tier — you choose whether to send PHI under your BAA or strip it before it leaves your environment. Tiers package operational capacity (members, runtime, governance, dedicated compliance plane). Variable consumption bills against four meters. The Free Evaluation is the full product on non-PHI data.
Assistant + Studio · For teams
Included on every Platform tier
You're billed for thinking and authorized doing. AI Credits cover inference and retrieval; Agent Actions are charged only when an agent identity invokes a tool through the policy gate — pure-inference customers never see an Agent Action charge.
Single practitioner
Overage
Small clinic / firm / department · ~25 active users
Overage
Mid-market · ~100 active users
Overage
Health systems · IDNs · dedicated compliance plane
Overage
| Feature | Solo | Professional | Business | Enterprise |
|---|---|---|---|---|
| Surfaces | ||||
| Assistant chat Ask questions, draft documents, summarize records, and run governed tools — all through a conversational interface that logs every turn to your audit chain. For orgs handling PHI, every message is scanned and redacted before it leaves your environment. | ||||
| Studio app builder Describe the internal tool you need and HASP builds it — schema, UI, permissions, and audit hooks. Publish to your org's subdomain in minutes, not sprints. Every published app inherits the same compliance posture as the rest of your environment. | ||||
| Compliance & audit | ||||
| PHI redaction before model For orgs that handle PHI: names, MRNs, dates, addresses, and the other HIPAA Safe Harbor identifiers are detected and redacted inside your environment before a single token reaches the AI provider. Re-identified back to the original values in the response, so the chat still reads naturally. | ||||
| BAA (Business Associate Agreement) Signed BAA is included on every paid tier — no upcharge, no Enterprise-only gate. Required for HIPAA-covered entities. | ||||
| Hash-chained audit log When an auditor or regulator asks 'who did what, when, and what data did they touch?' — you have an answer that holds up. Every message, tool call, data access, and auth event lands in a hash-chained, Ed25519-signed log; altering any past entry breaks the chain. | ||||
| Audit retention How long your signed audit log is retained. Longer retention is required for HITRUST and some state-level HIPAA enforcement interpretations. | 7 years | 7 years | 7 years | Custom (10+ yrs) |
| Multi-framework compliance One control set satisfies HIPAA, HITRUST, SOC 2, GDPR, CCPA, and PIPEDA simultaneously. You don't need separate tooling per framework. | ||||
| CSV audit export Download a signed CSV of your audit log from the dashboard. Useful for external auditors or compliance reviews. | — | — | ||
| External hash anchoring Even if HASP's infrastructure were fully compromised, your audit history would still be provable. The daily digest of your chain is timestamped by an independent RFC 3161 authority — cryptographic proof of when each entry existed, anchored outside our walls. | ||||
| IP address logging Records the IP address for every session and access event — part of the audit trail on every paid plan. Device metadata logging is available as an optional add-on on Enterprise. | ||||
| Identity & access | ||||
| Email magic-link / Google / Microsoft sign-in Standard sign-in methods available on every plan. No SSO contract required. | ||||
| Members + roles Invite multiple users to your org, assign them member or admin roles, and manage shared workspace access. | — | |||
| Guest access Invite external collaborators (e.g., contractors, clients) who can access specific apps without becoming full org members. | — | |||
| SAML SSO Enforce single sign-on through your identity provider (Okta, Azure AD, Google Workspace, etc.) using the SAML 2.0 standard. Users can't log in except via SSO when enforced. | — | — | ||
| SCIM group sync Automatically provision and deprovision users and their group memberships from your identity provider. Eliminates manual offboarding steps. | — | — | ||
| Workflow runtime | ||||
| Synchronous agent tool calls Agents can invoke tools (e.g., data lookups, API calls) inline within a single conversation turn. Completes before the response is returned. | ||||
| Long-running & background agents Agents that run beyond a single request — queued workflows, multi-step pipelines, and background jobs that complete asynchronously. Requires workflow runtime infrastructure. | — | |||
| Multi-agent chains Orchestrate multiple specialized agents in supervised pipelines. One agent's output becomes another's input, with the policy gate applied at each step. | — | |||
| Governance & analytics | ||||
| Usage-meter dashboards Real-time view of your AI Credits, App Operations, Storage, and Agent Actions consumption vs. your included allotment. | ||||
| MAU / DAU / WAU trends Monthly, daily, and weekly active-user trend charts (30, 90, and 365-day windows). Useful for understanding adoption and planning seat expansion. | — | — | ||
| Per-user credit limits Org admins can cap how many AI Credits any individual user can consume per billing period — prevents runaway usage from a single account. | — | — | ||
| Governance analytics Audit-sourced dashboards for schema changes, publish events, role changes, and access-denial reports. Answers 'who changed what and when' questions without writing queries. | — | — | ||
| Infrastructure | ||||
| Managed subdomain Your apps are published at `[your-org].usehasp.run`. No DNS setup required. | ||||
| Custom org hostname Publish your apps on your own domain (e.g., tools.yourclinic.com) — bring your own domain via DNS delegation. One hostname per organization. | — | — | 1 hostname | 1 hostname |
| Dedicated data plane A per-organization database isolated from all other tenants. Logical row-level-security isolation is replaced with physical database isolation — required for some enterprise security policies. | — | — | — | |
| Custom data residency Negotiate where your data at rest is stored (e.g., US-only, EU). Requires dedicated data plane. | — | — | — | Negotiated |
| Support | ||||
| Email support Standard email support with best-effort response time. | ||||
| Priority support SLA Guaranteed response time SLA with a named support contact who knows your deployment. | — | — | — | |
| Custom DPA / SLA terms Negotiate custom Data Processing Agreement and Service Level Agreement terms into your contract. Required by some large health systems and IDNs. | — | — | — | |
Compliant inference + agent identity · For developers
Compliant inference for builders. Send PHI to the model under your BAA or redact it before it leaves your environment — your choice per request, and every call lands in your signed audit chain. Works with leading BAA-covered inference providers — same agent identity layer, same compliance + audit layer, no compliance bolted on after the fact.
Production-ready integrations
Overage
Heavier production volume
Overage
High-volume integrations
Overage
Custom contract. Talk to us.
Overage
Billed in AI Credits — same unit as the platform tier. 1 credit ≈ 1,000 base-model input tokens. Faster/cheaper models bill at a lower multiplier; larger/heavier models bill higher. Per-model multipliers are published in the model catalog.
An estimate for planning — your real mix and traffic decide the bill.
The negative space
Six things you'll never see on a HASP invoice.
No per-seat pricing.
Active-user counts are capacity guidance, not invoiced.
No per-app pricing.
Publish unlimited apps on any tier.
No per-agent base pricing.
Agent activity is metered. Agent existence is not.
No compliance upcharge.
Signed BAA and tamper-evident audit chain on every paid tier. Send PHI to the model under your BAA, or redact it pre-model — your policy choice, not a paywall.
No surface gating by tier inside a plan.
Every Platform tier gets Assistant + Studio. Every API tier gets Public API + Agent SDK. Pick the plan(s) you need; tier differences are operational (limits, governance), never feature locks.
No third-party AI gateway.
Direct integration with BAA-covered inference providers under HASP-direct BAAs.
Start with a free evaluation — try every surface across both plans against non-PHI data, no charges until you convert. When you're ready to go live, sign the BAA in-app, pick the plan(s) you want, and you're done.