Wrong.
The next problem occurs around the customer exceeding their free tier limit. Do we require them to upgrade to a new plan immediately? If so, what happens if they don't upgrade or simply don't pay?
Let's assume the customer is on holiday and they've just been hit with an attempted DDoS attack that causes their requests to skyrocket. They've gone over their limit and now it's time to pay, except they're not around to plug in their credit card details and keep the service alive.
Do we simply kill the service to their application mid-attack? Of course not, it would be irresponsible and immoral to willingly turn a blind eye to a crime being committed.
Does the customer feel obligated to pay up afterwards if we continue to save their application? You'd think so, but in reality, probably not (after all, they'd argue that we should've stopped the service if it were such a big concern for us – or that there's no proof the attack would've caused any damage, just a log to say we blocked a series of attempts).
So how do we solve this conundrum?
Ultimately it was decided that we'd offer a completely free product. I know that defies all sense of business logic: to spend time and money building something, only to turn around and give it to anyone for free.
I've decided that it's the best path to go for a few reasons: