Pricing

Simple, transparent
pricing.

Transparent pricing from entry-level vulnerability testing to full pentest engagements. No hidden fees. No overage surprises.

Starter

One asset, fully covered

$49/mo

$42/mo billed annually

  • 3 submissions per month
  • 2 registered assets
  • Vulnerability scan + API testing
  • Encrypted PDF reports retained 90 days
  • 1 user seat · 1 retest per request
  • Authorization-to-Test (LoA) document included
  • 5 business day SLA
  • Email support (72h response)
Get Starter
Most popular

Pro

Growing security program

$179/mo

$149/mo billed annually

  • 10 submissions per month
  • 8 registered assets · all 4 asset types
  • Vuln scan, API testing & source review
  • Mobile APK/IPA up to 200 MB
  • Compliance-ready reports (SOC 2 / ISO / HIPAA framing)
  • Reports retained 1 year · 2 retests per request
  • 5 user seats · 3 business day SLA
  • Audit log access · email support (24h)
Get Pro

Business

Multi-asset + manual pentest

$599/mo

$499/mo billed annually

  • 30 submissions per month
  • 25 registered assets · all 4 asset types
  • All 4 testing types incl. manual pentest
  • 1 manual pentest engagement / year included
  • Mobile APK/IPA up to 500 MB
  • Auditor-grade pentest cert + compliance report
  • Reports retained 3 years · unlimited retests
  • 15 seats · 2 business day SLA · priority chat
Get Business

Enterprise

Custom scope, dedicated team

Contact sales
  • Custom submission volume (default 100/mo)
  • Unlimited assets · unlimited seats
  • All testing types incl. red team
  • Mobile APK/IPA up to 2 GB
  • SSO / SAML · custom audit retention up to 7 years
  • Dedicated Customer Success Manager
  • NDA + custom legal terms included
  • 1 business day SLA · top-priority queue
Contact sales

Add-ons

Available on any tier

Add-onPrice
Extra manual pentest$4,500 / engagement
Extra source review$750 / engagement
Red-team simulationQuoted (mid-5-figures+)
Compliance pack$250 one-time
Extended report retention$20/mo per +1 year

FAQ

Frequently asked

Why is paid signup reviewed by your team?+

We're pre-Stripe today, so paid signups go through a 1-business-day review — that lets us confirm scope, issue your authorization-to-test letter, and onboard you cleanly before testing starts. Self-serve billing is on the roadmap; your plan, caps, and feature gates are already enforced server-side, so nothing changes for you when it lands. Want to try us with zero signup first? Run the free demo scanner at app.secaudit.xyz/tools.

Can I change plans later?+

Yes. Upgrades go through the same 1-business-day review (we move you the moment we confirm). Downgrades take effect immediately at the start of your next billing cycle, with no penalty. You keep all reports generated under the previous tier.

What happens if I exceed my monthly cap?+

We soft-block additional submissions and show you an upgrade prompt — no surprise overage fees. You can either wait for your next monthly reset, upgrade to a higher tier, or buy a one-off add-on (extra source review, extra pentest engagement) without changing your plan.

Do you offer refunds?+

30-day money-back guarantee on all paid plans, no questions asked. If something doesn't work for you in your first month, email us and we'll refund in full. After 30 days, refunds are pro-rated for unused service.

Is there a free trial on paid plans?+

Try before you buy with our free demo scanner at app.secaudit.xyz/tools — no signup, real passive checks, a graded report in about 30 seconds. When you're ready for full coverage, Starter is our entry paid tier (just $49/mo). We'd rather you see a real deliverable than time out on a generic 14-day countdown.

How do annual subscriptions work?+

Annual plans are billed once per year and save you 15% versus paying month-to-month. The cap and feature set are identical to the monthly plan — only the billing cadence and price differ.

Is my data encrypted?+

Reports are delivered as password-protected PDFs (passwords sent on a separate channel). Test artifacts and uploaded binaries live in encrypted object storage with key-scoped credentials. Stored credentials for authenticated tests are encrypted at rest with a per-platform key. Our security & auth approach is documented in detail for Enterprise prospects.

Do you sign NDAs?+

Enterprise contracts include a mutual NDA by default and we're happy to redline yours. Lower tiers can request an NDA via the Compliance Pack add-on. Either way, every tester is bound by an internal confidentiality agreement before they touch your scope.

More questions? Email us.

Run your first audit today.

No credit card required to start.

Start your first audit →