Pricing

Transparent. Flat. No seat fees.
No renewal leverage. No surprises.

Every engagement starts with a free 30-minute scoping call. We tell you exactly what we will build, what it will cost, and what you will get. No RFP process, no procurement committee, no six-month implementation timeline.

Deployment Model
☁ Cloud Sovereign — GCP Sole-Tenant Node · 100% Data Sovereign
Your data runs on a GCP sole-tenant node billed directly to your GCP account — physically isolated, never shared. Our proprietary AI technology is deployed entirely within your environment. No telemetry. No spying. We build it and walk away. Need more capacity? Additional query nodes are available as a separate engagement — see Add a GCP Query Node in Post-Deployment Support below.
GCP quota & availability: All VM availability is dependent on GCP quotas. Sovereign compute capacity is in high demand across GCP regions — availability is not guaranteed and quota increases are often required before provisioning. We assess available quota and initiate any necessary quota increase requests as part of the scoping process — before any engagement begins. GCP sole-tenancy provides physical hardware isolation within Google's infrastructure. It satisfies most law firm IT security and bar ethics requirements. However, a small number of jurisdictions have issued ethics opinions requiring data to reside on firm-controlled hardware — confirm compliance with your state bar before proceeding.
GCP Sovereign
Sovereign Document Vault + AI Chat
GCP Sole-Tenant · Multi-Node Mesh · Build & Handoff
$100,000 · flat
One engagement. No monthly retainer. No recurring fees. · GCP infrastructure billed separately and directly to your account

One product. One price. Everything included. We design, deploy, and hand off the full RusticAgentic stack — encrypted document vault, proprietary AI chat, and a multi-node mesh that scales as your firm grows. Your IT team takes ownership at handoff. No ongoing retainer. No ticket queue. No vendor dependency.

Compute availability notice: Sovereign compute capacity is in high demand across GCP regions — availability is not guaranteed and quota increases may be required. Multi-node deployments require a GCP quota increase request, typically processed within 2–5 business days but not guaranteed. We initiate all quota requests on your behalf before any engagement begins. Deployment timeline is contingent on quota approval and regional availability.
  • Infrastructure: GCP sole-tenant sovereign compute node billed directly to your GCP account (est. ~$2.50–$3.50/hr on committed use). You own the compute. Your GCP console, your visibility.
  • Setup includes: Full RusticAgentic deployment, vault configuration, document migration, SSL, and custom domain. Your IT team manages day-to-day operations. Attorneys onboard through the built-in UI guide — no onboarding sessions required.
  • Multi-node mesh — scale without seat licenses:

    Multiple sole-tenant sovereign compute nodes deployed in GCP, each running the full proprietary stack. Each node processes queries independently — the gateway coordinates but does not own. If any node goes offline, the others continue. Masterless by design. As your attorney headcount grows, you add nodes — not seat licenses, not tier upgrades. Each additional node adds an estimated 6–8 concurrent users to your capacity. Additional nodes are provisioned by us as a separate engagement — no changes required to existing nodes. See Add a GCP Query Node in Post-Deployment Support below.

  • Multi-region GCP deployment:

    Nodes can be deployed across GCP regions — us-central1, us-east1, europe-west1 — for latency optimization. Each region handles local attorney traffic. The encrypted vault index stays synchronized across regions via GCS. A New York associate and a Dallas partner query the same corpus at the same performance profile.

  • DMS integration (iManage, NetDocuments, SharePoint):

    Custom ingest connectors built for your document management system. New matters filed in iManage or NetDocuments are automatically ingested and searchable within minutes — no manual upload step, no associate responsible for remembering to sync. Our ingest daemon polls your DMS and your GCS bucket continuously.

  • Document capacity: Unlimited. Index scales with storage. Tested to 500,000 documents.
  • Every answer: Cites source document filename, section number, and verbatim clause. Full audit log of every query and answer stored encrypted on your node.
  • Signing: ML-DSA-65 signed audit trail on every query/response pair. Tamper-evident chain of custody for every document interaction.
  • Access: Web UI (HTTPS, IP whitelisting available) + REST API for integration with your existing practice management software.
  • Post-deployment operations — your IT team owns it:

    After handoff, your firm's IT department manages day-to-day operations through the GCP console — the same way they manage any other server infrastructure. There is no ongoing retainer and no ticket queue. If an issue arises, see Post-Deployment Support below.

  • How we scope it: Free architecture call. We map your firm structure, office locations, document volume, concurrent user count, and DMS environment. Fixed-price proposal delivered within 5 business days. No retainer required to receive a proposal.
On-Premises
Sovereign On-Premises Build
Firm-Controlled Hardware · No Cloud Dependency · Complete Air-Gap Option
$125,000 · flat
One engagement. No monthly retainer. No recurring fees. · You procure hardware · we configure, ship, and train
Most Secure Deployment Option — Full Data Sovereignty

This is the highest-security deployment we offer. Your data never leaves your building. No cloud provider, no GCP, no third-party infrastructure of any kind — the hardware is yours, the network is yours, and every byte of your document vault remains under your physical and legal control at all times. There is no egress path. There is no shared infrastructure. There is no external API. Your documents, your queries, and your answers exist only on hardware that sits in your server room.

The system runs identically to the cloud deployment: same post-quantum vault encryption, same ML-DSA signed audit chain, same proprietary AI inference. This option satisfies the strictest state bar ethics opinions on data residency, any jurisdiction requiring firm-controlled hardware, and any client confidentiality or regulatory requirement that prohibits cloud storage of privileged documents.

Compute note: On-premises performance is determined by the dedicated compute hardware installed in your server. We specify the appropriate hardware configuration based on your concurrent user count and document volume. Hardware procurement timelines vary — dedicated compute availability from server vendors is subject to supply constraints. All hardware specifications and lead times are confirmed before the engagement letter is signed.
  • How it works — our process:
    • Step 1 — Hardware ships to us. We specify the hardware; you procure through your preferred vendor and ship to our facility. We configure the full RusticAgentic stack — OS, system configuration, vault setup, SSL, custom domain, PQC license tokens bound to the hardware MAC address. The system is fully built and tested here before it leaves our hands.
    • Step 2 — We ship to your site. We provide the shipping label. Client schedules pickup or drops off at their UPS, FedEx, or DHL account — all freight costs run through the client's carrier account directly. We do not handle payment.
    • Step 3 — Your IT team racks and connects it. Physical rack placement, MDF/IDF work, structured cabling, and VLAN configuration are performed by your firm's IT team. We are not on-site for this step — your IT team places and connects the hardware.
    • Step 4 — We SSH in remotely and bring the system up. Once your IT team confirms the hardware is on your network, we SSH in, verify all services, and bring up the UI. No on-site presence required for system bring-up.
    • Step 5 — We travel to site for training. We visit your office to train attorneys and IT staff on the system. We walk through the UI, query workflows, document ingest, and admin operations. When training is complete, we hand off and the engagement is done.
  • Post-handoff — your IT team owns it:

    After handoff, your firm's IT department manages day-to-day operations — the same way they manage any other server on your network. No ongoing retainer. No managed service. No ticket queue. If an issue arises, see Post-Deployment Support below.

  • Travel & accommodation requirements (training visit):

    The training visit requires the presence of our team at your facility. The team travels as two persons. Our lead engineer is disabled and travels with a caregiver and assistant — he is ambulatory with arm braces but does not drive. These requirements are non-negotiable and must be accommodated as a condition of any on-premises engagement.

    • Accommodation: Client procures and arranges lodging directly. One room for two persons at a standard business-class property (Marriott, Hilton, Hyatt, or equivalent) in a safe area near your facility. Due to our lead engineer's disability, budget or roadside properties cannot be accommodated. Property confirmed with our team before booking.
    • Ground transportation: Client arranges pickup and drop-off between lodging and your facility each travel day. Our lead engineer does not drive — a car service, firm vehicle, or equivalent is required.
    • Airfare: Client procures round-trip airfare for two persons. Travel details confirmed in the engagement letter before any booking is made.
    • Hardware shipping: Client arranges and pays all freight, insurance, and handling in both directions.
  • How we scope it: Free architecture call. We assess your hardware requirements, network topology, concurrent user count, and data residency constraints. Fixed-price proposal delivered within 5 business days. No retainer required to receive a proposal.
Post-Deployment Support

We build and hand off. Your IT team manages operations. If an issue arises, we diagnose it — and the fee structure is designed to be fair: if it's our code, we fix it at no further charge.

Remote Diagnostics
$2,500
Retainer held to initiate analysis. Only charged if fault is determined to be GCP infrastructure or user/IT error. If the fault is ours, the retainer is returned and the fix is at no charge. Remediation fee quoted separately if applicable.
On-Site Diagnostics
$7,500 + travel
Same fault-determination model as remote diagnostics. Retainer only charged if fault is GCP or user/IT error — returned if ours. Additional on-site days billed at $2,500/day. Travel and accommodation are procured and paid directly by the client regardless of fault determination — per the travel requirements in the on-premises card above.
GCP Migration (Remote)
$15,000
Migrate your deployment to a new GCP project, region, or node configuration. Includes re-issuance of PQC hardware-bound license tokens for the new infrastructure.
On-Prem Migration (Remote)
$20,000
Migrate your on-premises deployment to new hardware. Includes PQC token re-issuance bound to new MAC addresses. On-site migration available — add travel at on-site diagnostic rates.
GCP Query Nodes — Remote · Any Client · Bulk Pricing Available

Provision additional sovereign compute nodes on your GCP account — at signing or any time after. Each node is built from our pre-baked sovereign image, vault keys distributed, all services verified, and the node confirmed operational. Remote only — no travel required. Includes PQC hardware-bound license token issuance. Existing nodes are untouched — no downtime, no reconfiguration.

1 Node
$75,000
2–4 Nodes
$65,000/node
save $10k per node
5+ Nodes
$55,000/node
save $20k per node
GCP quota notice: All VM availability is dependent on GCP quotas. We initiate quota increase requests on your behalf before provisioning begins. Timeline contingent on GCP approval and regional availability.
On-Premises Nodes — Any Client · Bulk Pricing Available

Full on-premises sovereign deployment — additional office locations or expanded capacity. Same proprietary stack, same post-quantum vault, same build process. Client procures all travel and accommodation per the standard on-premises travel requirements.

1 Node
$100,000
2–4 Nodes
$85,000/node
save $15k per node
5+ Nodes
$70,000/node
save $30k per node
PQC Key Rotation (Remote)
$3,500
Annual security best practice. Re-encapsulates your vault's ML-KEM master key, rotates AES-256-GCM shard keys, and re-signs the audit chain under new ML-DSA credentials. Clients who decline key rotation sign a waiver.
Major Version Upgrade (Remote)
$5,000
When we ship a significant release, we re-bake, redeploy, and re-issue PQC-bound binaries to your node. Your IT team does not need to coordinate the upgrade — we handle it remotely and confirm deployment.
Hardware licensing: All deployed binaries are PQC-bound to the MAC address of the licensed hardware. Binaries will not execute on unauthorized hardware. Any hardware change — new servers, new GCP project, replacement nodes — requires a migration engagement to re-issue tokens. This is a security feature, not a restriction: your sovereign deployment cannot be copied or run on uncontrolled infrastructure.
Included in Every Engagement
✓ Free 30-minute scoping call before any commitment
✓ Plain-English engagement letter (no 40-page MSA required)
✓ ML-DSA-65 post-quantum signing on all deliverables
✓ No per-user seat fees — unlimited users at your firm
✓ No data egress to OpenAI, Anthropic, or any shared cloud
✓ Source citations on every answer — no hallucination without a flag
✓ Ingest PDF, DOC, DOCX, TXT, MD, RST, CSV, HTML, PNG, JPG, JPEG, TIFF, BMP, WEBP — three-tier PDF extraction + full image OCR
✓ Continuous ingest — new documents searchable within minutes of upload

All fees USD. Bank wire transfer only — no credit cards, no payment processors. Full milestone schedule, late payment terms, and refund policy: Payment Structure →

Post-Quantum Cryptography — Industry First

The only legal AI platform
with NIST FIPS 203/204 encryption.

Relativity, Kira, Luminance, and every LLM API wrapper encrypt data with standard TLS — the same encryption that quantum computers will break within the decade. RusticAgentic uses post-quantum cryptography by default on every deployment, every tier, every query.

Vault Encryption — NIST FIPS 203
ML-KEM Kyber-768

Every document shard encrypted with AES-256-GCM. The encryption key for each shard is wrapped with ML-KEM Kyber-768 — a lattice-based key encapsulation mechanism standardized by NIST in August 2024. A quantum computer cannot decrypt your vault.

Competitors: TLS 1.3 only · broken by quantum
Audit Signatures — NIST FIPS 204
ML-DSA-65 Dilithium

Every answer, every document access, every deliverable signed with ML-DSA-65 — a lattice-based digital signature standardized by NIST in August 2024. The signature is verifiable by anyone with our public key. Tamper-evident chain of custody that survives quantum computing.

Competitors: No audit signing · no chain of custody
Public Key — Verify Anything We've Signed
Download Our ML-DSA-65 Public Key

Every report we deliver includes a .sig.json sidecar. Use our public key to verify the signature independently — in court, in due diligence, or for bar ethics compliance. Opposing counsel can verify. Auditors can verify. Anyone can verify.

↓ Public Key (.pem) ↓ Public Key (.hex)
The public key is safe to share and distribute freely. It proves authenticity — not access.
Why this matters for law firms: State bar ethics opinions increasingly require demonstrable data security for AI tools handling privileged matter. Post-quantum encryption is the only cryptographic standard that will remain secure against both classical and quantum adversaries. When your client asks how their privileged communications are protected — you have a NIST-certified answer.