Frequently asked.

Hours metering breaks for manual users — an account manager running 3 persistent profiles 8 hours a day generates ~720 browser-hours/month and a surprise overage bill. Concurrent caps mean the only thing you pay for is how many sessions you can run simultaneously. Use them as much as you want within your cap. Concurrency is the natural upgrade trigger when your team grows, not the metering anxiety of "did I use too many minutes this month."

Manual is for humans clicking in the GUI client — solo operators, account managers, agencies juggling many profiles. API is for code — SDK access, programmatic session creation, scale-out automation. Same engine, same fingerprints, same fidelity. Different access surface, different concurrent caps. Each Driftstack account holds one subscription. If you need both Manual and API access — for example, your team running profiles in the GUI client AND your engineering team running automation — run two accounts. Most customers find one path is enough; if you outgrow it, the second account is straightforward to provision. See Manual pricing or API pricing.

Chromium-cloud services run a Chromium fork with stealth plugins — user-agent strings, JavaScript Proxy traps over canvas / WebGL / navigator, monkeypatched Object.getOwnPropertyDescriptor calls. The fingerprint matches an iPhone if a detector only checks the spoofed surfaces; it doesn't match if the detector inspects what's underneath (timing, prototype chain, error stacks, GPU primitives). Driftstack runs WebKit's actual C++ source — there's no underneath. The fingerprint your code reads is the fingerprint a real iPhone reads. Same primitives, all the way down.

Concurrent = the number of sessions you can run at the same time, like browser tabs you'd have open at once. That's the only thing we meter on paid tiers. Per-tier caps: Solo Manual = 1 concurrent / Team Manual = 3 / Agency Manual = 8 / API Starter = 2 / API Builder = 8 / API Scale = 24 / Enterprise = custom. Within your cap, run as many session-hours as you want — same cap covers a 5-minute session and a 6-hour session. The cap controls peak parallelism; monthly throughput is whatever your concurrent fleet runs continuously. No monthly meter, no per-hour metering, no overage line items. The trial pack ($2.99) is the one exception — it uses time-based decrement at $0.18/hr against the prepaid 299¢ credit.

Session-creation requests fail with HTTP 429 + a structured RFC 7807 problem-detail pointing at the cap-reached state and (where applicable) the next-tier upgrade path. Existing in-flight sessions are not interrupted. The cap is enforced at session-creation time, not mid-session. To increase concurrent capacity, upgrade to a higher-cap tier or contact sales for Enterprise custom limits.

No. No setup fees, no implementation fees, no minimum-monthly-volume commitments on any subscription tier. The trial pack is one-time $2.99; subscriptions bill monthly or annually with the listed price + applicable BTW.

Annual contracts are billed up front for 12 months at 20% off the monthly equivalent. Switching from monthly to annual or vice versa is prorated automatically by Stripe at the changeover date. Annual contracts auto-renew unless cancelled at least 30 days before renewal.

Two reasons. First, the $2.99 charge funds the fleet time the trial consumes — each session decrements pre-paid credit at the Starter overage rate. Second, the price is itself the anti-abuse mechanism: low-friction for technical buyers, effective filter against sock-puppet signups. A zero-cost entry would need signup-fingerprinting, IP rate limits, OAuth-quality gates, and CAPTCHA layers; the $2.99 price tag does the same job in one line.

About 16 hours of session time. The trial pack credits 299¢ to your account; sessions decrement at $0.18 per concurrent-hour (per ADR-003 trial-pack mechanic). 299 ÷ 18 ≈ 16.6 hours of usage. Unused credit expires 14 days after purchase. The trial pack is the only Driftstack product with hour-based metering — paid tiers are concurrent-only.

No. The trial pack is once per account, no reset on downgrade or churn. To continue beyond it, subscribe to a paid tier. Stripe Checkout handles the conversion — your existing Stripe customer record carries over.

Either the credit hits zero or 14 days pass. New session attempts return 402 Payment Required pointing at Stripe Checkout for a paid tier. You can subscribe at any tier; existing API keys keep working once the subscription activates.

Yes — within the 14-day window if no sessions have been started. Once a session runs and decrements credit, the trial pack is consumed. Email [email protected] for refund requests.

Yes. Stripe prorates the price change automatically at the changeover date. New concurrent + profile limits apply immediately on the next session-creation request and the next profile-creation request. Existing sessions and profiles are unaffected at the changeover; only new resources gate against the new tier limits.

Service continues through the end of your current billing period. After that, API keys 401 with a message pointing at billing-renewal. No data is deleted at cancellation; your account stays in a "suspended" state with recordings and audit logs intact for 90 days, then archived per the DPA retention schedule.

Enterprise is custom — from $4,000/mo on annual contracts only. The "from" reflects baseline; actual pricing depends on concurrent capacity, profile count, archetype customisation, SLA tier, dedicated CSM coverage, BYOK + bundled-LLM mix, and any compliance requirements (SOC 2 timeline, custom DPA terms). Email [email protected] with workload shape and team context.

Stripe is our payment processor. Card statements show "STRIPE *DRIFTSTACK". Receipts come from Stripe. Subscription management goes through the Stripe Customer Portal. Stripe handles PCI compliance, fraud protection, dispute mechanisms, and EU VAT/BTW reverse-charge — all of which we inherit rather than reimplement.

Stripe Customer Portal. Linked from your Driftstack dashboard and from every Stripe receipt email. Payment-method updates, invoice downloads, subscription cancellations, and tax-ID configuration all live there.

No. Card details are stored by Stripe, never by Driftstack. We hold a Stripe customer ID and subscription metadata; the card number itself never touches our servers.

Driftstack's optional AI agent feature drives sessions with a large language model — useful for natural-language test specifications, automated screenshot diffing, or LLM-driven flow exploration. On Builder / Scale / Enterprise, you have two options: BYOK (bring your own API key — get one from your model provider, e.g. console.anthropic.com; your model spend goes to your provider account, not Driftstack), or use the bundled rate (Driftstack proxies the calls and bills you on one invoice at a markup over the published per-token price).

Per-token pricing for the bundled rate is announced at launch. BYOK incurs no Driftstack markup — your Anthropic API key, your bill, your control. Toggle BYOK ↔ bundled per-account in the dashboard.

Yes. Your Anthropic API key is encrypted at rest with envelope encryption, decrypted in-memory only at session execution time, and never logged. The DPA covers the handling shape. Self-hosted customers can use their own KMS for the envelope key.

Customer data is hosted in the EU. Compute, database, and object storage are all EU-resident. Session execution may run in supported regions outside the EU under standard contractual clauses (SCCs) and the EU-US Data Privacy Framework. Our complete sub-processor list, with locations and contractual basis, is published at /trust/sub-processors and in the Data Processing Agreement.

You can state a region preference (US / EU / APAC) from /settings → Region; for v1 it's informational only. Every customer's data sits on EU-jurisdiction infrastructure today regardless of preference selected. The preference exists so we can route you to the matching region automatically once the multi-region rollout lands; we'll give you 30 days' notice under the DPA Article 28 sub-processor amendment process before any of your data is migrated, with the right to keep your data in the EU or terminate the affected portion of the service. The trust page at /trust/sub-processors covers this in the same plain language as the dashboard.

Team members with the member role see read-only views of your sessions, profiles, API keys, webhooks, audit log, and usage. Members with the admin role can also create/update/delete those resources. They never see your billing, your password, or your MFA recovery codes. When a member acts on your account, the audit log records both the action AND the calling member's account id (so you can see who on your team did what without correlating across separate identity systems). The audit log entry also captures IP/user-agent context for sign-in/sign-out events; that context is visible to both you and to any team member with read access on your account, so don't add team members you wouldn't share that level of detail with. Full reference: docs.driftstack.dev/api/team.

Yes. Privacy Policy + DPA + Acceptable Use Policy are linked in the footer. Sub-processor list is documented in the DPA Annex 3. Customer-controlled retention defaults to 30 days, settable 1–365 or disable. Right-to-erasure requests honoured within 30 days. The legal documents are baseline drafts under counsel review; first paying customer onboards only after counsel review completes.

Not at v1. SOC 2 / ISO 27001 are roadmap items for post-first-paying-customer; the relevant compliance posture for v1 is GDPR + the standard EU SCCs + DPF transfers. Self-hosted is the immediate path for customers requiring host-level certification beyond what the cloud SKU provides.

Footer of every page links to the four documents at /legal/*. Customer acceptance is recorded at API key issuance time with a versioned content hash; document version bumps trigger re-acceptance per the DPA Art 28 sub-processor amendment mechanism.

Email [email protected]. Response SLA depends on tier: 48h Starter, 24h Solo, 12h Builder + Slack Connect, 4h Scale + Slack Connect, 1h Enterprise + dedicated CSM.

Session lifecycle is observable end-to-end via the SDK and the dashboard. Failed sessions return structured error responses (RFC 7807 problem-types); recordings + state captures up to the failure point are still available. Sessions that fail in the orchestration layer (driver crashes, fleet unavailability, etc.) do not consume your concurrent slot — the slot frees immediately on failure detection. Trial-pack credit is also unaffected by orchestration-layer failures.

Uptime SLA scales with tier: 99% Starter / Solo, 99.5% Builder / Scale, 99.9% Enterprise. Status page coming alongside first paying customer onboarding. SLA credits applied automatically against the next invoice.