NEW: Contract & SLA Management is now in open beta. Learn more →

For Enterprise

Built to Pass Legal, Security, and Procurement

Team MFA enforcement, 365-day audit logs with CSV export, encrypted vendor contracts with BYOK option, and optional SSO. The Martech architecture tool your security team will sign off on.

Talk to sales Read the security page

Five pillars Enterprise teams care about

What you’d normally build on top of a SaaS — already in the product.

Team MFA enforcement

TOTP-based 2FA per user. Owners can require it for the whole team — users without MFA are blocked at the auth gate. Works alongside Google SSO.

  • · QR-code enrollment, recovery codes, unenroll-with-code
  • · Toggle in Team Hub → Settings (Enterprise only)
  • · Full-screen challenge on every login

365-day audit log

Every team, sharing, diagram lifecycle, and authentication event is logged. Filter by actor, category, date. Export to CSV for your compliance reviews or SIEM.

  • · Actor name, email, IP, and user agent
  • · Categories: team, sharing, diagram, proposal, billing, auth
  • · Historical events backfilled to your team’s creation date

Encrypted vendor contracts

Upload MSAs, SLAs, DPAs, and order forms. Column-level encryption with per-team Vault keys (pgcrypto). Extracted text, key terms, and document chunks are all encrypted at rest.

  • · Signed URLs expire in 5 minutes
  • · BYOK on request for customer-managed keys
  • · AI Chat over contracts with verbatim clause citations

SSO (SAML 2.0 / OIDC)

Set up SSO with Okta, Azure AD, Google Workspace, or any SAML 2.0 IdP. Configured during onboarding with your security team.

  • · Just-in-time user provisioning
  • · Role mapping via group attributes
  • · Forced-SSO option to disable email/password

Governance workflows

Stack changes flow through a proposal → approval → audit chain. External stakeholders sign off via token-based magic links (no account required). Department ownership + role-based access keeps the right teams looking at the right tools.

Proposals

Submit a stack change, attach evidence, route to approvers.

External approvals

Procurement / legal sign-off without an account.

Departments

Map each tool to its owning team and run cost reports by department.

Enterprise pricing

$999/month flat — includes everything in Team, plus the Enterprise security stack.

Enterprise
$999 /month

Annual contract. SSO and BYOK on request.

  • ✓ Everything in Team
  • ✓ Team MFA enforcement
  • ✓ 365-day audit log + CSV export
  • ✓ Encrypted contract storage
  • ✓ SSO (SAML 2.0 / OIDC)
  • ✓ BYOK on request
  • ✓ Custom MSA / DPA accepted
  • ✓ Dedicated onboarding
  • ✓ Priority support
  • ✓ Unlimited seats
Talk to sales

Frequently Asked Questions

What’s the difference between Team and Enterprise?
Team gives you collaborative workspaces, role-based access, and shared diagrams. Enterprise adds Team MFA enforcement, 365-day audit logs with CSV export, column-level encryption on contracts, BYOK (Bring Your Own Key) on request, and the option for SSO. Designed for legal, security, and procurement sign-off.
Do you support SSO?
Yes — SAML 2.0 and OIDC for Enterprise customers. Setup is handled during onboarding with your IdP (Okta, Azure AD, Google Workspace).
How does the audit log work?
365-day retention by default. Tracks team, sharing, diagram lifecycle, billing, and authentication events. Filterable by actor, category, and date. CSV export for compliance reviews.
How is contract data secured?
Column-level encryption with per-team Vault keys + pgcrypto. Encrypted: extracted text, key terms, document chunks. Storage signed URLs expire in 5 minutes. ISO 27001 controls A.8.24 and A.8.26 are referenced in our security page.
What does BYOK mean here?
On request, Enterprise customers can provide their own encryption key (Web Crypto API) which we use instead of the per-team Vault key. Useful for compliance regimes requiring customer-managed keys.
Is there a custom MSA / DPA available?
Yes. We provide a standard MSA and DPA, and accept customer paper for Enterprise contracts. Standard signing window is 2–3 weeks.

The Martech architecture tool your security team will sign off on

MFA, audit logs, encrypted contracts, SSO. Already in production with airline, insurance, and consulting customers.

Talk to sales Read the security page

No credit card required. Free plan available.