Start free. Upgrade when you need the fixes and the evidence.
Monitor up to 5 domains free, continuously. Upgrade when you need exact fixes, faster checks and audit-ready evidence across more of your domains.
Pricing shown in {cur} based on your region. You can switch currency anytime. Pricing shown in {cur}. You can switch currency anytime.
Free
Continuous Trust Score across your domains.
- Up to 5 domains, 10 monitored endpoints
- Trust Score across email, DNS, certificates and TLS
- Daily continuous monitoring
- All findings with a remediation preview
- Email alerts
Starter
Continuous monitoring for a small team's domains.
- Up to 5 domains, 25 monitored endpoints
- Hourly monitoring across every trust module
- Plain-language fix explanations for every finding
- Email alerts and a weekly posture digest
- REST API with self-service API keys
Pro
Continuous cover for any company with a public presence.
- Up to 25 domains, 100 monitored endpoints
- Remediation Center — exact fix, one-click re-verify
- Priority Fix Playbooks — findings become a prioritized fix plan with copy-paste fixes
- Certificate Transparency and subdomain-takeover detection
- DMARC analytics, TLS-RPT and browser security (CSP) reports
- Slack & Teams alerts, 1-year history
Growth
For teams running a fleet of domains and services.
- Up to 250 domains, 1,000 monitored endpoints
- Single sign-on (SAML/OIDC) with SCIM provisioning
- Machine-identity inventory — internal agent and cloud CA connectors
- Post-quantum readiness scoring and CBOM export
- Registrar and blacklist (RBL) monitoring, 2-year history, priority support
Enterprise & Compliance
Regulated, NIS2-scope and large-portfolio organizations.
- 1,000+ domains, custom packs
- Signed NIS2 evidence and audit export
- eIDAS QWAC/QSealC, OV/EV registry and C2PA verification
- DMARC GeoMap, PagerDuty and n8n alerts
- Custom retention, SLA and procurement support
Prices exclude VAT. Annual billing saves 20%. You're billed in the currency you select at checkout.
What's included at each tier
| Capability | Free | Starter | Pro | Growth | Ent. & Compliance |
|---|---|---|---|---|---|
| Coverage | |||||
| Active domains | 5 | 5 | 25 | 250 | 1,000+ |
| Monitored endpoints (hosts we actively watch) | 10 | 25 | 100 | 1,000 | 5,000+ |
| Scan frequency | Weekly | Hourly | Every 15 min | Every 5 min | Every 5 min |
| History retention | — | 6 months | 1 year | 2 years | Custom |
| Extra active domains | — | Add-on | Add-on | Add-on | Add-on |
| Find problems | |||||
| Trust Score (email, DNS, cert, TLS) | |||||
| Certificate & TLS health with expiry warnings | |||||
| Email spoofing protection checks (SPF, DKIM, DMARC) | |||||
| DNS security & domain registration (DNSSEC, transfer locks) | |||||
| Certificate Transparency monitoring (every cert issued in your name) | — | — | |||
| Forgotten-subdomain & takeover detection | — | — | |||
| DMARC report analytics & encrypted-mail delivery reports (TLS-RPT) | — | — | |||
| Browser security (CSP) reports for your websites | — | — | |||
| Registrar monitoring & mail blacklist (RBL) checks | — | — | — | ||
| Look-alike domains & takedown workflow | — | — | Add-on | Add-on | Add-on |
| Certificate issuance-velocity analytics | — | — | Add-on | Add-on | Add-on |
| Fix them | |||||
| Remediation guidance | Preview | Plain-language explanations | Exact fix + one-click re-verify | Exact fix + one-click re-verify | Exact fix + one-click re-verify |
| Priority Fix Playbooks — prioritized fix plan, quick wins first | — | — | |||
| Alert channels | + Slack & Teams | + Slack & Teams | + PagerDuty & n8n | ||
| Weekly posture digest | |||||
| Certificate auto-renew agent (ACME; keys stay on your servers) | — | — | Add-on | Add-on | Add-on |
| See everything you own | |||||
| Machine-identity inventory (external + internal certs, SSH keys) | — | — | — | ||
| Internal discovery agent & cloud CA connectors (AWS ACM, EJBCA) | — | — | — | ||
| Post-quantum readiness score & migration roadmap | — | — | — | ||
| Cryptographic bill of materials (CBOM export) | — | — | — | ||
| Prove it | |||||
| Signed NIS2 evidence reports (auditor-verifiable) | — | Add-on | Add-on | Add-on | |
| eIDAS qualified-certificate & OV/EV registry verification | — | Add-on | Add-on | Add-on | |
| Content-provenance (C2PA) signing-certificate monitoring | — | Add-on | Add-on | Add-on | |
| Signed evidence export bundles for auditors | — | Add-on | Add-on | Add-on | |
| Full audit-trail export | — | — | — | — | |
| DMARC failure GeoMap | — | — | — | — | |
| DORA supplier-trust evidence | — | — | Add-on | Add-on | Add-on |
| Run it your way | |||||
| Single sign-on (SAML/OIDC) & SCIM provisioning | — | Add-on | Add-on | ||
| Two-factor authentication & passkeys | |||||
| REST API & self-service API keys | 60 req/min | 300 req/min | 600 req/min | 6,000 req/min | 12,000 req/min |
| MSP & agency partner program (multi-client, white-label) | — | Add-on | Add-on | Add-on | Add-on |
| Custom retention & SLA | — | — | — | — | |
Monitored endpoints are the billed meter — a host we actively watch, such as api.example.com. Domain counts are fair-use guidance. "Add-on" means available on that plan as a priced add-on.
See everything. Fix what matters.
Most tools blur the bad news until you pay. SkyQon does the opposite: every plan — including the free scan — shows you the complete diagnosis. Paid plans turn that diagnosis into the fix.
You see the whole picture
No finding is hidden, blurred or teased — the diagnosis is always fully visible.
- Expiring and misconfigured certificates
- Spoofable domains — SPF, DKIM, DMARC and MTA-STS gaps
- DNS and DNSSEC weaknesses
- Exposed and shadow assets in your zones
- Look-alike domains and impersonation in Certificate Transparency logs
You get the fix
The diagnosis becomes an action plan your team can execute.
- The exact copy-paste fix for every finding
- One-click re-verify once you have applied it
- Priority Fix Playbooks — ranked, quick wins first
- Slack and Teams routing so the right person acts
No blurred-out findings. No fake urgency. You always know exactly where you stand — and you choose when to let us fix it.
Add specialist coverage to any plan
Layer these onto a subscription, or buy the one-time services standalone.
Brand Protection
Look-alike domains, typosquats and homoglyphs surfaced with anti-phishing takedown workflows.
NIS2 Evidence Pack
Audit-ready reporting, evidence history and executive summaries with remediation status.
Post-Quantum Roadmap
Cryptographic inventory, quantum risk scoring and an exportable migration roadmap.
DORA Supplier Trust
Supplier-readiness trust page, ICT third-party monitoring and audit-ready DORA evidence for financial-sector teams and their vendors.
Certificate Auto-Renew
Certificates renew themselves — our agent runs ACME on your servers (keys never leave them) and SkyQon proves every renewal happened. Built for the 47-day certificate era.
Advanced CT Monitoring
High-frequency Certificate Transparency polling with issuance-velocity analytics — spot certificate bursts and unexpected CAs within minutes.
Also available: extra domains from €5/domain/mo · enterprise SSO à la carte on any plan · MSP & agency partner program · DORA trust center.
Pricing questions, answered
Can I change plans later?
What counts as a domain or endpoint?
Can I buy compliance evidence or SSO without changing plans?
Is the free plan really free?
Where is my data hosted?
Do you offer MSP or partner pricing?
See where you stand in three minutes.
Run a free scan, get a scored report, and decide from there. No card, no agent.