Pick a plan, pay annually, sign the BAA, activate features. Most teams are live in under 15 minutes. The only step a founder touches is the optional architecture review on Enterprise — and that is opt-in, not blocking.
Both bundles are fixed. No custom scoping, no contract negotiation. If your usage changes mid-year, add-ons activate from the dashboard.
Each step is its own surface. You can pause between any two without losing state.
Click Start trial above. Single screen, no scoping calls. Annual default with 2 months free; monthly available in the dashboard.
Stripe checkout: card, ACH, wire, or Net-30 invoice (auto-generated). Free 14-day trial — not charged until day 15. Cancel any time in /dashboard » Billing.
Auto-generated, pre-filled with your domain. E-sign in-flow. Enterprise gets the PHI Schedule (10 clauses) attached automatically. View template →
SSO wizard, SCIM, registry namespace, customer-hosted bridge bundle (Docker / Helm / Terraform). Each activation is a toggle, not a ticket. Done → /enterprise/console.
Every feature below is a toggle or a one-click bundle. No approval queues. The only humans involved are the ones at your company who decide to flip them on.
Tenant boundary on every record. HMAC-SHA-256 over artifact bytes. kolm inspect re-verifies offline.
Google Workspace + Okta one-click OAuth. SCIM endpoint + bearer token in /settings/authentication.
GET /v1/audit/log tenant-scoped. Auto-export to S3 / Azure Blob with IAM role wizard.
Pre-filled with company name from domain. E-signature in 30 seconds. Stored next to the tenant record.
One-click bundle: Docker Compose, Helm chart, Terraform module. Bridge phones home once with a heartbeat. PHI stays inside the customer-hosted bridge your VPC.
10 numbered clauses covering Permitted Uses, Safeguards, Breach Notification (10 business days), Audit Rights, Return/Destruction. Read →
One-click JSON bundle: tenant + controls + BAA status + subprocessor inventory + receipts + audit log + attestation. Auditor-ready in 0 tickets.
22 CFR citations mapped to live controls at /security#hipaa-mapping. Cite in your risk analysis under §164.308(a)(1)(ii)(A).
AES-256-GCM at rest with customer-managed key via AWS KMS or Azure Key Vault. ARN wizard in /settings/encryption.
That is fine. founders@kolm.ai reaches the founder. The point of this page is that it is not required — not that calls are unwelcome.
Self-serve in /dashboard » Billing. Prorated refund shown upfront. No reactivation friction if you return later.
The 14-day trial is the pilot. You compile real artifacts on your own data with your own frontier key. If the K-score and ROI hold, you stay; if not, the artifact is yours to keep regardless.
SOC 2 Type 1 letter posts 2026-09-15; Type 2 posts 2027-04-30. Until then, the pre-letter pack (CAIQ-Lite, Halborn pentest report under NDA, Vanta posture, this HIPAA mapping) is what most procurement teams sign on. The architecture answers most of the questions the letter would.
Enterprise is the path. Customer-hosted compile bridge keeps the data in your environment. PHI Schedule attached to BAA on day one. K-score gate forced to ≥ 0.95 on artifacts tagged phi_mode. See the 60-second HIPAA assessment to confirm fit before you upgrade.
30-day clean exit clause in the MSA. Prorated. Data export endpoints (/v1/account/export, /v1/account/compliance-package) stay live during the wind-down.