Limits

Hard limits enforced in code today. If you bump into any of these and need them raised, email us — most are conservative defaults rather than architectural ceilings.

Cloudbrief

Limit	Value	Source
AWS accounts per organisation	unlimited	—
Daily analysis runs per AWS account	1 (scheduled at 09:00 IST)	APScheduler cron
On-demand investigations per account per day	unlimited	—
Incident hunts per account per day	unlimited (cron-scheduled weekly digest)	—
Report retention	forever (no auto-delete)	—

Paperbrief

Limit	Value	Source
Document file size	25 MB	`paperbrief_max_file_size_mb`
Supported formats	PDF, DOCX, TXT, MD	`paperbrief/parsers/`
OCR-eligible pages per document	50	`paperbrief_ocr_max_pages`
Chunks per document (after splitting)	2000	`paperbrief_max_chunks_per_doc`
Documents per organisation	unlimited	—
Chat top-K retrieval	5 chunks	`paperbrief_retrieval_top_k`
Question length	4000 chars	API validation
Documents per chat turn	20	API validation

Auth + sessions

Limit	Value
JWT lifetime	24 hours
Password minimum length	12 characters
Failed login attempts before lockout	(no lockout yet — relies on Cloudflare WAF rate limiting)

Marketing inquiries (public contact form)

Limit	Value
Submissions per IP per hour	5
Message length	5000 chars
Name length	200 chars

API request limits

The app itself has no rate limit on authenticated requests today. The underlying AI providers have their own quotas — if you hit a provider rate limit, the error surfaces in the UI with a "try again in a moment" message.

What's not limited

Concurrent conversations per user
Chat history retention
Number of API keys / 2FA tokens (one per user)
Webhooks (don't exist yet)

If you need anything not on this list raised, email us — most defaults are pulled from intuition rather than hard architectural constraints, and we'd like to know which assumptions need updating.

Usage & billing Introduction