BOARNET
Sign in

Tiers and limits

What each tier sees, how often, and for how long. The same values drive the API rate limiter and the field redactor — so marketing and enforcement can't drift.

Last updated · 2026-04-17

Overview

Four tiers. Two free, two paid. The split on the free side is more interesting than the split on the paid side: Anonymous exists so a threat intel pro can validate data without signing up, and Participant exists so the validation experience makes them want to contribute.

Capability matrix

CapabilityAnonymousParticipantCommercial ProEnterprise
Rate limit100 / day1,000 / hour100,000 / hourUnlimited
History window7 days90 days2 yearsFull
Data freshness1h delayReal-timeReal-timeReal-time
Verdict + tags
Sighting totals
JA3 / JA4 / SSH
Per-sensor list
Commands & payloads
Bulk / CSVCapped
STIX / MISP feedsDailyHourlyStreaming
Webhooks

For the full commercial comparison with CTAs, see /pricing.

Anonymous

Designed to be genuinely useful for research and shareable on Twitter. You can paste an IP and get a real verdict with confidence and sighting counts — enough to validate a finding without signing up.

Participant

Free, earned. Run a sensor for 48 hours of valid telemetry and your key is promoted automatically. Full fingerprint access, 90-day history, real-time freshness, daily feeds, capped bulk lookup.

Commercial Pro

For teams that can't host sensors. Webhooks, SIEM/firewall integrations, hourly feeds, 2-year history, 100,000 req/hour. Your subscription pays for the Verified Core fleet.

Enterprise

Unlimited queries, streaming feeds, full history, dedicated support. For MSSPs and SOCs running at nation-state-grade volume.

How promotion works

  1. Deploy a sensor with an enrollment token
  2. Sensor reports telemetry to the mesh ingestion API
  3. After 48 hours of uniquesignatures (not just volume), the promotion check flips the key's tier
  4. Your next request sees the new rate limit and unredacted fields; no action needed on your end