The Medusa agent is open source and runs standalone at no cost. These plans cover the cloud dashboard — shared policy, telemetry, and alerting across every endpoint you run.
Individual developers and lab environments.
Small teams securing their MCP infrastructure.
Growing organizations with compliance needs.
Unlimited scale, SAML, and self-hosting.
All plans include the open-source agent — install it with pipx install medusa-mcp.
Detailed breakout of capabilities by plan.
| Feature | Free | Starter | Pro | Enterprise |
|---|---|---|---|---|
| Endpoints | 3 | 5 | 25 | Unlimited |
| On-device DLP | 9 categories | 9 categories | 9 categories | 9 categories + custom |
| Event retention | 30 days | 90 days | 1 year | Unlimited |
| Dashboard users | 1 | Team | Team + RBAC | Team + RBAC |
| SSO | — | OAuth | OAuth | SAML / OIDC |
| Alerting | — | Slack / webhook | Slack / webhook | Slack / webhook |
| Audit export | — | — | CSV | CSV |
| Deployment | Hosted | Hosted | Hosted | Hosted or self-hosted |
| Support | Community | Priority email | SLA + priority |
The Medusa agent — the thing that runs on each machine and does the actual DLP enforcement — is free and open source (Apache 2.0). It works fully standalone with no account. Pricing here is for the cloud dashboard that manages a fleet of agents: shared policy, telemetry aggregation, and alerting.
An endpoint is any machine running the Medusa agent connected to your dashboard. Each agent protects the MCP servers on that machine.
Yes. Switch plans anytime from Settings → Billing. Changes take effect immediately and billing is prorated.
Yes, on the Enterprise tier. The dashboard ships as a Docker image with a signed license key you verify offline — no data leaves your infrastructure. See our self-hosting guide.
No. The open-source agent enforces DLP locally on its own. The dashboard becomes worth it once you're running Medusa on more than one or two machines and want fleet-wide policy and visibility.