The same vault. With the governance layer turned on.
Marje Enterprise puts your IT or compliance team in control of the factory layer — rules, routing, permissions, audit, identity — while your team works in the same fast, AI-aware desktop app. Currently shaping the rollout with early customers. If your team needs governance now, we want to hear from you.
Most knowledge tools force a tradeoff. We don't.
Either the tool is fast and consumer-grade but ungoverned, or it's enterprise-grade but slow and miserable to use. Marje keeps the consumer-grade desktop experience and adds governance underneath, not on top. The end user never feels the policy layer.
Eight things your IT team will care about.
Two-tier governance
The factory layer is the difference. Your IT or compliance team controls the rule sets, permissions, routing, and rendering — centrally, encrypted, and out of reach of end users. Your team customizes the surface (themes, pinned tiles, personal tags) without ever touching the underlying system.
Audit logging
Every vault action is logged: who accessed what file, when, and what Claude requested via the MCP server. Append-only. Tamper-evident. Exportable to your SIEM or compliance tooling.
Role-based permissions
Three roles ship today: Admin, Editor, Viewer. Per-folder permissions. Per-module permissions. Sensitive folders can require explicit per-session AI access.
Approval workflows
Flag any document type to require manager sign-off before publishing or sending. The approval queue lives on the manager's dashboard with a side-by-side diff of the proposed change.
Remote policy push
Push factory configuration updates to every installed seat in your organization. Versioned. Rollback in one click. Beta and stable channels.
SSO & SAML
Okta, Azure AD, Google Workspace, generic SAML 2.0. Map IdP groups to Marje roles. Auto-provision and auto-deprovision tied to your identity source.
Data masking
Regex-based masking before any AI request. SSN, credit card, custom enterprise patterns. The model sees [REDACTED]; your audit log sees the original.
Scheduled AI access
Restrict MCP access to defined time windows — business hours only, weekdays only, or any custom schedule. Outside the window, AI tool calls are blocked.
Same product. Different surface area.
| Lifetime | Enterprise | |
|---|---|---|
| Lifetime license, $49 one-time | ✓ | Per-seat, custom |
| Local-first vault on your machine | ✓ | ✓ |
| Built-in MCP server (bring your own Claude) | ✓ | ✓ |
| Module marketplace + cloud sync | ✓ | ✓ |
| Two-tier factory configuration | You own both layers | IT controls factory layer |
| Centralized rule management across team | − | ✓ |
| Audit logging (append-only, tamper-evident) | − | ✓ |
| Role-based permissions | − | ✓ |
| SSO / SAML / Okta / Azure AD | − | ✓ |
| Approval workflows | − | ✓ |
| Remote policy push | − | ✓ |
| Data masking on AI requests | − | ✓ |
| Scheduled AI access windows | − | ✓ |
| Dedicated support | Email, 24h | Named contact, SLA |
Pricing and rollout.
Get in touch.
Tell us about your team. We'll respond within 48 hours — usually faster. Early access customers get hands-on rollout support and direct input on the feature roadmap.
Or email [email protected] directly.