Built for your scope, not a tier.

Q: Do you offer discounts for non-profits / startups / researchers?

Yes. See the programs on the Pricing page. Apply through the linked pages; we review each application individually.

Deepinfo is priced per scope, not per tier. Three reasons: every customer's external surface is different sizes, every team uses a different mix of modules, and forcing real organizations into pre-cut tiers usually means paying for things you don't use, or hitting a ceiling on things you do. Talk to us. We'll quote based on what you actually need.

Talk to us about pricing

HOW WE QUOTE

Four things that shape the number.

Every quote starts here. The mix is different for every customer, which is why a tier card grid would mislead more than it would help.

Your scope.

Asset count is the biggest driver. We measure it as the count of internet-facing assets we discover and monitor on your behalf, domains, subdomains, IPs. The more we monitor, the more compute, scanning, and storage are involved. Smaller scopes (under a few thousand assets) are quoted differently from very large scopes (hundreds of thousands).

The modules you use.

EASM, CTI, BRP, TPRM, DSI. Most customers start with one or two and add the others as their program matures. You don't pay for modules you don't use. You can add modules later without re-papering the deal.

Integration depth.

Standard SIEM/SOAR integrations are included. Custom integrations, dedicated tenancy, on-premise deployment options, or non-standard data residency requirements affect the quote.

Service component.

The platform is self-serve by default. Some customers add managed services on top: dedicated CSM, white-glove onboarding, threat-research advisory, or fully managed program operation. These are optional.

STANDARD INCLUSIONS

What every engagement includes.

Continuous monitoring

Of every monitored asset across 7 data layers (Whois, IP-Whois, DNS, SSL, port scan, HTTP, web data).

Vulnerability intelligence

With EPSS exploit-prediction scoring and CISA KEV "actively exploited" flagging on every CVE.

Compliance framework mapping

OWASP 2021, PCI 3.2, PCI 4.0, HIPAA, CWE, CAPEC, WASC built in.

Reports

Executive summary, weekly progress, asset detail, vulnerability detail and overview, issue detail and overview, CTI email breach summary.

Notifications

Instant, hourly, daily, weekly, or monthly across 15 event types.

Standard integrations

With SIEMs, SOARs, ticketing systems.

Dedicated CSM

For every customer.

Trust Center commitments

See /trust for certifications, sub-processors, data handling, and audit details.

PROGRAMS AND DISCOUNTS

Three programs worth knowing about.

Startups.

Reduced pricing for early-stage companies under a defined revenue threshold.

See the program

Researchers.

Free or discounted access for academic researchers and security researchers using Deepinfo data for scientific or non-commercial research.

See the program

Non-profits.

Free or substantially discounted access for registered non-profit organizations.

See the program

Volume discounts apply for multi-year commitments and large asset scopes. We don't publish percentages, they vary by scope and term, but we'll show them at quote time.

PRICING QUESTIONS

Everything we get asked about pricing.

Why don't you publish prices?

Because the question "what does Deepinfo cost?" doesn't have a single useful answer. A retail bank with 80,000 internet-facing assets across 12 subsidiaries pays a different number than a series-B SaaS company with 200 assets. Publishing a number small enough to not scare the SaaS company would make the bank's procurement team distrust it; publishing a number large enough to be defensible for the bank would scare off everyone smaller. Talk to us. We can quote in a single call.

What counts as an asset?

An asset is any internet-facing thing we monitor on your behalf. Domains, subdomains, and IP addresses each count as one asset. We don't double-count: a domain and its subdomains are separate assets but they're billed at the asset level, not at "domain plus all subdomains" combined. We discover most assets automatically once we have a seed (your main domain). You only pay for what you actually monitor, discovered assets you ignore don't count.

Can we trial Deepinfo?

Yes. Two ways. The Free Threat Exposure Report runs Deepinfo against your domain and gives you a snapshot in under 60 seconds, no commitment. For a more comprehensive evaluation, we run paid pilots that scope a portion of your environment over 30 to 60 days, with a clear path to convert if you continue.

Is there a minimum commitment?

Annual commitment is standard. Multi-year (2-3 years) gets pricing concessions. Quarterly is possible in specific cases, talk to us.

Do you offer discounts for non-profits / startups / researchers?

Yes. See the programs above. Apply through the linked pages; we review each application individually.

How does pricing change as we grow?

Pricing is structured around scope tiers, with overage handling rather than cliff transitions. As your asset count grows, you'll move up tier lines at predictable points; we don't surprise customers with sudden jumps mid-term. We also re-baseline at renewal.

Are managed services included?

Standard onboarding, dedicated CSM, and customer support are included. Optional: managed program operation, custom analyst services, threat research advisory. Quote separately at engagement design.

What about Data Feeds and API Services pricing?

Data Feeds and API Services are priced separately from the platform. Per-feed and per-API tier pricing depends on volume and frequency. Some customers buy only Data & API; others buy both. Talk to us about Data & API pricing, different conversation than platform.

GET A QUOTE

Tell us your scope. We'll send a number.

Forty-five-minute call with a Deepinfo sales engineer. We'll talk through your environment, the modules you're considering, and any integration constraints. You leave with a written quote.

Talk to us about pricing Read our methodology