Find your plan in one line.

Free scan, no account needed. Pick the plan that matches how many sites you watch. Every paid plan includes the evidence pack.

One site

Lite

Keep one site monitored, with the evidence report.

$29
per month

Includes

  • included1 verified domain, monitored continuously
  • included15 scans per month, weekly cadence
  • includedChange alerts when exposure shifts
  • includedFindings history, exports, and evidence pack
  • included1 seat
A few sites

Starter

A few sites, a couple of teammates.

$69
per month

Everything in Lite, plus

  • includedUp to 5 verified domains
  • included50 scans per month
  • includedA second seat
Many sites

Professional

The whole team, daily scans, priority support.

$199
per month

Everything in Starter, plus

  • includedUp to 25 verified domains
  • included500 scans per month, daily cadence
  • includedDeep web application scan (DAST)
  • includedUp to 20 seats with role-based access
  • includedPriority support
Custom onboarding

Business

Agency-scale governance with analyst advisory.

Custom pricing

Everything in Professional, plus

  • included100+ verified domains, client estates, or business units
  • included5,000+ scans per month with priority processing
  • includedUp to 200 seats
  • includedCustom onboarding and rollout planning
  • includedConsultant review and advisory support
includedSecurity-posture evidence pack
includedContinuous monitoring & change alerts
includedClient-ready HTML & PDF reports
includedRetained findings history with risk scoring

Advisory: Analyst-led review

Pair your monitoring workspace with HasafSec consultant eyes. Advisory covers critical finding validation, remediation planning, and periodic review calls, for teams that need expert guidance without building an internal security function.

  • Analyst review of critical and high findings
  • Prioritised remediation roadmap with timelines
  • Periodic security review calls with your team
  • Consultant-validated reports for client or board delivery

Pricing

Custom, based on scope

webguard@hasafsec.com

Pick a plan to see everything it includes.

Monitoring & scanning

Verified domains
25
Scans per month
500
Scan cadence
Daily

Evidence & reporting

Continuous monitoring & alerts
includedYes
Findings, history & exports
includedYes
Security-posture evidence pack
includedYes

Team & support

Seats
20
Role-based access
includedYes
Priority support
includedYes
Custom onboarding & advisory
limitedAdd-on

Showing the Professional plan.

Questions buyers ask before committing.

Does the free exposure review require an account?

No. The public scan on the homepage runs without signup and returns a headline score with top findings. A workspace is only needed for continuous monitoring and retained history.

I only have one website. Where do I start?

Start with Lite. It is the single-site entry plan: one verified domain monitored continuously, with the same client-ready evidence pack and alerts as every paid tier. Move up to Starter when you are watching a few sites or want a second seat.

What counts as a domain?

Each verified domain you monitor counts as one against your plan's limit. Subdomains you verify and monitor separately each count as a domain. Your plan caps how many you can add, and the limit is enforced when you create an asset.

When should a team choose Professional instead of Starter?

Choose Professional when monitoring becomes an operating workflow: more domains and scanning capacity, the deep web application scan (DAST), role-based access for the whole team, and priority support.

When should a team choose Business?

Choose Business when the problem is governance across many owned domains, business units, or client estates, or when custom onboarding, shared rollout planning, and consultant advisory support are required. Business is handled as a custom onboarding path rather than a self-serve checkout.

Can I use the reports for my insurer, clients, or data-protection obligations?

Yes. Every paid tier exports an evidence pack that records verified domain ownership, monitoring cadence, an audit trail, and remediation progress: the recurring proof an insurer, client, or procurement reviewer asks for, and useful supporting evidence for data-protection governance such as Kenya's Data Protection Act. It is a security-posture record, not a compliance certification or insurance attestation, and the report says so.

What is the Advisory add-on?

Advisory pairs your monitoring workspace with HasafSec analyst eyes. It covers critical finding validation, prioritised remediation planning, and periodic review calls, available as a custom add-on priced by scope.

Questions about plans or billing? webguard@hasafsec.com