0% platform fee — first 1,000,000 customersClaim 0% fee
Enterprise

The gateway your security and
procurement teams sign off on.

Dedicated tenancy, VPC and private networking, BYO provider contracts, SSO/SAML, audit logs, residency pinning, a named CSM — and the paperwork published before the first call.

SOC 2 controls · GDPR · HIPAA BAA · ISO 27001-aligned

  • 0%Platform fee, EnterpriseNo markup on inference
  • 99.9%Uptime SLASame SLA every tier
  • 9Residency regionsUS + EU GA, more on request
  • < 2 weeksTypical go-liveSSO, security review, DPA
Capabilities

Every enterprise control — on every tier.

SSO, audit logs, guardrails, and RBAC are not an upsell. They ship to every customer from day one. Enterprise adds deployment, contract, residency, and support depth on top.

Routing, fallback & retry

Usage/latency/cost routing across 97+ models, fallback chains, and per-org retry, timeout, and cooldown tuning.

SSO & SAML

SAML 2.0 and OIDC against Okta, Azure AD, Google Workspace, or any compatible IdP — with SCIM provisioning and IdP-enforced MFA.

Audit logging

Append-only trail of every key, guardrail, budget, and team change — actor, timestamp, source IP, payload diff. CSV/JSON export for SIEM.

Guardrails on every request

PII redaction (Microsoft Presidio), prompt-injection detection, and keyword & regex content filtering — scoped org > team > key, on every plan.

RBAC & team management

Org → team → member hierarchy with four roles, enforced by Postgres Row-Level Security — not application checks alone.

White-label branding

Your logo, your colors, your domain via CNAME — a branded key portal for downstream users, Nemo branding removed.

Deployment

Deploy it the way your architecture demands.

Most teams run on the managed multi-tenant gateway. Regulated organizations can run dedicated, in their own VPC, or — on the roadmap — fully air-gapped. We are precise about what is GA today and what is a scoped engagement.

Generally available

Managed multi-tenant

The standard offering — shared, RLS-isolated infrastructure on Google Cloud Run + Supabase. Live in minutes; US default region, EU residency on Enterprise.

Enterprise

Dedicated tenancy

A single-tenant deployment in an isolated project — your own database, your own routing engine, dedicated capacity reservations, and a region pinned at provision time. No noisy-neighbor surface at all.

Enterprise — scoped per engagement

VPC / BYO-cloud

Nemo Router deployed inside your GCP, AWS, or Azure account so prompts and keys never leave your network perimeter. You own the data plane; we operate the control plane.

Roadmap — contact us

On-premise / air-gapped

Fully air-gapped, self-hosted Nemo Router for regulated environments. On the roadmap, not generally available — we will be candid about timelines on a call.

Dedicated, VPC, and on-premise deployments are scoped engagement-by-engagement. Talk to sales and we will design the topology with your cloud team — no over-promised timelines.

BYO provider contracts · Enterprise-only

Already have committed provider spend? Route it through Nemo.

The standard managed product is intentionally no-BYOK — you never touch a provider key. For Enterprise customers with existing committed-spend contracts — an Azure OpenAI PTU pool, a Vertex GSU reservation, a Bedrock provisioned-throughput commitment — Nemo Router routes through that capacity while your pricing and your provider relationship stay yours.

  • Your committed pricing preserved; we add routing, guardrails, observability, and credit governance on top
  • Provider credentials scoped to your dedicated deployment in an isolated secret store
  • Never co-mingled with the managed multi-tenant key pool

Your contract

Azure PTU · Vertex GSU · Bedrock PT

Committed spend, your pricing, your provider relationship

Nemo enterprise layer

Routing · guardrails · governance

Credit reserve+settle, audit trail, RBAC on top of your capacity

Your teams

One key, one bill

sk-nemo-… virtual keys — no provider key ever handled

Private networking & residency

Keep traffic off the public internet. Pin where data lives.

TLS 1.2+ is the baseline on every plan. Enterprise adds IP allowlisting, private connectivity, and a residency pin — customer data is replicated within a single region and never moved without an explicit migration request.

TLS 1.2+ everywhere, HSTS preloaded

The baseline on every plan — no configuration required.

IP allowlisting

Restrict dashboard and API access to your corporate egress ranges. Enterprise — configured during onboarding.

PrivateLink / Private Endpoint

AWS PrivateLink, GCP Private Service Connect, or Azure Private Endpoint — traffic never traverses the public internet. Enterprise / dedicated tenancy.

All 9 residency regions
United States (us-central1)GA
US East (Virginia)GA
European Union (europe-west4)On request
EU North (Stockholm)On request
United Kingdom (London)On request
Canada (Montréal)On request
Australia (Sydney)On request
SingaporeOn request
India (Mumbai)On request

Need a region not listed? Most major cloud regions can be supported on a dedicated deployment — ask sales.

Compliance

Honest status on every framework.

We state precisely where each framework stands — achieved, in progress, or available on request. We never imply a certification Nemo Router does not hold.

Audit in progress · Q3 2026

SOC 2 Type II

Nemo Router operates SOC 2-aligned security, availability, and confidentiality controls today — encryption, access control, change management, audit logging, tenant isolation. A formal SOC 2 Type II observation period is underway; the audited report is targeted for Q3 2026. Our infrastructure substrate (Google Cloud Run, Supabase) is already SOC 2 Type II certified.

Controls walkthrough
Aligned — certification planned

ISO/IEC 27001

Information security management practices aligned to ISO/IEC 27001 Annex A controls — asset management, access control, cryptography, operations security, supplier relationships. A formal ISO 27001 certification is on the roadmap; the infrastructure substrate (Cloud Run, Supabase) is independently ISO 27001 certified.

Controls walkthrough
Compliant — DPA available

GDPR

Compliant with the EU General Data Protection Regulation. Data Processing Addendum available for signature, EU Standard Contractual Clauses with subprocessors, data-subject access and erasure tooling built into the dashboard, and EU data residency available on Enterprise.

Read the DPA
BAA available on Enterprise

HIPAA

Nemo Router supports HIPAA-eligible workloads. A Business Associate Agreement (BAA) is available for healthcare customers processing protected health information — request one through the Enterprise team. PII redaction guardrails run on every request at no extra cost.

Request a BAA
Stripe PCI L1 — no card data on our servers

PCI DSS

Nemo Router never touches raw cardholder data. All payments are processed by Stripe, a PCI DSS Level 1 certified service provider; card numbers are tokenized client-side and never reach our servers or database. Your PCI scope for using Nemo Router is therefore minimal.

How payments work
US + EU GA · more on Enterprise

Data residency

Pin where customer data is processed and stored. US is the default footprint; EU residency is generally available on Enterprise, with UK, Canada, Australia, Singapore, and India available on request for residency-sensitive workloads.

Residency map

Full controls detail in the Security overview and the trust center. Vendor questionnaires: security@nemorouter.ai.

Enterprise people

An implementation team, not just a login.

Enterprise engagements come with people: an onboarding engineer, a migration plan, a security review, and a named CSM who knows your deployment — not a rotating inbox.

Guided onboarding

A dedicated onboarding engineer configures SSO, routing, guardrail policy, and budgets — most deployments production-ready inside two weeks.

Migration assistance

We map your existing model groups, fallback logic, and spend controls onto Nemo Router so the cutover is a base-URL change.

Security & architecture review

A controls walkthrough, the completed vendor questionnaire, and a deployment review before go-live — auditor on the call welcome.

A named CSM

One accountable contact who knows your deployment — private Slack/Teams channel, quarterly business reviews, priority incident response.

Pricing

Self-serve for most teams. Talk to Sales for the rest.

Tiers 1–3 are transparently priced and self-serve. Enterprise is custom-quoted for large deals: dedicated capacity, custom contracts, residency pins, and a named CSM.

Self-serve (Tier 1–3)Enterprise
Platform fee
2–4%2–4%
0%0%
Deployment
Managed multi-tenantManaged multi-tenant
Managed, dedicated, or VPCManaged, dedicated, or VPC
Data residency
USUS
US, EU + on requestUS, EU + on request
Support
Email + communityEmail + community
Named CSM + private channelNamed CSM + private channel
Contracts
Standard ToS + DPAStandard ToS + DPA
MSA, BAA, custom termsMSA, BAA, custom terms
Onboarding
Self-serveSelf-serve
Guided — engineer-ledGuided — engineer-led
IncludedNot availableNot applicablenSourced footnote below

Large deal — committed volume above roughly $10K/month, a residency pin, or a custom contract? That is an Enterprise conversation.

FAQ

Enterprise questions, answered.

For tier details, see the pricing page.

What's the minimum enterprise commitment?

Self-serve features — SSO, audit logs, guardrails, RBAC, custom branding — are included on every tier at no extra cost. Enterprise is for teams that need dedicated capacity, dedicated or VPC deployment, a named CSM, custom contracts, or a residency pin. It is custom-priced based on volume; talk to sales to scope it.

What deployment options do you offer?

Managed multi-tenant is generally available and the default. Dedicated single-tenant deployments and VPC / BYO-cloud deployments are Enterprise engagements scoped with your cloud team. Fully air-gapped on-premise is on the roadmap, not GA — we will be candid about timelines on a call rather than over-promising.

Can we use our own provider contracts (BYOK)?

The standard managed product is intentionally no-BYOK — you never handle a provider key. For Enterprise customers with existing committed-spend contracts (Azure OpenAI PTU, Vertex GSU, Bedrock provisioned throughput), Nemo Router can route through that capacity on a dedicated deployment, with your provider pricing preserved. This is an Enterprise-only capability — talk to us about your existing commitments.

Where can our data be processed?

United States is the default footprint. EU residency is generally available on Enterprise. UK, Canada, Australia, Singapore, and India are available on request for residency-sensitive workloads. Customer data is replicated within a single region and never moved without an explicit migration request.

Which compliance documents can procurement get?

The Data Processing Addendum (DPA) and SLA are published and linkable directly. The MSA and a HIPAA BAA are provided on request through the Enterprise team. Nemo Router operates SOC 2-aligned and ISO 27001-aligned controls; a formal SOC 2 Type II audit is in progress with a Q3 2026 target. Enterprise customers can request a controls walkthrough or a completed vendor security questionnaire from security@nemorouter.ai.

What's your SLA and support model?

A 99.9% uptime SLA applies on every tier; Enterprise adds priority incident response, a named Customer Success Manager, a private support channel, and quarterly business reviews. We monitor every provider endpoint and fail over automatically when an issue is detected.

Enterprise · scoped in days

Bring us your security review, your residency map, and your timeline.

We walk your team through deployment options, the controls, and the DPA — typically scoped within days, live within two weeks. Auditors welcome on the call.

SOC 2 Type II audit in progress (target Q3 2026) · GDPR-compliant · HIPAA BAA available · ISO 27001-aligned controls