Cheaper than one leaked key.
Start free. Turn on monitoring when you're ready to make sure a clean app stays clean — every single deploy.
Free
$0
Your security score + a capped dashboard.
- Full security report
- Plain-English severity ratings
- Copy-paste fix guides
- Your own dashboard for 1 app
Indie
$19/mo
For the app you actually care about.
14-day free trial · no card to start
- Everything in Free
- Auto re-scan on every deploy
- Weekly security digest
- Up to 3 apps
- Fix history & regression tracking
Studio
$49/mo
For people shipping a portfolio of apps.
14-day free trial · no card to start
- Everything in Indie
- Up to 25 apps
- Deeper authenticated checks
- Shareable client-ready reports
- Priority support
Paid plans start with a 14-day free trial — no card required. Billed monthly after, cancel anytime.
Questions, answered
Is the scan safe to run?
Yes. Every check is read-only and non-intrusive — we look at what your site already serves publicly and probe for files that should never be reachable. We never log in, submit forms, or touch your data.
Can I only scan apps I own?
You should only scan apps you own or have permission to test. Running security scans against sites you don't control may be against their terms or the law.
Why a subscription for security?
Because security is never "done." Every deploy can reintroduce a leaked key or drop a header. The free scan finds today's problems; monitoring makes sure tomorrow's deploy doesn't quietly bring them back.
Do I need to install anything?
No. Basepoint works from your public URL alone — no agents, no repo access, no code changes. Paste a link and you're done.
What if I'm not technical?
That's exactly who this is for. Every finding is written in plain English with a clear, copy-paste fix you can hand to your AI coding tool.