Pricing
Simple plans. Cancel any time.
Free email scan stays free. Paid plans unlock continuous monitoring, DMARC visibility, web-headers audits, and the full CMMC self-assessment.
Free
One-time scans, no monitoring.
Free
- • One-time email security scan
- • Multi-resolver DNS cross-check (Cloudflare, Google, Quad9)
- • PDF report via email
- • 5 scans per IP per hour
Starter
Continuous monitoring for a single domain.
$19/mo
- • Everything in Free
- • Continuous monitoring on 1 domain
- • 11-check scan (email auth + DNS + web posture)
- • Weekly email digest
- • Drift alerts via email
- • Higher rate limits
Pro
Full platform for growing SMBs and security-conscious teams.
$49/mo
- • Everything in Starter
- • Up to 10 monitored domains
- • Vendor portfolio + auto-attestation questionnaires
- • Security-awareness training + phishing simulations
- • Policy library (CMMC / SOC 2 / NIST CSF templates)
- • Public trust page for prospects + customers
- • Slack + Webhook alerts (signed)
- • All integrations: M365, Google, GitHub, Cloudflare, KnowBe4, AWS, Snyk
- • DMARC ingestion + sender visibility
- • CMMC / SOC 2 / CSF readiness + evidence library
- • Public API + webhooks
- • Priority support
- • Public REST API — read the docs
Max
For larger orgs and MSPs — everything in Pro plus higher limits and white-glove onboarding.
$299/mo
- • Everything in Pro
- • Up to 50 monitored domains (talk to us about more)
- • Faster rescan cadence (every 2 hours vs. 6)
- • Org-logo branding on PDFs, attestations, and trust page
- • SAML SSO + SCIM provisioning (5-minute setup wizard)
- • Dedicated Slack channel + named CSM
- • Quarterly security-program review
- • Custom MSA + custom DPA available
- • Priority access to the team for feature requests
Compare
Side-by-side feature list. No marketing hyphens.
| Feature | Free | Starter | Pro | Max |
|---|---|---|---|---|
| One-time email security scan | ✓ | ✓ | ✓ | ✓ |
| Multi-resolver DNS cross-check | ✓ | ✓ | ✓ | ✓ |
| PDF report via email | ✓ | ✓ | ✓ | ✓ |
| Monitored domains | — | 1 | Up to 10 | Up to 50 |
| Rescan cadence | — | Daily | Every 6 hours | Every 2 hours |
| Drift email alerts | — | ✓ | ✓ | ✓ |
| Scan history with diff view | — | ✓ | ✓ | ✓ |
| Slack integration | — | — | ✓ | ✓ |
| Generic outbound webhook | — | — | ✓ | ✓ |
| Weekly email digest | — | ✓ | ✓ | ✓ |
| Team invites | ✓ | ✓ | ✓ | ✓ |
| Audit log access | ✓ | ✓ | ✓ | ✓ |
| HTTP security-headers scanner | — | ✓ | ✓ | ✓ |
| DMARC aggregate ingestion + sender visibility | — | ✓ | ✓ | ✓ |
| CMMC Level 2 self-assessment (all 110 controls) | — | ✓ | ✓ | ✓ |
| SSP markdown + POA&M CSV export | — | ✓ | ✓ | ✓ |
| Public REST API (Bearer-key auth) | — | — | ✓ | ✓ |
| SPF record builder | ✓ | ✓ | ✓ | ✓ |
| DMARC record validator | ✓ | ✓ | ✓ | ✓ |
| BIMI compliance check | ✓ | ✓ | ✓ | ✓ |
| TLS certificate scan | — | ✓ | ✓ | ✓ |
| Cookie security audit | — | ✓ | ✓ | ✓ |
| Vendor portfolio + auto-attestation | — | — | ✓ | ✓ |
| Phishing simulations + training | — | — | ✓ | ✓ |
| Policy library (CMMC / SOC 2 / NIST CSF templates) | — | — | ✓ | ✓ |
| Public trust page | — | — | ✓ | ✓ |
| Domain verification + GoDaddy auto-add | — | — | ✓ | ✓ |
| Audit-log CSV export | — | ✓ | ✓ | ✓ |
| Org-logo branding on PDFs + trust page | — | — | — | ✓ |
| SAML SSO + SCIM (5-minute setup wizard) | — | — | — | ✓ |
| Dedicated Slack + named CSM | — | — | — | ✓ |
| Quarterly security-program review | — | — | — | ✓ |
| Custom MSA + custom DPA | — | — | — | ✓ |
FAQ
Do I need to verify my domain to scan it?
No — the free scan reads only public DNS records. We never ask for credentials, and we don't store anything that wasn't already in the open. For continuous monitoring we'll add a TXT-record verification step before scheduled scans start.
Can I cancel any time?
Yes. Billing is monthly via Stripe; cancel from the Customer Portal inside the app and your access stays active until the end of the period.
Do you sell my scan results?
No. Your scans are visible only to your organization. Public share links work via an unguessable token you choose to share.
What's the difference between drift alerts and the weekly digest?
Drift alerts fire immediately when a check transitions (e.g., DMARC goes from p=reject to p=none). The weekly digest is a Monday-morning roll-up of everything that happened in the trailing 7 days.
Can I use Pro for more than 10 domains?
The Max plan covers up to 50 monitored domains, includes SAML SSO + SCIM provisioning via a guided setup wizard (no IAM engineer required), and ships a dedicated CSM + custom MSA. For more than 50 domains, or for anything still on our roadmap (SIEM streaming, custom trust-page domains) that you need contractually committed before we ship it broadly — email sales@resolute.security and we'll work it out.
What changed in the Pro tier?
Pro now includes everything we've built since the original release: the vendor portfolio with auto-attestation questionnaires, security-awareness training + phishing simulations, the policy library with CMMC / SOC 2 / NIST CSF templates, the public trust page, and every integration. Existing Pro customers were not re-priced.
Need more than 50 domains, a custom MSA, or commitments on roadmap items? Get in touch about the Max plan.