A Metered, Fail-Closed Choke Point for All AI Traffic
Every module - Finance Copilot, HR helpdesk, compliance, even the MCP server - routes its AI through one gateway. It enforces org-level and per-seat token budgets with monthly rollover, writes an immutable usage ledger, and if the control plane is unreachable it denies (503) rather than leaking unmetered AI.
Illustrative product view
One choke point for all AI traffic
AI spend leaks when every feature calls a model its own way. Fintra removes the side doors: there is one gateway, and everything goes through it. That single seam is where budgets, metering and the fail-closed guarantee live.
- Every module - Finance Copilot, HR helpdesk, compliance, the MCP server - sends AI traffic through the same gateway
- Org-level and per-seat token budgets are enforced before the call reaches a model
- Unused budget rolls over month to month instead of silently resetting to zero
- An immutable usage ledger records every call, so spend is attributable by module and by seat
Budgets, rollover, and the immutable ledger
| Control | Behavior |
|---|---|
| Org token budget | A hard monthly cap across all modules |
| Per-seat budget | Individual caps so one user cannot drain the organization |
| Monthly rollover | Unused tokens carry forward rather than resetting to zero |
| Usage ledger | An immutable, per-call record for chargeback and audit |
| Fail-closed | If the control plane is unreachable, calls are denied (503) - never waved through unmetered |
What it governs - and what it doesn’t
Frequently asked questions
How does Fintra meter AI usage?
All AI traffic from every module routes through a single gateway that enforces org-level and per-seat token budgets before the call reaches a model, with monthly rollover of unused budget and an immutable usage ledger recording each call for chargeback and audit.
What happens if the metering service goes down?
The gateway fails closed: it returns a 503 and the AI call does not run. It never fails open into unmetered usage, so a broken meter costs you nothing rather than quietly running up an unbudgeted bill.
Can one user or module drain the whole AI budget?
No - budgets are enforced at both the organization and the per-seat level, so an individual seat cannot exhaust the org allocation, and each module’s consumption is separately attributable in the usage ledger.
Is the usage ledger real or illustrative?
Real and persisted. Every call is recorded immutably, so spend is attributable by module and by seat and can be reconciled - the metering, budgets and rollover are enforced behavior, not a mock.
Does the gateway filter what the AI says?
No. It is a cost and metering choke point, not a content-safety filter or model-quality judge. It governs how much AI each module and seat may consume and guarantees nothing runs unmetered - a separate concern from governing model output.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
See the security depth, not the slideware
Walk the SOC engine, the governed MCP server, and the control graph live - with the honest caveats on the table, not hidden.
Talk to us