Start free. Upgrade when you need depth.
Run unlimited public TLS and certificate scans for free, no signup. Move up to Team when you need history and shareable reports, or Enterprise when you need internal inventory across Kubernetes and cloud KMS, hybrid signing, and policy enforcement.
Free
For a first look at your public-facing post-quantum exposure.
- Unlimited public TLS & certificate scans
- 0–100 risk score with severity findings
- Shareable report URL
- Recommended migration steps
- postq CLI + public ingestion API
Team
Most popularFor security teams tracking PQC readiness over time.
- Everything in Free
- Scan history & drift tracking
- PDF report export for audits
- Scheduled re-scans
- Multiple domains & teammates
- Email support
Enterprise
For internal inventory, signing, and policy across your stack.
- Everything in Team
- Internal inventory: Kubernetes agent, AWS KMS / Azure Key Vault
- Hybrid signing (Vault) + PostQ Ledger audit trail
- Policy engine & enforcement
- SSO, SLAs, self-hosted option
- Security review, MSA / DPA / BAA support
Team pricing is introductory and may change. Enterprise pricing scales with environment size, signing volume, and deployment model. The free public scan never requires a card.
What you grow into
Free and Team focus on discovery — the scanner, scoring, and reports. Enterprise unlocks the rest of the platform as you move from finding exposure to fixing and proving it.
Quantum Risk Scanner
Continuous discovery of classical cryptography across endpoints, certificates, KMS, and code.
Hybrid Signing API
Production-grade hybrid signatures (ML-DSA + classical) with safe rollout and verification.
Policy Engine
Define and enforce cryptographic policies across your stack from a central control plane.
SDKs & CLI
Official SDKs for TypeScript, Python, and .NET, plus the postq CLI for CI/CD pipelines.
Observability
Dashboards, audit logs, and exportable reports for security and compliance teams.
Support & onboarding
Direct access to our engineering team during rollout, with SLAs available for production deployments.
Common questions
How is PostQ priced?
Pricing is based on your deployment model (cloud, self-hosted, or hybrid), the number of assets under management, and signing volume. Contact sales for a quote tailored to your environment.
Is there a free tier?
Yes. The Free plan runs unlimited public TLS and certificate scans with a shareable report, the 0–100 risk score, and CLI/API access — no signup or card. Team adds history, PDF export, and scheduled scans; internal inventory and signing are Enterprise.
How is the score calculated?
Each finding gets a severity (Critical/High/Medium/Low) and the 0–100 score is a top-heavy weighted aggregate where the worst finding dominates. The full method and known limitations are published on our methodology page.
Do you offer self-hosted deployments?
Yes. PostQ can be deployed in your own cloud or on-premises via our Helm chart and Go agent. Self-hosted plans include support and updates.
What about compliance and procurement?
We support standard procurement workflows including security reviews, MSAs, DPAs, and BAAs where applicable. Reach out and we’ll loop in the right people.