Pricing

Start free. Scale as you grow.

The core gateway is free and self-hosted. Paid tiers unlock advanced detection, the dashboard, and automated compliance reports. Indicative early pricing, shown to illustrate the model.

Early pricing, subject to change at launch
Developer
£0/month
Free forever
  • 10,000 agent calls/month
  • Core injection detection
  • Basic audit logging
  • Compliance reports
  • MCP governance
Startup
£99/mo
Billed monthly
  • 100,000 agent calls/month
  • All 6 detection modules
  • Tool call policy engine
  • 1 compliance report/month
  • MCP governance
Growth
£299/mo
Billed monthly
  • 1,000,000 agent calls/month
  • MCP server governance
  • Unlimited compliance reports
  • SIEM JSON export
  • EU AI Act + SOC 2 control mapping
Team
£599/mo
Billed monthly
  • Unlimited agent calls
  • SLA guarantee
  • Slack support channel
  • Custom policies + audit assist
  • Dedicated onboarding
FAQ

Questions a security
team asks first.

Straight answers to the things that matter before you route a single agent call through us.

Where is my data stored, and in what region?
Audit logs and policy configuration are stored in UK/EU data regions by default, so your compliance data never leaves the jurisdiction you're being audited against. We log metadata about each tool call, agent identity, tool name, decision, timestamp, risk score, and store cryptographic hashes of inputs and outputs rather than the raw content itself, which keeps sensitive payloads out of our storage entirely.
Does Reinward see the content of my prompts?
The gateway inspects content in-memory at the moment of the call to run injection and PII detection, that's how the scanning works, but it isn't persisted. What gets written to your audit trail is a SHA-256 hash, not the prompt text. This means you get tamper-evident proof that a specific input passed through, without us retaining the input. For teams that want zero content inspection on certain routes, you can scope which agents and tools are inspected via policy.
What's the real latency impact?
The rule-based and policy layers add single-digit milliseconds. The ML injection classifier runs locally and typically adds 20-30ms. The optional LLM judge only fires on genuinely ambiguous cases, roughly 10% of calls, so the average added latency across a real workload sits under 50ms. Against the multi-second round-trip of an LLM agent call, the overhead is negligible in practice.
Can I self-host or run it in my own VPC?
The gateway ships as a Docker container, so it runs anywhere you run containers, including inside your own VPC, where no agent traffic ever leaves your network perimeter. Self-hosted deployment is on the roadmap for Team-tier customers with strict data-residency requirements. If this is a hard requirement for you, tell us when you join the waitlist and we'll prioritise your use case.
What happens if Reinward goes down? Does my agent stop?
You choose the failure mode in policy. "Fail-closed" blocks tool calls if the gateway is unreachable, the safest setting for high-risk agents. "Fail-open" lets calls through and logs the gap, which suits non-critical workloads that can't tolerate downtime. Most teams run fail-closed on agents with destructive tools and fail-open elsewhere.
Which frameworks does it actually work with?
Anything that makes tool calls over HTTP or through the Python SDK, LangChain, LlamaIndex, CrewAI, AutoGen, and any MCP-compatible setup. Because Reinward sits at the proxy layer rather than hooking into a specific framework's internals, you're not locked into one ecosystem, and new frameworks work without waiting for an integration.

Your agents are running.
Your audit trail isn't.

Free tier. No credit card. 10-minute integration.

UK-built | Designed for UK GDPR | Maps to SOC 2 and EU AI Act controls

By joining, you agree we can email you about Reinward. We never share your address. See our Privacy Policy. Unsubscribe anytime.

You're on the list, we'll be in touch soon.