Pricing

Plans that scale with your business.

Start with a free scan that finds every SaaS and AI app, your risky OAuth grants, and your security posture. Paid plans add the full findings detail, the compliance crosswalk, continuous monitoring, and the audit ready report, priced by how many users you scan from $9 a month. All paid plans run a 12 month term.

Users

The free scan covers up to 80 users. Size sets Shadow IT and Shadow IT Plus pricing; Shadow IT Complete is unlimited and flat. Annual billing includes one free month.

See what is in your environment
Free
$0/mo
No card required
Up to 80 users
free, in one organization
  • Identity and email discovery
  • Shadow IT and Shadow AI discovery
  • OAuth and connected app inventory
  • Full findings summary and posture score
  • Watermarked PDF snapshot
Start free
The full report, mapped and monitored
Shadow IT
$9/mo
or $99/yr (one free month)
Up to 80 users
in one organization
  • Everything in the free scan
  • Full findings with remediation steps and affected accounts
  • OAuth blast radius audit with scopes and consent
  • Compliance crosswalk: NIST, CIS, SOC 2, ISO 27001, HIPAA, AI governance
  • Continuous monitoring and drift alerts
  • Audit ready executive PDF
Choose Shadow IT
Adds spend, license waste, and accuracy
Shadow IT Plus
$29/mo
or $319/yr (one free month)
Up to 80 users
in one organization
  • Everything in Shadow IT
  • Financial transaction cross reference
  • Sharper Shadow IT classification accuracy
  • Wasted spend and unused license detection
Choose Shadow IT Plus
Everything, including endpoint Flat rate
Shadow IT Complete
$189/mo
or $2,079/yr (one free month)
Unlimited users
not sized by the selector
  • Everything in Shadow IT Plus
  • Endpoint security posture
  • Identity, email, financial, and endpoint
Choose Shadow IT Complete

What is free, and what paid adds.

The free scan shows you what is in your environment and what is wrong. Paid plans add the detail to act on it, the compliance crosswalk to prove it, and monitoring to keep it current. The paid lines differ by what they add on top and by user count.

The free scan
  • Identity and email discovery across Microsoft 365 or Google Workspace
  • Shadow IT and Shadow AI discovery, every app by name
  • OAuth and connected app inventory
  • The full findings list and your security posture score
  • A watermarked PDF snapshot of the scan
  • Up to 80 users, no card required
Every paid plan adds
  • Full findings with remediation steps and the affected accounts
  • OAuth blast radius audit with scopes, holders, and consent
  • Compliance crosswalk: NIST CSF, CIS v8, SOC 2, ISO 27001:2022, HIPAA, plus AI governance
  • Vendor security intelligence (SOC 2, ISO, breach data, SSO and MFA posture)
  • Continuous monitoring and drift analysis between scans
  • The audit ready executive PDF with posture scoring and action plans
  • Plus adds spend and license waste, Complete adds endpoint posture, and Enterprise is quote based

Larger or regulated organization?

Enterprise is quote based, with a dedicated security engineer, included remediation hours, SSO, an MSA and DPA, and an SLA. It is also the right path if you have more than 350 users on Shadow IT or Shadow IT Plus. Scoped to your environment.

Contact sales

Managing multiple clients?

FailSafe for MSPs gives you a multi tenant dashboard, role based access, white label reporting, and seat pool billing across your entire client portfolio. Per seat pricing, custom quoted to your portfolio.

For MSPs

Frequently asked questions.

What is the difference between the plans?

Every plan includes compliance mapping, Shadow IT and Shadow AI discovery, vendor security intelligence, OAuth auditing, drift analysis, and executive PDFs. Shadow IT connects Microsoft 365 or Google Workspace and finds every app. Shadow IT Plus adds a transaction export to surface wasted spend and unused licenses. Shadow IT Complete adds the endpoint scan and is unlimited on users. Shadow IT and Shadow IT Plus are priced by user count, 80, 150, or 350. Enterprise is quote based for SSO, an MSA and DPA, an SLA, and a dedicated engineer.

Can I switch plans later?

Upgrades take effect immediately and are prorated against your current billing period. Downgrades take effect at the end of your 12 month term. All plans run a 12 month term regardless of billing cycle.

What happens if I exceed my user cap?

You will get an in app notification when you cross the threshold and a grace period to upgrade. We do not silently truncate your scans or hide users from your reports.

Do you offer a free trial?

Not currently. Pick a tier above and sign up directly to run your first scan. All plans run a 12 month term. See the Refunds and Cancellations Policy for cancellation and refund details.

What about cancellation and refunds?

All plans are 12 month subscriptions. Cancellation and mid term refund requests are reviewed case by case at our discretion, except where applicable consumer protection law provides otherwise. Full details on the Refunds and Cancellations page.

Are my Microsoft 365 or Google Workspace credentials safe?

FailSafe uses official OAuth and service account flows that you authorize. We hold no passwords. We have read only scopes. You can revoke access at any time from your Microsoft or Google admin console. Full detail in the Privacy Policy.

What if I have more than 350 users?

Shadow IT Complete covers unlimited users at a flat price. For Shadow IT or Shadow IT Plus above 350 users, reach out to sales and we will scope your environment and provide a custom quote.

See what your environment really looks like.

FailSafe surfaces Shadow IT, drift, OAuth sprawl, and compliance gaps that your IT team cannot see manually. Pick a plan that fits and start your first scan today.

Sign up For MSPs