Pricing

Simple, transparent pricing.

Every plan includes proof-backed findings, exploit paths, and 5-framework compliance mapping. No per-scan fees. No surprises. Cancel any time.

Starter
$ 49
per month
For small teams getting started with external security.
1 domain monitored
1 manual scan / month
Monthly automated scan
Proof-backed findings
5-framework compliance mapping
PDF report + portal access
Slack alerts
Attack path chains
Delta reports
Get started
Most popular
Core
$ 149
per month
For security-focused engineering teams who need depth.
5 domains monitored
5 manual scans / month
Weekly automated scans
Proof-backed findings
5-framework compliance mapping
PDF report + portal access
Slack alerts on criticals
Attack path chains
Delta reports (new/fixed/overdue)
Start with Core →
Pro
$ 299
per month
For enterprises and security teams operating at scale.
20 domains monitored
25 manual scans / month
Daily automated scans
Proof-backed findings
5-framework compliance mapping
PDF report + portal access
Slack alerts + Attack paths
Delta reports
Compliance export (CSV/JSON)
Start with Pro

All plans require a signed Rules of Engagement document. Manual onboarding for first 20 customers.

Full Comparison

Everything side by side.

Feature Starter Core Pro
Domains monitored1520
Scan frequencyMonthlyWeeklyDaily
Subdomain enumeration
Port & service scan
Vulnerability scan (nuclei)
SSL/TLS checks
Email security (SPF/DMARC/DKIM)
Cloud exposure checks
Proof validation (0% false positives)
BIS risk scoring
PDF report delivery
Customer portal
5-framework compliance mapping
Attack path chains
Slack critical alerts
Delta reports (new/fixed/overdue)
Compliance export (CSV/JSON)
Get started Start with Core Start with Pro
Common Questions

Everything you need to know.

No. VeilScan is purely external — it only scans what is visible from the public internet. No agents, no credentials, no internal network access required.
A signed document confirming you have authorisation to scan the specified domains. Required before any scan runs. We provide a template and handle onboarding manually.
Every Critical finding must include a reproducible curl command with a real response containing verified sensitive data before it is classified as Critical. Anything unverified is auto-downgraded.
All customer data — scan results, reports, findings — is stored exclusively in AWS eu-west-2 (London). No data leaves the EU.
Yes. On all plans you can trigger an on-demand scan from your portal in addition to the scheduled automated scans.
Get Started

Your first scan.
In under two hours.

Add your domain, verify ownership, and let VeilScan do the rest. No agents, no credentials, no internal access required.

Start scanning → I already have an account
No hidden scan fees Cancel any time Data stays in London (eu-west-2)