Will my data be used to train AI models?

No. All inputs — source code, screenshots, URLs, scan results — are processed in tenant-isolated containers and are never used to train any AI model. This commitment is in our Data Processing Addendum. Anthropic's EU API agreements independently prevent training on API traffic.

What happens to my scan reports if I cancel?

You can export every report (PDF, JSON) for 60 days after cancellation. After 60 days, data is permanently deleted from our EU-hosted storage. No data crosses the EU border.

What engines are live today?

Eleven engines are live: Web Pentest (OWASP Top 10, real exploit + PoC, $99), API Pentest (OWASP API Top 10 2023, REST + GraphQL, $49), Mobile APK (MASVS, apktool + jadx, $50), GitHub SAST (secrets, deps, IaC, auth review, $30), Cloud Pentest (AWS/Azure/GCP/K8s, CIS Benchmarks, $399), AD Security Assessment (Kerberoasting, ACL gaps, DC recon, $299), SAP Pentest (NetWeaver, ABAP, S/4HANA, $899), Email Security (SPF/DKIM/DMARC, phishing-kit analysis, $199), Network / Host Pentest (TCP port/service discovery, no-auth exposure detection, detection only, $149), OSINT / Recon (WHOIS/RDAP, certificate-transparency subdomains, DNS, origin-IP discovery, $49), and Scan Import (AI-triage a Nessus/OpenVAS/Nmap/Burp/CSV/PDF report, $9). All engines are live in production.

Pricing — AssurePort | Transparent AI Penetration Testing Plans

Starter

For solo developers and one-off security audits.

$ 99

one-time purchase

Get Starter

Coverage
1 scan credit — use on any live engine
Web / API / Mobile APK / GitHub SAST
PDF + JSON report delivered by email
Workspace
1 user seat
Free intel toolkit (12 tools)
No recurring billing

Top up any time — one flat rate.

1 token = $0.01, always. Larger packs add bonus tokens; the effective per-token rate is shown on every pack so you can compare honestly.

Small

$50

5,000 tokens

No bonus · $0.0100 / token

Buy in console

+5% bonus

Medium

$100

10,500 tokens

+5% bonus · effective $0.0095 / token

Buy in console

+10% bonus

Large

$250

27,500 tokens

+10% bonus · effective $0.0091 / token

Buy in console

+14% bonus

$899

103,000 tokens

+14% bonus · effective $0.0087 / token

Buy in console

Token packs are one-time purchases via Polar.sh hosted checkout. VAT collected automatically in 47 countries. Tokens are added on successful payment and never expire. One wallet runs every engine — the XL pack alone covers a single SAP Pentest (89,900 tokens).

Attack surfaces

11 engines live today.

Every plan includes access to all live engines. Scan credits work across any engine — no engine-specific add-ons needed.

LIVE

Web Pentest

OWASP Top 10, 13 AI agents, real exploit + reproducible PoC. Auth bypass, XSS, IDOR, SSRF, injection.

LIVE

API Pentest

OWASP API Top 10 2023. REST & GraphQL. 7 agents — broken auth, object-level auth, mass assignment, rate limiting.

LIVE

Mobile APK

MASVS & OWASP Mobile Top 10. apktool + jadx static analysis. 6 agents — hardcoded secrets, insecure storage, traffic interception.

LIVE

GitHub SAST

7 agents — exposed secrets, vulnerable dependencies, IaC misconfigs, auth review, supply chain checks.

LIVE

Cloud Pentest

AWS / Azure / GCP / K8s. CIS Benchmarks, IAM misconfiguration, exposed storage, Kubernetes API. 5 agents. $399/scan.

LIVE

AD Security Assessment

Active Directory: Kerberoasting, ACL gaps, DC recon. Read-only, non-destructive. 6 agents. $299/scan.

LIVE

SAP Pentest

NetWeaver, ABAP, S/4HANA. RFC misuse, auth gaps, read-only analysis. 6 agents. $899/scan.

LIVE

Email Security

SPF / DKIM / DMARC validation, phishing-kit detection, passive reconnaissance. $199/scan.

LIVE

Network / Host Pentest

TCP port/service discovery, product fingerprinting, no-auth exposure detection (open Redis/ES/Mongo/Docker API, anon FTP, SMTP relay). Detection only, no exploitation. $149/scan.

LIVE

OSINT / Recon

WHOIS/RDAP, certificate-transparency subdomain enumeration, full DNS, CDN origin-IP discovery, live subdomain probing. Passive + light-active external footprinting. $49/scan.

LIVE

Scan Import

Import a Nessus, OpenVAS, Nmap, Burp, CSV or PDF report and get an AI-triaged summary mapped to GDPR/NIS2/ISO. Raw findings into prioritised insight. $9/import.

Compare plans

Every feature, side by side.

No fine print. If a plan has it, it is on this table.

	Starter	Pro	Business
Pricing
Price	$99 one-time	$349 / mo	$899 / mo
Billing	One-time	Monthly	Monthly
Top-up rate	$0.01 / token	$0.01 / token	$0.01 / token
Coverage
Token grant	9,900 one-time	40,000 / mo (rollover up to 80,000)	110,000 / mo (rollover up to 220,000)
Web Pentest LIVE	✓	✓	✓
API Pentest LIVE	✓	✓	✓
Mobile APK LIVE	✓	✓	✓
GitHub SAST LIVE	✓	✓	✓
Cloud Pentest LIVE	✓	✓	✓
AD Security Assessment LIVE	✓	✓	✓
SAP Pentest LIVE	✓	✓	✓
Email Security LIVE	✓	✓	✓
Workspace
User seats	1	3	10
Role-based access	—	✓	✓
TOTP 2FA	✓	✓	✓
Append-only audit log	—	✓	✓
Report formats	PDF + JSON	PDF + JSON	PDF + JSON + findings export
Free intel toolkit	✓	✓	✓
Trust & Compliance
EU data residency	✓	✓	✓
No model training	✓	✓	✓
Data Processing Addendum	—	—	Standard DPA included
ISO 27001 / DORA / NIS2 evidence	—	—	✓
Support
Channel	Email	Priority email	Priority email
Response SLA	Best-effort	Business hours	Business hours

Pricing FAQ

Questions about billing, in plain English.

What counts as a scan?

A scan is one complete automated test run against one application or surface — for example, a full OWASP Top 10 pass on your web app, or an MASVS audit on your Android APK. There are no per-finding or per-request charges. Successful scans consume one credit from your plan; failed scans release the reservation in full so you are never charged for an inconclusive result.

How does scan rollover work?

Unused scan credits carry forward to the next billing cycle. Pro rolls over up to a 12-scan maximum; Business rolls over up to 30 scans. This means a quieter month banks credits for a heavier audit month — no wasted allowance.

Can I switch or cancel my plan?

Yes. Upgrade or downgrade at any time from your dashboard — changes take effect at the next billing cycle. Cancel any time with one click. No retention calls, no lock-in beyond the current billing month.

What payment methods do you accept?

Credit and debit cards via Polar.sh (Merchant of Record). VAT is automatically calculated and collected in 47 countries — you never need to handle tax separately. EU business customers can enter a VAT registration number at checkout to apply the reverse charge mechanism.

Will my code or scan data be used to train AI models?

No. Every scan runs in a tenant-isolated environment. Your source code, URLs, screenshots and scan results are never used to train AssurePort's models or any third-party model. This commitment is written into our Data Processing Addendum. Anthropic's EU endpoint API agreements independently prohibit training on API traffic.

Where exactly is my data stored?

Exclusively in the European Union. We use Cloudflare Workers (EU edge regions), Fly.io (Frankfurt), Cloudflare R2 (EU jurisdiction), and Resend (EU). AI inference routes to Anthropic's EU endpoint. No data crosses the EU border.

What happens to my reports if I cancel?

You can export every report (PDF, JSON) for 60 days after cancellation. After 60 days your data is permanently deleted from our EU-hosted storage in accordance with our retention policy and GDPR Article 17.

One platform. Three simple plans.

Top up any time — one flat rate.

11 engines live today.

Every feature, side by side.

Questions about billing, in plain English.

Run your first scan in the next ten minutes.

One platform. Three simple plans.

Pricing plans

Top up any time — one flat rate.

11 engines live today.

Every feature, side by side.

Questions about billing, in plain English.

Run your first scan in the next ten minutes.