Start with free Surface scans. Upgrade to Builder for $19/mo and we'll log in, check who can see what, and hand you copy-paste fixes for everything we break.
See what's exposed. Zero commitment.
Full security scans for builders shipping to real users.
For teams and agentic pipelines that scan often.
For teams and agencies shipping at scale.
You always know what a scan costs before you click. No variable pricing, no surprises.
Quick check — exposed secrets, default settings, leaky Supabase tables, screenshots
Full audit — logs in, tries other users' data, injects nasty inputs, and chains bugs together
Running out mid-month? Top up instantly. One-time purchase, available immediately, valid through the end of your billing period.
$0.50 per credit
one-time
Buy in multiples of 10, up to 60 at a time
Builder & ProScroll for more →
| Feature | Free | Builder | Pro | Enterprise |
|---|---|---|---|---|
| Monthly allowance | 3 Surface | 30 credits | 120 credits | Unlimited |
| Surface & Deep scans | — | |||
| Team members | 1 | 3 | 10 | Unlimited |
| Login & access control testing | — | |||
| Screenshot evidence | — | |||
| Detailed vulnerability reports | — | |||
| API access | — | |||
| Priority support | — | — | ||
| SSO / SAML | — | — | — | |
| Audit log | — | — | — | |
| Priority scan queue | — | — | — |
Not at all. Flowpatrol is built for builders, not security engineers. Every finding comes with a plain-English explanation and a fix you can copy-paste into your AI coding tool.
Surface (1 credit) is the quick check — exposed secrets, default settings, leaky Supabase tables (RLS), and screenshots — about 1-3 minutes. Deep (5 credits) is the full audit — it actually logs in, tries to access other users' data, injects nasty inputs, and chains bugs together (IDOR, SQL injection, and the rest) — about 15-30 minutes.
Anything you can reach in a browser. SPAs, server-rendered apps, REST APIs — if it's live on the web, we can test it. Works with any stack, any framework.
Surface scans cost 1 credit, Deep scans cost 5. All paid plans include both modes — the difference is how many credits you get each month. If you run out mid-month, you can buy extra credits as a one-time top-up starting at $5 for 10 credits. You always know the cost before you click.
Anytime. Upgrade, downgrade, or cancel — changes take effect at the start of your next billing cycle. No lock-in.
Flowpatrol never touches your codebase. No repo access, no GitHub integration, no source code upload — we only interact with your live, deployed URL. All scan data is encrypted at rest and in transit, and we use Row-Level Security to keep every organization's data completely isolated.