Tellr helps SaaS teams detect repeat trial abuse, disposable emails, VPNs, reused cards, and suspicious behavior—then returns one clear decision: allow, limit, verify, or block.
Free trial abuse rarely comes from a stranger — it comes from someone you already let in last week. New mailbox, fresh VPN, cleared cookies. Tellr computes four composite identifiers from the browser and network, and uses the strongest match to assign the same tellr_id across attempts.
Network, TLS, browser, device, behavioral, identity. Some are obvious — IP reputation, disposable email domains. Some take work — canvas fingerprints, JA4 TLS, residential proxy detection by TTL anomaly. Every one of them is computed by our own code from our own datasets.
Each cell is a discrete check we run on every signup. The complete list — with descriptions and score weights — is in the docs.
| Tellr | Fingerprint | Stytch DFP | DIY | |
|---|---|---|---|---|
| Built for trial abuse | Yes | No | No | — |
| TLS fingerprinting | JA3 + JA4 | JA3 only | No | 6 months |
| Device signals | 267 | ~50 | ~30 | 1 year |
| Behavioral biometrics | Yes | Yes | No | — |
| Threat intel in-house | Yes | Mixed | Mixed | — |
| Self-hostable | Enterprise | No | No | Yes |
| Transparent pricing | $0–$199 | Sales call | Sales call | — |
| No data resold | Yes | Unclear | No | Yes |
‡ We are deliberately not the cheapest, the fastest, or the most featureful. We are the most focused on free-trial abuse — and the only one that lets you walk away with your data.
One script tag in your <head>. One server-side call on signup. One if-statement on the verdict.
<script src="http://localhost:8081/v1/c.js" data-key="pk_••••" data-collector="http://localhost:8081" ></script>
const r = await fetch(
'http://localhost:8080/v1/check',
{
method: 'POST',
headers: {
Authorization: 'Bearer ' + KEY,
},
body: JSON.stringify({
session_token: req.cookies._tellr_session,
end_user: { email },
}),
}
).then(r => r.json());if (r.verdict === 'block') {
return res.status(403).send(
"We've seen you before."
);
}
await db.users.update({
where: { id: userId },
data: { tellr_id: r.tellr_id },
});Free tier is 1,000 checks a month — enough to validate the integration and catch real abuse. Move up when you grow.
For solo founders and side projects.
Real production workloads.
Scaled apps, multiple projects.
For teams with data-residency requirements, an existing security review process, or volume beyond the published tiers. Single-tenant deploys to your own VPC, your own Postgres, your own Stripe. We never see your traffic.