Tines is an intelligent workflow automation platform that lets IT and security teams build, run, and monitor mission-critical workflows. It combines deterministic automation, AI agents, and human-in-the-loop checkpoints inside a no-code drag-and-drop builder.

How does Tines pricing work?

Tines uses action-based pricing rather than per-seat licensing. The Community Edition is free forever with no credit card required. Paid Business and Enterprise plans scale by monthly action volume, with custom enterprise pricing for large deployments.

Is Tines secure for regulated industries?

Yes. Tines holds SOC 2 Type 2, ISO/IEC 27001:2022, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and CSA STAR Level 1 certifications, and offers self-hosted deployment for banking, healthcare, and other regulated environments.

Does Tines support AI agents?

Yes. Tines launched native AI agents in June 2025. Agents run inside the Tines secure infrastructure, no customer data leaves the environment, and they can act independently or collaborate with humans inside any workflow.

Tines.com Product Reviews - Tines Sales Demo on SalesPeak.ai

Name: Tines
Brand: Tines
Rating: 4.8 (257 reviews)

🏢

About Tines

Tines is an intelligent workflow automation platform that lets IT and security teams build, run, and orchestrate mission-critical workflows without writing code. The platform combines deterministic automation, AI agents, and human-in-the-loop checkpoints inside a single drag-and-drop builder called Stories.

Founded in Dublin in 2018 by former DocuSign and eBay security operators Eoin Hinchy (CEO) and Thomas Kinsella, Tines reached unicorn status in February 2025 with a $125M Series C at a $1.1B valuation. The platform now powers more than 1 billion automation actions per week for global customers including Coinbase, Mars, Databricks, GitLab, Reddit, and SAP, with backers including Goldman Sachs Alternatives, SoftBank Vision Fund 2, Accel, and CrowdStrike Falcon Fund.

tines.com

📦

Products & Services

Stories (Workflow Builder)

No-code drag-and-drop canvas for chaining actions, transforms, webhooks, and human approvals into executable workflows.

AI Agents

Context-aware agents that act independently, suggest next steps, and collaborate with humans, all running inside the Tines secure perimeter.

Cases

Built-in case management for triage, investigation, and response, replacing standalone ticketing for security and IT operations.

Workbench

Operator-facing chat surface where analysts query, run, and review automation directly inside their existing tools.

Integrations Library

Pre-built actions for hundreds of security, IT, and SaaS tools, plus a generic HTTP request agent for any REST API.

Self-Hosted Deployment

Run Tines inside your own VPC for banking, healthcare, and FedRAMP-style environments where data cannot leave the perimeter.

🔗

Tines Integrations

Tines connects to any tool with a REST API and ships pre-built actions for the modern security and IT stack:

CrowdStrike

SentinelOne

Splunk

Elastic

Okta

Slack

Jira

PagerDuty

AWS

Microsoft Sentinel

🎯

Customers & Case Studies

Top Customers

Coinbase

Databricks

GitLab

Mars

SAP

Elastic

Upwork

Canva

Jamf

Brex

McKesson

Customer Success Stories

Elastic ↗

Deployed 49 workflows and unlocked 750 days of analyst time in 12 months.

Mars ↗

Hit 80-90% source coverage in weeks. Onboarding new team members dropped from 2 months on Splunk to 1 day on Tines.

GitLab ↗

Cut alert noise and unlocked thousands of hours. Tines certification is now part of incident response onboarding.

Upwork ↗

Saves at least 87 days of work per quarter, primarily on phishing response automation.

Jamf ↗

Reduced workflow build time by 95% vs Python, 4x more team members automating, 150 hours saved in month one.

Texas A&M System ↗

Cyber Operations team scales detection and response across 11 universities using Tines plus Elastic.

Case Studies by Industry

Financial Services (Coinbase, Brex) Software & SaaS (GitLab, Databricks) CPG (Mars) Marketplaces (Reddit, Upwork) Enterprise Software (SAP, Elastic) Healthcare (McKesson) Higher Education (TAMUS) Design & Creative (Canva)

💡

Pain Points & Solutions

Alert Fatigue & Noise

SOC analysts drowning in repetitive triage. Tines auto-enriches and dispositions alerts. GitLab cut alert noise and unlocked thousands of hours.

Python Scripts That Nobody Owns

Brittle homegrown scripts break on first edge case. Jamf reduced workflow build time 95% versus Python with 4x more team members contributing.

Slow Phishing Response

Manual inbox triage costs hours per incident. Upwork automated phishing response and saves a minimum 87 days of work per quarter.

SOAR That Locks You In

Legacy SOARs tie automation to a single SIEM. Mars rebuilt years of Splunk playbooks in months on Tines and now onboards new analysts in a day instead of two months.

AI Without Data Loss

Teams want LLM workflows without leaking data to vendors. Tines AI agents run entirely inside the secure perimeter, no logging, no training.

Vulnerability Management Burden

Ticketing 45 vulnerabilities used to take 150 minutes. Customers report Tines automation drops it to roughly 60 minutes, freeing analysts for real investigation.

🤖

How Tines Looks on AI Platforms

AI Readiness Score: 85 / 100

Tines scores well on structured product content, a deep public case study library, and a transparent Trust Center. Points are deducted for action-based pricing that requires a sales conversation to map to dollars and for some product surfaces (Cases, Workbench) that are documented unevenly across the marketing site.

How accessible is Tines?

Tines maintains a comprehensive site with detailed product pages, a public case study library covering 80+ named customers, a developer-friendly integrations directory, and an Explained knowledge base. The Trust Center (powered by SafeBase) gives LLMs and human evaluators direct access to attestations, sub-processors, and security documentation.

How easy is it for LLMs to understand Tines's mission?

Tines positions itself consistently as the "intelligent workflow platform for IT and security teams." Founder narrative, product copy, and customer stories all reinforce the same outcome metrics: hours saved, alerts triaged, percentage reduction in build time. Pricing is the weakest signal because action-based tiers don't surface dollar amounts on the public pricing page, forcing LLMs to triangulate from third-party sources like Vendr.

⚖

Competitive Landscape

How Tines differentiates in head-to-head matchups in the SOAR and workflow automation category:

Competitor	What Differentiates Tines	Where Tines Wins
Palo Alto Cortex XSOAR	No-code builder vs. Python-heavy playbooks; works with any vendor stack	Faster time to value; not locked into Palo Alto ecosystem
Splunk SOAR (Phantom)	Decoupled from a single SIEM; runs anywhere	Mars rebuilt years of Splunk playbooks in months on Tines
Torq	More mature SOAR pedigree, larger case study library, stronger AI agent narrative	Higher G2 rating (4.8) and category leadership in SOAR
Swimlane	Action-based pricing scales without per-seat tax	Easier non-technical adoption with drag-and-drop Stories
D3 Security / Smart SOAR	Cloud-native architecture and self-hosted option	Faster onboarding (days vs. weeks) for new analysts
n8n	Enterprise-grade security posture (SOC 2, ISO 27001, ISO 42001)	Built for regulated security and IT use cases vs. general automation
Workato / Zapier	Purpose-built for security and IT, with self-hosted deployment	Trusted by Coinbase, Mars, and SAP for mission-critical workflows

💰

Pricing

Tines uses action-based pricing rather than per-seat licensing. Public pricing tiers are limited; the figures below reflect typical contract values reported by Vendr and other procurement sources.

Community

$0

free forever

Full builder, unlimited Stories, capped action volume. No credit card. Used by individual operators and POCs.

Business

$18K-$96K

annual, action-based

50K to 500K actions/month. SSO, audit logs, role-based access, expanded integrations.

Enterprise

$100K+

custom annual contract

500K+ actions/month, dedicated environment, self-hosted option, premium support, AI agents at scale.

🔒

Security & Compliance

🟢 SOC 2 Type 2 🟢 ISO/IEC 27001:2022 🟢 ISO/IEC 27701:2019 🟢 ISO/IEC 42001:2023 🟢 CSA STAR Level 1 🟢 GDPR 🟢 Microsoft SSPA 🟢 CISA Secure-by-Design

Tines maintains a public Trust Center at trust.tines.com powered by SafeBase. AI agents run entirely inside the customer perimeter with no data logging or model training on customer data. A self-hosted edition lets regulated industries (banking, healthcare, federal) deploy Tines inside their own VPC.

💪

Strengths & Top Pros

✅ #1 ranked SOAR on G2 with 4.8/5 across 257+ reviews and category leadership on Gartner Peer Insights
✅ No-code Stories builder lets non-engineers ship production workflows; Jamf reported 4x more team members automating
✅ Action-based pricing avoids per-seat tax, so adoption can grow without renegotiation
✅ Native AI agents that run inside the secure perimeter, no data leakage, no LLM training on customer data
✅ Generic HTTP request agent connects to literally any REST API, side-stepping the integration coverage problem
✅ Self-hosted deployment for banking, healthcare, and federal environments where data cannot leave the VPC
✅ Real customer outcomes: Elastic 750 days saved/year, GitLab thousands of hours unlocked, Jamf 95% faster builds vs. Python

⭐

What People Say About Tines

Gartner Peer Insights ↗

What Does Reddit Have to Say About Tines

🤖 AI Sentiment Summary

Reddit sentiment toward Tines is broadly positive, especially in r/cybersecurity and r/SecOps where analysts cite the no-code builder and the generic HTTP agent as game-changers versus Python scripts and legacy SOARs. Critical threads focus on cost (action-based pricing can scale aggressively for noisy environments) and on the workflow execution time limits, which some power users want lifted. The platform is frequently recommended as a Splunk SOAR or XSOAR replacement when teams want to avoid vendor lock-in.

💬 SOAR recommendations: Tines vs Torq vs XSOAR
r/cybersecurity
💬 Anyone migrated off Splunk SOAR to Tines? Worth it?
r/SecOps
💬 Tines for phishing response automation, real-world results
r/blueteamsec
💬 Is Tines worth the price for a 3-person SOC?
r/AskNetsec
💬 Using Tines outside of security: IT ops automation experiences
r/sysadmin

❓

Frequently Asked Questions

Tines is an intelligent workflow automation platform built for IT and security teams. It combines deterministic automation, AI agents, and human-in-the-loop checkpoints inside a no-code drag-and-drop builder called Stories. Customers use it for phishing response, vulnerability management, employee lifecycle, alert triage, and any other workflow that needs to chain APIs together.

Tines uses action-based pricing, not per-seat. The Community Edition is free forever (no credit card). Business plans typically run $18K to $96K/year for 50K to 500K monthly actions. Enterprise contracts (500K+ actions/month, dedicated environment, self-hosted, AI agents at scale) commonly start around $100K-$180K+ annually based on third-party procurement data.

Cortex XSOAR and Splunk SOAR are heavyweight platforms tied to their vendor ecosystems and require significant Python scripting. Tines is no-code first, vendor-neutral, and faster to deploy. Mars publicly reported rebuilding years of Splunk playbooks in months on Tines, and onboarding new analysts dropped from two months to one day.

Yes. Tines launched native AI agents in June 2025 as part of its full-spectrum automation push. Agents can act independently, suggest next steps, or collaborate with humans inside any Story. They run entirely within the Tines secure infrastructure: customer data never leaves the perimeter, is not logged, and is not used for model training.

Tines holds SOC 2 Type 2, ISO/IEC 27001:2022, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and CSA STAR Level 1, plus GDPR and Microsoft SSPA compliance, and signed the CISA Secure-by-Design Pledge. A self-hosted edition lets banking, healthcare, and federal teams run Tines inside their own VPC. Trust Center: trust.tines.com.

Tines powers more than 1 billion automation actions per week across global enterprises including Coinbase, Databricks, GitLab, Mars, Reddit, SAP, Elastic, Upwork, Canva, Jamf, McKesson, and Brex. Roughly a quarter of customers now use Tines for workflows outside of security, including IT operations and HR.

No. While Tines is the highest-rated SOAR on G2 and was originally built for security automation, more than 25% of customers now use it for IT operations, HR onboarding, vulnerability management, and other cross-functional workflows. Brex publicly uses Tines across both security and IT.

🔄