Free subscription but all paid features available

My company has been using the free subscription for a little over a month. We are still using the free subscription but are able to use all paid features like: password policy, brute force protection, breached password detection, email customization and so on.

How come this is the case? It makes it confusing for us to know which plan we really need.

You should be reviewing what features are included at the time you acquire the subscription; like you mentioned in some situations there are no hard limits on the dashboard features, however, account center reports may show you that you are over-quota or using features you’re not entitled to.

I dont quite understand. So auth0 just trusts all users to only use what they are entitled to?

The usage is reviewed and incorrect usage is surfaced to customers in account center and also available internally so that it can be analysed and addressed. If you think about it and at least in my personal opinion it would be very weird to have automatic hard limits in some situations. For example, you subscribe for 1000 users and your application experiences a sudden boom of popularity. If the end-user authentication was automatically rejected when the 1000 users were passed this would be a very bad user experience. Finally, this can change, I was just providing my personal view.