Pricing

Start free. Upgrade when you need depth.

Run unlimited public TLS and certificate scans for free, no signup. Move up to Team when you need history and shareable reports, or Enterprise when you need internal inventory across Kubernetes and cloud KMS, hybrid signing, and policy enforcement.

Free

$0

For a first look at your public-facing post-quantum exposure.

  • Unlimited public TLS & certificate scans
  • 0–100 risk score with severity findings
  • Shareable report URL
  • Recommended migration steps
  • postq CLI + public ingestion API
Run a free scan

Team

Most popular
$99/month

For security teams tracking PQC readiness over time.

  • Everything in Free
  • Scan history & drift tracking
  • PDF report export for audits
  • Scheduled re-scans
  • Multiple domains & teammates
  • Email support
Request access

Enterprise

Custom

For internal inventory, signing, and policy across your stack.

  • Everything in Team
  • Internal inventory: Kubernetes agent, AWS KMS / Azure Key Vault
  • Hybrid signing (Vault) + PostQ Ledger audit trail
  • Policy engine & enforcement
  • SSO, SLAs, self-hosted option
  • Security review, MSA / DPA / BAA support
Contact sales

Team pricing is introductory and may change. Enterprise pricing scales with environment size, signing volume, and deployment model. The free public scan never requires a card.

The platform

What you grow into

Free and Team focus on discovery — the scanner, scoring, and reports. Enterprise unlocks the rest of the platform as you move from finding exposure to fixing and proving it.

Quantum Risk Scanner

Continuous discovery of classical cryptography across endpoints, certificates, KMS, and code.

Hybrid Signing API

Production-grade hybrid signatures (ML-DSA + classical) with safe rollout and verification.

Policy Engine

Define and enforce cryptographic policies across your stack from a central control plane.

SDKs & CLI

Official SDKs for TypeScript, Python, and .NET, plus the postq CLI for CI/CD pipelines.

Observability

Dashboards, audit logs, and exportable reports for security and compliance teams.

Support & onboarding

Direct access to our engineering team during rollout, with SLAs available for production deployments.

FAQ

Common questions

How is PostQ priced?

Pricing is based on your deployment model (cloud, self-hosted, or hybrid), the number of assets under management, and signing volume. Contact sales for a quote tailored to your environment.

Is there a free tier?

Yes. The Free plan runs unlimited public TLS and certificate scans with a shareable report, the 0–100 risk score, and CLI/API access — no signup or card. Team adds history, PDF export, and scheduled scans; internal inventory and signing are Enterprise.

How is the score calculated?

Each finding gets a severity (Critical/High/Medium/Low) and the 0–100 score is a top-heavy weighted aggregate where the worst finding dominates. The full method and known limitations are published on our methodology page.

Do you offer self-hosted deployments?

Yes. PostQ can be deployed in your own cloud or on-premises via our Helm chart and Go agent. Self-hosted plans include support and updates.

What about compliance and procurement?

We support standard procurement workflows including security reviews, MSAs, DPAs, and BAAs where applicable. Reach out and we’ll loop in the right people.

Let’s talk

Tell us about your environment and we’ll put together a plan that fits.