Question 1

Why is paid signup reviewed by your team?

Accepted Answer

We're pre-Stripe today, so paid signups go through a 1-business-day review — that lets us confirm scope, issue your authorization-to-test letter, and onboard you cleanly before testing starts. Self-serve billing is on the roadmap; your plan, caps, and feature gates are already enforced server-side, so nothing changes for you when it lands. Want to try us with zero signup first? Run the free demo scanner at app.secaudit.xyz/tools.

Question 2

Can I change plans later?

Accepted Answer

Yes. Upgrades go through the same 1-business-day review (we move you the moment we confirm). Downgrades take effect immediately at the start of your next billing cycle, with no penalty. You keep all reports generated under the previous tier.

Question 3

What happens if I exceed my monthly cap?

Accepted Answer

We soft-block additional submissions and show you an upgrade prompt — no surprise overage fees. You can either wait for your next monthly reset, upgrade to a higher tier, or buy a one-off add-on (extra source review, extra pentest engagement) without changing your plan.

Question 4

Do you offer refunds?

Accepted Answer

30-day money-back guarantee on all paid plans, no questions asked. If something doesn't work for you in your first month, email us and we'll refund in full. After 30 days, refunds are pro-rated for unused service.

Question 5

Is there a free trial on paid plans?

Accepted Answer

Try before you buy with our free demo scanner at app.secaudit.xyz/tools — no signup, real passive checks, a graded report in about 30 seconds. When you're ready for full coverage, Starter is our entry paid tier (just $49/mo). We'd rather you see a real deliverable than time out on a generic 14-day countdown.

Question 6

How do annual subscriptions work?

Accepted Answer

Annual plans are billed once per year and save you 15% versus paying month-to-month. The cap and feature set are identical to the monthly plan — only the billing cadence and price differ.

Question 7

Is my data encrypted?

Accepted Answer

Reports are delivered as password-protected PDFs (passwords sent on a separate channel). Test artifacts and uploaded binaries live in encrypted object storage with key-scoped credentials. Stored credentials for authenticated tests are encrypted at rest with a per-platform key. Our security & auth approach is documented in detail for Enterprise prospects.

Question 8

Do you sign NDAs?

Accepted Answer

Enterprise contracts include a mutual NDA by default and we're happy to redline yours. Lower tiers can request an NDA via the Compliance Pack add-on. Either way, every tester is bound by an internal confidentiality agreement before they touch your scope.

Data Processing Addendum

1. Scope

2. Roles

3. Subprocessors

4. Security measures

5. International transfers

6. Requesting an executed DPA