Inboxer
Sign inGet started
Enterprise

Inboxer for teams that need security review, not a credit card field.

SSO, audit logs, EU data residency, a dedicated SLA, and a compliance pack ready before your security team asks. Built for 50-seat deployments and up.

Talk to salesSee all plans →

Custom pricing · 50+ seats · We reply within 1 business day

Audit-ready out of the box

Publisher-attested on Microsoft 365. SOC 2 in progress with Drata. ROPA, DPA, sub-processor list, incident response runbook — all live and versioned.

EU data residency

Supabase Frankfurt, Vercel EU, Sentry EU, PostHog EU. Your customer data never crosses the Atlantic unless you pick US residency.

Founder access

Direct Slack Connect with the founder for the first 30 days. We treat the first 10 enterprise design partners as co-builders, not tickets.

What’s in the Enterprise tier

Identity & access

  • SAML / OIDC single sign-on (Okta, Azure AD, Google Workspace, JumpCloud)
  • SCIM 2.0 user provisioning + de-provisioning
  • Enforced MFA per tenant
  • Role-based access control (Owner / Admin / Member) with custom roles on request
  • Domain-verified sign-up (block consumer addresses)

Security & compliance

  • AES-256 at rest, TLS 1.2+ in transit, field-level encryption for OAuth tokens and transcripts
  • SOC 2 Type I in progress (Drata-backed; report available NDA-permitting)
  • Microsoft 365 App Compliance — Publisher Attested
  • GDPR-compliant: ROPA + DPA + sub-processor list maintained at inboxer.so/sub-processors
  • Annual third-party penetration test (summary available on request)
  • Customer-Managed Encryption Keys (CMEK) — roadmap, contact us for timeline

Audit & observability

  • Immutable audit log of every admin and AI action
  • Export audit logs to your SIEM (Datadog, Splunk, Sumo, S3 sink)
  • Per-user activity dashboards
  • Optional data export endpoint (Article 20 right-to-portability)

Data residency & sub-processors

  • EU data residency by default for EU-billed customers (Supabase Frankfurt, Vercel EU, Sentry EU, PostHog EU)
  • US residency available for US tenants
  • Sub-processor change notifications 30 days in advance
  • Zero-Data-Retention agreements with all LLM providers (Anthropic, OpenAI)
  • BAA available for HIPAA-relevant deployments (on request)

Reliability & SLA

  • 99.9% uptime SLA with service credits
  • RPO 1 hour, RTO 4 hours
  • Daily Point-in-Time database backups, 30-day retention
  • Status page with subscribed-email incident notifications

Support & onboarding

  • Dedicated Slack Connect or Teams shared channel
  • Named CSM for 100+ seat accounts
  • Onboarding playbook with the founder for the first 30 days
  • Custom training session for end users (live or recorded)
  • Priority email + chat support — 4h business-hour response

Enterprise vs Professional

If you’re running a smaller team, Professional at $49/seat/month already covers smart triage, AI drafts, meeting briefs, and the task queue. Enterprise layers in the things you only need once IT and Legal are at the table.

Professional

Self-serve · $49/seat/month

  • All product features (triage, drafts, briefs, tasks)
  • Google Workspace + Microsoft 365 connectors
  • Email + in-app support
  • MFA, OAuth, sub-processor disclosure

Enterprise

Custom · 50+ seats

  • Everything in Professional, plus:
  • SSO (SAML/OIDC) + SCIM provisioning
  • Dedicated SLA, EU data residency, audit log export
  • Named CSM, Slack Connect, founder onboarding
  • MSA / DPA / BAA, compliance pack ready

Common procurement questions

What does Enterprise cost?+

Custom. Anchored around $30-50 per seat per month for typical 50-200 seat deployments, with discounts for annual commitment and volume. Final pricing reflects your security review depth, data residency, and support tier. We send a quote within 1 business day of the first call.

How long does procurement usually take?+

For organisations with an existing security review process: 2-4 weeks from first call to signed MSA. For organisations doing their first AI vendor review: 4-8 weeks. We move at your pace and have all the compliance artefacts ready before kick-off so security review isn't the long pole.

What's the minimum seat count?+

50 seats. Smaller teams are best served by the Professional plan at $49/seat/month; Enterprise economics only pencil out at 50+.

Do you sign a DPA / BAA / NDA / MSA?+

Yes to all four. We have standard templates that pass most enterprise legal reviews; happy to redline yours. BAA is gated on a separate compliance review since not every Inboxer deployment processes PHI.

Can we deploy in our own AWS / Azure account?+

Not today. Inboxer runs as managed SaaS on Vercel + Supabase. Self-hosting and BYOC are on the 12-month roadmap for the right enterprise customers. Reach out — we'll be honest about timing.

How do you handle data deletion?+

On contract end: 30-day grace period for export, then full deletion across all sub-processors with attestation. On per-user deletion: real-time via the admin console or DSAR endpoint, propagated to Anthropic and OpenAI within 24h via their data deletion APIs.

What does the Microsoft 365 App Compliance attestation cover?+

Publisher Attestation (Tier 1) — the self-attest layer covering data handling, security controls, identity, and privacy. Tier 2 (audited Microsoft 365 Certification) is on the roadmap for 2026, gated on first enterprise customer demand.

Ready to talk?

Send us a one-liner about your team and we’ll reply within one business day with next steps. No forms, no demo wall.

Email sales@inboxer.so