Flagsmith

What Is Flagsmith?

The dominant feature flag vendors raise hundreds of millions of dollars and become unable to support genuine self-hosting at scale, because the operational cost of helping enterprise customers run the platform on their own infrastructure eats the venture math. Flagsmith took the opposite bet. Built by Bullet Train Limited in London since 2018, the company raised a single small seed round in 2020, stayed under 15 people, and made self-hosted-first architecture its primary differentiator. The result is an open-source feature flag, A/B testing, multivariate, segmentation, and remote configuration platform that customers including HSBC, Ford, and Pfizer run inside their own networks.

The legal entity is Bullet Train Limited, Companies House number 12353266, based in London. The founders Ben Rometsch and Kyle Johnson remain the only persons of significant control. There is no US parent company, no Delaware C-Corp wrapper, and no acquisition rumour. For European procurement teams writing data sovereignty clauses into contracts, that structure matters. The software is released under BSD-3-Clause, and the project sits at roughly 5,000 GitHub stars.

Flagsmith operates on two tracks. The open-source build is a complete platform — server, admin UI, SDKs, edge proxy, Helm charts, Terraform modules. Customers run it themselves with no functional gating between OSS and paid. The hosted SaaS at flagsmith.com is for teams that prefer not to operate the infrastructure, with paid tiers covering request volume, SSO, and audit log retention. Both tracks share the same codebase.

Key Features

Feature Flags With Segments and Multivariate Variants

Flagsmith handles the core feature flag use cases cleanly. Flags can be boolean, string, integer, or multivariate, with each variant carrying a weighted percentage allocation. Segmentation rules combine identity traits — user ID, plan tier, region, custom attributes — to target flags at specific cohorts without writing client-side conditional logic.

The model is well suited to A/B testing on engineering and product features: roll out a new checkout flow to 10% of users in Germany, measure the conversion lift, expand or roll back. The flag changes propagate in seconds through the SDK polling cycle or instantly via Server-Sent Events for clients that subscribe.

Self-Hosting That Is Genuinely First-Class

Most open-source feature flag platforms publish a docker-compose.yml and call self-hosting supported. Flagsmith publishes Helm charts that customers actually deploy in production, Terraform modules that match the cloud architectures customers actually use, and documentation that treats self-host as the primary topology rather than the fallback.

The deployment targets include AWS, GCP, Azure, OVHcloud, Hetzner, on-prem Kubernetes, and air-gapped environments. The Edge API can be deployed regionally to bring flag evaluation latency under 50ms globally. For organisations whose compliance posture requires flag evaluation events never to transit a third-party SaaS, this is one of the cleanest commercial options available.

Remote Configuration

Flagsmith doubles as a remote configuration store. Beyond simple on/off flags, the platform stores typed configuration values — strings, integers, JSON blobs — that applications fetch at runtime. This is useful for items that are not strictly feature flags but benefit from segmentation and central management: feature copy variants per locale, A/B-tested API endpoints, rate-limit thresholds adjusted by region.

Combined with segmentation, remote config lets engineering teams move runtime decisions out of code and into a central, audited surface without standing up a separate config service.

Edge API for Low-Latency Evaluation

The hosted Flagsmith offering includes an Edge API that runs flag evaluation at points of presence close to end users. The practical effect is sub-50ms flag-fetch latency for applications with global audiences, which matters for client-side flags that gate above-the-fold rendering decisions. Self-hosted deployments can replicate this pattern by running Flagsmith API instances regionally.

Permissioning and Audit Suitable for Enterprise

Role-based access control, SAML SSO, and audit logging cover the access governance requirements that enterprise procurement teams check during security review. The Scale-Up plan adds SAML SSO and audit log retention. Enterprise contracts add custom RBAC granularity and SLA-backed support.

Pricing

The Free plan is genuinely usable for production at small scale: unlimited feature flags, unlimited identities, 50,000 requests per month, and 3 team members. For a startup running a few flags on a single product, this covers the actual need without requiring a credit card.

The Start-Up plan at USD 45 per month adds 1 million requests, unlimited team members, RBAC, and email support. The Scale-Up plan at USD 200 per month adds 5 million requests, SAML SSO, audit logging, and priority support. Enterprise pricing is custom, typically gated on request volume, dedicated infrastructure requirements, and security review.

Self-hosting the BSD-3-Clause build is free at any scale with no licensing fee. The operational cost is the engineering time to run PostgreSQL, the API service, and the SDK distribution — meaningful but not prohibitive for teams already operating Kubernetes.

Compared to LaunchDarkly's MAU-based pricing, which can escalate from low hundreds to mid-thousands per month for moderate user bases, Flagsmith is generally cheaper on the hosted plans and free on self-host. The trade-off is fewer advanced experimentation features.

EU Compliance & Privacy

Bullet Train Limited is registered in London, United Kingdom. The company is subject to UK GDPR, which remains substantively aligned with EU GDPR following the UK's adequacy decision. Hosted Flagsmith offers a choice of EU or US data residency at signup, and self-hosted deployments give complete control over data location.

The company holds SOC 2 Type II and ISO 27001 certifications. A Data Processing Agreement is available for hosted customers. Self-hosted Enterprise customers receive deployment documentation, security review packages, and runbooks for compliance audits.

The independence of Bullet Train Limited — no US parent, no acquisition by a US enterprise vendor — matters for European customers building compliance arguments. The company is not subject to US Cloud Act disclosure obligations on data held by self-hosted customers.

Who It's Best For

If your security posture requires self-hosting your feature flag infrastructure, Flagsmith's first-class on-prem story is one of the strongest in the market alongside Unleash. The Helm charts, Terraform modules, and air-gapped support actually work.

If you are a small or mid-sized engineering team that wants production-grade feature flags without LaunchDarkly's pricing, the Free and Start-Up plans cover real workloads at a reasonable cost.

If you need deep experimentation analytics with statistical significance testing across complex marketing funnels, dedicated tools like Kameleoon or Optimizely have richer dashboards. Flagsmith handles A/B testing competently for engineering experiments, but is not a CRO platform.

If you want a bootstrapped, independent vendor with no acquisition or pivot risk, Flagsmith's funding history and ownership structure are unusually clean for the category.

The Verdict

Flagsmith earns a recommendation through deliberate trade-offs rather than feature maximalism. The bootstrapped funding, BSD-3-Clause licence, and London-based UK Ltd structure deliver a feature flag platform that European teams can self-host, audit, and trust without inheriting US disclosure exposure or VC-driven roadmap pressure.

The platform will not win on flashiest UI or deepest experimentation analytics. Those go to better-funded competitors. It wins on substance: a complete open-source platform that runs anywhere, a free tier that covers real production, and a corporate structure aligned with European procurement realities. For teams whose primary requirement is operational sovereignty rather than analytics depth, that is a meaningful combination.

Frequently Asked Questions

Is Flagsmith really open source?

Yes. Flagsmith is released under the BSD-3-Clause licence with the full server, admin UI, SDKs, and edge proxy on GitHub. There is no proprietary control plane gating self-hosting. The OSS build is feature-complete for flag management, A/B testing, remote config, and segmentation.

Can I self-host Flagsmith on my own infrastructure?

Yes. Flagsmith publishes first-party Helm charts, Terraform modules, and Docker Compose manifests. Common deployment targets include AWS, GCP, Azure, OVHcloud, Hetzner, on-prem Kubernetes, and air-gapped environments. The documentation explicitly treats self-host as a primary topology.

How does Flagsmith compare to LaunchDarkly?

LaunchDarkly is closed-source SaaS only and is a US-headquartered company. Flagsmith is BSD-3-Clause open-source and self-hostable, operated by Bullet Train Limited in London. LaunchDarkly has more polished UI and broader experimentation analytics; Flagsmith has stronger self-host support, lower pricing, and avoids US Cloud Act exposure for European customer data.

Where is Flagsmith data hosted?

Bullet Train Limited is registered in London under UK GDPR, with adequacy alignment to EU GDPR. Hosted Flagsmith offers EU or US data residency at signup. Self-hosted deployments give complete control — data never leaves the customer's infrastructure. SOC 2 Type II and ISO 27001 certifications are in place.

Is Flagsmith good for A/B testing specifically?

Flagsmith handles A/B testing via multivariate flag variants with weighted allocation and segment-based targeting, well suited for engineering-led experimentation. For marketing-led conversion optimisation with deeper statistical dashboards, Kameleoon or Optimizely have richer analytics. Many teams run both: Flagsmith for engineering, a CRO tool for marketing.