Features & Pricing
Skald is sold as a self-hosted product with three tiers. Community is free and open source — you can deploy it today, on your own hardware, and never talk to us. Professional and Enterprise unlock additional features via a license key.
This is the customer-facing summary. For the technical specification of how feature gating works, see the licensing reference.
Tier comparison
| Capability | Community | Professional | Enterprise |
|---|---|---|---|
| Core messaging | |||
| 1-on-1 and group chat | ✓ | ✓ | ✓ |
| Threaded replies | ✓ | ✓ | ✓ |
| Rich text (markdown) | ✓ | ✓ | ✓ |
| Reactions & polls | ✓ | ✓ | ✓ |
| File uploads & avatars (S3/MinIO) | ✓ | ✓ | ✓ |
| Pinned messages, edits, deletes | ✓ | ✓ | ✓ |
| Voice & video | |||
| Group video calls (LiveKit SFU) | ✓ | ✓ | ✓ |
| Screen sharing | ✓ | ✓ | ✓ |
| Per-room voice / video toggles | ✓ | ✓ | ✓ |
| Native call UI on iOS & Android (CallKit / ConnectionService) | ✓ | ✓ | ✓ |
| Identity & auth | |||
| Local accounts & passwordless email login | ✓ | ✓ | ✓ |
| Multi-factor authentication (TOTP) | ✓ | ✓ | ✓ |
| OIDC / SAML single sign-on | — | — | ✓ |
| SCIM 2.0 user & group provisioning | — | — | ✓ |
| Security & compliance | |||
| TLS, JWT auth, RBAC, audit-log capture | ✓ | ✓ | ✓ |
| At-rest encryption (DB fields + S3 SSE) | ✓ | ✓ | ✓ |
| End-to-end encryption (per-room) | — | ✓ | ✓ |
| Admin access to audit log UI | — | — | ✓ |
| Data retention policies | — | — | ✓ |
| Virus scanning on uploads (ClamAV) | — | — | ✓ |
| DLP / content scanning hooks | — | — | ✓ |
| Customization | |||
| Custom emoji catalog (movie-style ratings) | — | ✓ | ✓ |
| Link preview generation | — | ✓ | ✓ |
| Custom branding (logo, favicon, colors, app name) | — | — | ✓ |
| Moderation | |||
| Per-room moderator role | ✓ | ✓ | ✓ |
| Global user suspensions & discipline | — | — | ✓ |
| Cross-room timeout / ban controls | — | — | ✓ |
| AI-assisted content moderation | — | — | ✓ |
| Integrations & automation | |||
| Plugin system (Spring components) | ✓ | ✓ | ✓ |
| Inbound webhooks (post-to-room) | ✓ | ✓ | ✓ |
| Outbound webhooks (event dispatch) | — | — | ✓ |
| Slack workspace import | ✓ | ✓ | ✓ |
| Operations | |||
| Helm chart & Docker images | ✓ | ✓ | ✓ |
| Prometheus / Grafana / Loki / Jaeger | ✓ | ✓ | ✓ |
| Automated backups (Postgres + MinIO) | ✓ | ✓ | ✓ |
| Push notifications (iOS / Android / web) | ✓ | ✓ | ✓ |
| Mobile OTA updates | ✓ | ✓ | ✓ |
| Email digest & outbound SMTP | ✓ | ✓ | ✓ |
✓ = included · — = requires upgrade
What each Enterprise feature does
- OIDC / SAML SSO — sign in with Okta, Entra ID, Google Workspace, Auth0, Keycloak, or any standards-compliant IdP. See SAML setup.
- SCIM provisioning — auto-create, update, and deprovision accounts from your identity provider so the user directory stays in sync. See SCIM setup.
- Audit log UI — every admin and security-sensitive user action is captured in a searchable log with IP, timestamp, and target resource. Audit capture is on in every tier; the UI is gated.
- Data retention — set per-room or global rules to auto-delete messages and files after a configured age. Required for GDPR / similar regulatory regimes. See compliance.
- Virus scanning — every upload is streamed through ClamAV before it lands in storage. Infected files are rejected and an audit event is recorded. See virus scanning.
- Custom branding — replace the Skald name, logo, favicon, and color palette with your own — including a docs-link override in user account menus.
- Room moderation — global moderator controls beyond the per-room moderator role: cross-room timeouts, bans, and discipline reasons.
- User moderation — global account-level suspensions, including reason logging, automatic re-enable schedules, and an admin appeals page.
- Outbound webhooks — POST event payloads to your systems (HMAC-signed, automatic retries, delivery log). See Webhooks.
- AI-assisted moderation — automatic message classification (categories & scores) via AWS Bedrock; admins review flags in a moderation queue. See Bedrock setup.
How tiering is enforced
When a feature isn't available in your tier, the relevant admin endpoint returns HTTP 403 with a body explaining which tier unlocks it. The app does not silently degrade. Data is preserved across downgrades — if you cancel and later re-upgrade, audit rows, retention policies, custom emoji, branding, etc. are all still there.
Read-only mode kicks in only when a license expires past its grace window — see the licensing reference for details.
Getting a license
Skald licenses are issued as a single Ed25519-signed string. Install it via the SKALD_LICENSE_KEY environment variable (Docker, Kubernetes Secret, or Helm value) and restart the API. Renew before expiration to avoid the read-only mode that kicks in after the grace period.
To get a license, contact us through the channel from which you obtained Skald.
Frequently asked questions
Can I self-host Community forever? Yes. Community has no time limit, no user cap, no nag screens, no phone-home that affects functionality. It's open source.
Can I evaluate Professional or Enterprise features? Use the dev Spring profile locally — it unlocks every feature. For production evaluation, ask us for a time-limited license key.
What happens if my license expires? You get a configurable grace period (default 7 days) of full functionality with a warning banner. After grace, the app goes read-only — users can still sign in and read history, but writes are blocked until you renew. Audit, license, and authentication endpoints stay open so you can recover.
Can I move between tiers? Yes. Install a new license key and restart. Features become available (or unavailable) immediately. Data is preserved across both upgrades and downgrades.
Where do I host the data? Wherever you run the workload: your Kubernetes cluster, a single VM, on-prem hardware, or a sovereign-cloud account. Skald does not require any outbound network access at runtime beyond what you configure (push notification gateways if you enable them, your IdP if you use SSO, etc.).