Hobby
Evaluate the product, or run a small homelab. Self-host the open core for free.
$19$17 / month
$204/yr · save $24
- 365+ days retention, auto-recycle
- 10 data sources
- pivt AI: 300 reqs/mo, economy models
- Single node
- 3 team members
Pick the GB/day you need. We handle the infrastructure, you handle the security. The invoice next month looks like the invoice last month, even when ingest spikes.
Evaluate the product, or run a small homelab. Self-host the open core for free.
Your team's first SIEM. Small footprint, full product.
Scale detection as your fleet grows. Most teams land here.
HA cluster, object storage, more AI. For in-house SOCs.
More volume, multi-environment detection, SSO/SAML, priority support.
Run a real SOC on serious volume. Full AI suite, full controls.
For large-scale deployments, regulated industries, and teams that need a hand on the wheel.
All plans include infrastructure, maintenance, and AI, one monthly bill, no surprise costs. Self-hosted (BYOC) plans are also available, same features, you bring the cloud account. Compare every plan.
The differences spelled out. No fine print, no asterisks (well, one, Enterprise).
| Feature | Hobby | Startup | Growth | Team | Business | Pro | Enterprise |
|---|---|---|---|---|---|---|---|
| Included volume | 2 GB/day~31 EPS | 5 GB/day~78 EPS | 10 GB/day~155 EPS | 25 GB/day~388 EPS | 50 GB/day~777 EPS | 100 GB/day~1,553 EPS | Custom |
| Retention | 365+ daysauto-recycle | 365+ daysauto-recycle | 365+ daysauto-recycle | 365 days | 365 days | 365 days | 365+ days |
| Data sources | 10 | 20 | 30 | Unlimited | Unlimited | Unlimited | Unlimited |
| pivt AI | 300 reqs/moeconomy models | 1k reqs/mostandard models | 2.5k reqs/mofull models | 5k reqs/mofull models | 15k reqs/mofull models | 40k reqs/mofull models | Custommanaged option |
| Custom detection rules | 15 | 30 | 50 | Unlimited | Unlimited | Unlimited | Unlimited |
| API access | — | — | |||||
| SSO / SAML | — | — | — | — | |||
| High availability | — | — | — | ||||
| Object storage | — | — | — | ||||
| Team members | 3 | 8 | 12 | 15 | Unlimited | Unlimited | Unlimited |
| Support | Community | Priority | Priority | Dedicated + SLA |
Self-hosted (BYOC) deployments mirror these features. You bring the cloud account; AI uses your own LLM API key.
Whether self-hosted or managed, every deployment gets dedicated infrastructure. Your logs are never shared, commingled, or accessible to other tenants.
Every deployment runs on isolated infrastructure, a dedicated VPS or Kubernetes namespace. No shared databases, no shared compute, no noisy neighbours.
All data is encrypted in transit via TLS and at rest via volume-level encryption. Credentials are AES-256-GCM encrypted per-tenant in our control plane.
Pick your deployment region at setup. Data stays in that region and is never replicated elsewhere. On BYOC plans, your data never leaves your own cloud account.
On Managed plans, we provision and maintain the infrastructure, servers, databases, networking, and include AI in the price. One monthly bill, no cloud account needed.
On Self-hosted (BYOC), you deploy nano into your own cloud account and own the infrastructure directly. You bring an LLM API key for AI features.
In both cases, you connect your data sources, build detection rules, triage alerts, and run your security operations. nano is not an MSSP, we provide the platform, not a managed SOC.
Dedicated VPS instances (Hobby through Growth) or dedicated Kubernetes namespaces (Team and up) running on AWS, GCP, or Azure depending on the region you pick. Storage uses encrypted volumes; high-availability tiers add multi-node replication and object-storage tiering.
Every tenant gets its own instance, there is no shared cluster at any tier.
We use spot/preemptible instances on the lower tiers (Hobby, Startup, Growth) to keep prices low. They're cheaper but can be reclaimed by the cloud provider with ~2 minutes' notice.
Our control plane handles reclaim events automatically, your data is replicated to durable storage, and the instance is replaced. In practice, ingest pauses for under a minute, and search remains available throughout. Detection rules continue to fire on backfilled events.
Team and above use on-demand instances with HA, no spot, no reclaim windows.
Every plan includes the full nano product, search, detection rules, pivt AI assistant, alerts, dashboards, API (Growth and up), and SDK. The differences are capacity (GB/day, EPS, AI requests/month), retention, team seats, and infrastructure shape (single-node vs HA, on-demand vs spot, SSO).
See the full comparison table above for a row-by-row breakdown.
At least 365 days, with auto-recycle. The "+" means we keep older events around as long as your storage capacity allows; when the disk fills, the oldest events are dropped first. In practice, most teams on these tiers see 14–18 months of retention.
Team and above guarantee 365 days exactly, tiered to object storage so retention isn't bound by node disk size.
Yes, at any time, both directions. Upgrades are instant, new capacity is provisioned in the background and your existing data is migrated. Downgrades take effect at the next billing cycle to avoid stranding data you've already paid to retain.
You pick the region at signup, US-East, US-West, EU-West (Frankfurt), or APAC (Sydney). Data stays in that region and is never replicated to another. On Self-hosted (BYOC) plans, your data never leaves your own cloud account, full stop.
Team and above tier hot data to object storage automatically. The most recent 90 days stay on fast block storage; older events move to cheaper object storage, transparent to search. Compliance use cases (7-year retention etc.) are handled on Enterprise with custom tiering policies.
Deploy a full SIEM in minutes. No sales call required.
Plans from $19/month · live demo available · cancel any time