# Billing, SCU, And Limits

Understand Security Compute Units, modality billing, included allowance, overage, tier caps, and file limits.

Source URL: https://trymighty.ai/docs/concepts/billing-scu

Mighty billing is based on SCU, short for Security Compute Units. SCU measures the amount of security compute used by a scan.

Text is the cheapest path. Image and document work use more compute.

For PDFs, page work and embedded image work are separate. They are added together. A PDF page with embedded images costs more than scanning plain extracted text.

SCU means Security Compute Units. SCU tracks the security compute used by each scan. For PDFs, page SCU and unique embedded image SCU are added together.

Illustration: SCU grows with modality and work performed. PDF page work and unique embedded image work are added together. This costs more than scanning plain extracted text.

## SCU By Modality

| Work processed | SCU |
| --- | --- |
| Text | 1 SCU per 1,000 tokens, rounded up. |
| Standalone image | 4 SCU per image. |
| PDF or document page | 2 SCU per page wrapper and text extraction. |
| Embedded image inside a PDF | 4 SCU per unique embedded image, added on top of page SCU and more expensive than text token work. |
| Minimum processed request | 1 SCU when content is scanned. |

PDF embedded images are billed separately from page processing. They are deduplicated by hash before counting, so the same logo repeated on many pages should count once.

## PDF SCU Formula

For PDFs, calculate SCU like this:

```text
PDF SCU = pages * 2 + unique embedded images * 4
```

Examples:

| PDF shape | SCU |
| --- | --- |
| 1 page, no embedded images | 2 SCU |
| 1 page, 4 unique embedded images | 18 SCU: 2 for the page plus 16 for images |
| 1 page, the same image repeated 4 times | 6 SCU: 2 for the page plus 4 for 1 unique image |
| 10 pages, same logo on every page | 24 SCU: 20 for pages plus 4 for 1 unique image |
| 50 pages, 30 unique embedded images | 220 SCU: 100 for pages plus 120 for images |

This matches the billing code: document pages and embedded image count are separate usage metrics, then the totals are added together.

Plain version: first count pages, then count unique embedded images, then add both numbers. A one-page PDF with four unique embedded images is 18 SCU, not 2 SCU and not 16 SCU.

## What The Response Can Include

```json
{
  "action": "WARN",
  "risk_score": 68,
  "scan_id": "4e7c5fc1-6947-492b-bd22-0589d6477c8b",
  "scan_group_id": "9b3e4f8d-96c9-4f42-8338-8cf9571c1c70",
  "scu_charged": 12
}
```

Logs and dashboard usage can also show allowance remaining and whether usage was included or overage.

## Allowance And Overage

The billing page shows:

- Included SCU for the current period.
- SCU used this period.
- Overage SCU when usage passes the included allowance.
- Organization spending limit.
- Estimated total.

If billing or tier policy blocks a scan, handle `402`. If payload size or file complexity blocks a scan, handle `413`. If rate limits block a scan, handle `429`.

## Limits

Limits apply to file size, PDF pages, embedded images, billing policy, tier caps, and rate limits.

Current PDF tier ceilings:

| Tier | PDF pages per request | Embedded images per PDF |
| --- | --- | --- |
| Free preview | 4 | 1 |
| Pro | 1,000 | 100 |

These are per-request ceilings for PDFs. They are separate from rate limits, billing allowance, and organization spending limits.

## What Developers Should Do

1. Show upload size and file type limits before upload.
2. Use async scans for high-value images and large PDFs.
3. Route `402` to billing, upgrade, or admin action.
4. Route `413` to reduce file size, split the PDF, or review manually.
5. Route `429` to retry with backoff.
6. Log `scu_charged`, `scan_id`, `request_id`, and `scan_group_id`.

## Common Mistakes

- Thinking text and image scans cost the same. Image and document scans use more compute.
- Treating `402` as a generic failure. It usually needs a billing or tier action.
- Treating `413` as only a file size issue. It can also represent a tier file cap.
- Retrying `429` immediately. Use backoff.
- Running comprehensive async review on every low-risk text message.

## AI-Agent Prompt

### Add billing-aware Mighty handling

```text
Make this Mighty integration billing-aware and limit-aware.

Requirements:
- Log scu_charged when returned.
- Store scan_id, request_id, scan_group_id, session_id, action, and risk_score.
- Explain SCU in developer comments or admin UI as Security Compute Units.
- Handle 402 as billing, quota, tier cap, or spending limit action.
- Handle 413 as file size, PDF page cap, embedded image cap, or payload complexity.
- Handle 429 with retry backoff.
- Use async scans for high-value images and large PDFs.
- Do not run comprehensive mode on every low-risk text message.

Acceptance criteria:
- Tests cover successful scan with scu_charged.
- Tests cover 402, 413, and 429.
- Large file workflows can route to manual review or ask the user to split the file.
- Logs expose enough IDs for support and billing investigation.
```