Pricing
Simple, transparent pricing
Your first scan is always free. Upgrade when you need AI-powered fix prompts, trust badges, and ongoing monitoring.
Free
$0
1 scan per month with basic findings
- Security scan
- Security score & grade
- Detailed findings
- AI fix prompts
- Trust badge
- 90-day scan history
- Unlimited scan history
- Continuous monitoring
- Security alerts
Launch Audit
$29one-time
Deep audit with AI-powered fix prompts
- Security scan
- Security score & grade
- Detailed findings
- AI fix prompts
- Trust badge
- 90-day scan history
- Unlimited scan history
- Continuous monitoring
- Security alerts
Most Popular
Starter
$19/mo
10 scans/month with fix prompts and badge
- Security scan
- Security score & grade
- Detailed findings
- AI fix prompts
- Trust badge
- 90-day scan history
- Unlimited scan history
- Continuous monitoring
- Security alerts
Pro
$49/mo
Unlimited scans, monitoring, and alerts
- Security scan
- Security score & grade
- Detailed findings
- AI fix prompts
- Trust badge
- 90-day scan history
- Unlimited scan history
- Continuous monitoring
- Security alerts
FAQ
Common questions
What does SafeToShip actually check?
We run 10 security modules against your live URL: security headers, SSL/TLS, exposed files, leaked API keys in JavaScript, Supabase RLS, Firebase rules, CORS policy, cookie flags, email authentication (SPF/DKIM/DMARC), and tech stack detection. Each check runs in parallel and completes in under 60 seconds.
Is this safe? Will it break my site?
Completely safe. We only make read-only requests, the same ones any visitor's browser makes. We never modify data, submit forms, or attempt to exploit anything. For database checks (Supabase/Firebase), we read at most one row and never write.
I'm not technical. Will I understand the results?
That's exactly who we built this for. Every finding is explained in plain English with a severity level (Critical, High, Medium, Low). Paid plans include AI-generated fix prompts tailored to your specific AI coding tool. Just paste them in and your AI assistant will fix the issue.
What are fix prompts?
Fix prompts are copy-paste instructions written for your AI tool (Cursor, Lovable, Bolt, v0, etc.). Each prompt explains the security issue and tells your AI exactly how to fix it. Think of them as a security expert translating findings into language your AI assistant understands.
How is the security score calculated?
You start at 10.0 and lose points per finding: Critical issues cost 3.0 points, High costs 1.5, Medium costs 0.5, and Low costs 0.15. Grades map to scores: A (9-10), B (7-8.9), C (5-6.9), D (3-4.9), F (0-2.9). The average vibe-coded app scores 4.0-6.5.
What's the difference between Starter and Launch Audit?
Launch Audit is a one-time $29 deep scan with fix prompts, perfect for shipping a single project. Starter ($19/month) gives you 10 scans per month, scan history, and a trust badge. It's better if you're actively building and want ongoing monitoring.
Can I use the trust badge on my site?
Yes! Starter and Pro plans include a dynamic SVG badge you can embed on your site. It shows your latest score and grade, updates automatically with each scan, and links to a public verification page. You need a score of 7.0+ with zero critical or high findings to qualify.
Do you store my data or secrets?
We never store full API keys or secrets. Findings show only the first 8 characters. Scan results are stored so you can view history, but we don't retain raw response data. You can delete all your data at any time from settings.
Can I cancel anytime?
Yes. Both Starter and Pro are month-to-month with no commitment. Cancel from your dashboard and you'll keep access until the end of your billing period. You can also manage billing, upgrade, or downgrade through the Stripe customer portal.
What happens when I hit my scan limit?
Free users get 1 scan per month. Starter gets 10. When you hit the limit, you'll see a clear upgrade prompt. Pro users get unlimited scans. Limits reset on your billing renewal date.