Billing and Plans
Vulnios uses Model B billing — customers pay the platform directly. MSPs manage customers but never access their payment details.
1Model B Billing Explained
In Model B, each end-customer org subscribes directly with the platform. The MSP manages the customer operationally but is never the billing entity.
Data stored per org
Single source of truth: /plans defines all feature limits and pricing IDs. Entitlements at runtime are resolved from the org's planId + plan document, with optional cached snapshot for performance.
2Plans and Entitlements
Plans control feature access, scan quotas, and seat limits. A plan document looks like:
{
"planId": "pro",
"name": "Pro",
"scanCreditsMonthly": 200,
"seatsMax": 10,
"features": ["api_access", "sbom", "reports"],
"stripePriceId": "price_...",
"isPublic": true
}- Entitlements are checked server-side in every Cloud Function that consumes a quota.
- Plan overrides (enterprise) can be set by platform admin per-org.
- Entitlements cache per org refreshes on subscription change events.
3Seats and Quotas
Seat limits (the number of active members in an org) are enforced server-side at invitation time. Monthly scan credits are metered via usage events and reset on the billing cycle.
Quota enforcement points
- Invite memberseatsMax not exceeded
- Create scanscanCreditsMonthly not exhausted
- Export reportfeature flag enabled for plan
- API key creationapi_access feature enabled
4Upgrade Workflows
Customers have two upgrade paths:
- Self-serve: open the Billing page, choose a plan, complete Stripe checkout.
- MSP-assisted: MSP creates an upgrade request linked to the customer org. Customer approves from their billing page.
- Platform admin can apply plan overrides directly for enterprise contracts.