SaaS Products
Three self-serve products that we built for our own engagements and made available to anyone. Session recording with heatmaps for understanding what visitors actually do on a site. Uptime monitoring for knowing the moment something stops responding. Continuous penetration testing for staying ahead of regressions with every deploy. All flat-rate priced. All bundled into managed engagements where the work calls for them.
Products we use ourselves
Every CRO engagement we run starts by watching real visitor sessions; every uptime-sensitive system we operate gets monitored on something we control; every production deployment we manage gets scanned against the previous run. We built all three products to fit how we needed them inside our own engagements: session recording with first-party data capture so visitor traffic stays inside our infrastructure, uptime monitoring with multi-region checks so a localized regional outage gets cross-validated before it pages anyone, and continuous pen testing with regression diffs so a newly introduced vulnerability surfaces at the next scheduled scan.
The same products are available to anyone on flat-rate subscription plans, with the same data-handling guarantees we hold ourselves to internally. Pricing is on the pricing page; subscribe directly from there or from this page.
Session Recording & Heatmaps
Watch real visitor sessions. See click and scroll heatmaps. Diagnose where conversion drops on which device, on which page, for which traffic source.
Session replay
Watch full visitor sessions end-to-end. Filter by URL, source, device, country, duration, or custom events. Skip to the moments that matter via auto-detected rage clicks, dead clicks, and form abandonment.
Heatmaps
Click, scroll, and movement heatmaps per page. Segment by traffic source, device, or any custom dimension. Compare heatmaps across A/B variants without leaving the dashboard.
Privacy-first architecture
Visitor data is captured by your domain, sent directly to our servers, and held inside our perimeter end-to-end. Inputs are masked by default. Cookie banner stays optional because the implementation skips the tracking cookies that would trigger one.
Funnels & conversion analysis
Build conversion funnels from page sequences or custom events. Drill into specific drop-off cohorts. Watch the replays of users who didn’t convert. Export segments for ad-platform retargeting.
Standard plan
2,500 sessions per month across up to 5 sites. Full replay and heatmap access. Funnels, shareable session links, 90-day retention.
€99 / month
Pro plan
25,000 sessions per month across up to 50 sites. Role-based access, custom-domain script delivery, 1-year retention. Everything in Standard.
€199 / month
Uptime Monitoring
HTTP, API, TLS, and synthetic browser checks from multiple regions. Email and webhook alerts the moment something breaks, with retry-confirm logic that holds the alert until a second check confirms the failure.
HTTP & API checks
Endpoint health, response status, response time, response-body assertions (JSON path, regex, substring). Custom headers and authentication supported. Tracks SLA windows across calendar periods.
TLS & cert expiry
Certificate validity, chain integrity, expiry alerts at configurable thresholds. Catches the certificate that’s about to expire weeks before the team notices.
Multi-region checks
Checks run from multiple geographic regions so a single-region outage doesn’t generate a false-positive alert. Region-specific results visible in the dashboard.
Alerting with retry-confirm logic
Each alert waits for a confirming re-check before firing, so a single transient blip stays quiet. Severity is configurable per check. Email and webhook delivery. Integrates with Slack, on-call tools, and anything that accepts webhooks.
Standard plan
50 monitors, 5-minute check interval, 1-year uptime history, multi-region checks, Slack and on-call tool integrations.
€99 / month
Pro plan
500 monitors, 2-minute check interval, unlimited history. Synthetic browser monitoring, status page hosting, on-call rotation.
€199 / month
Continuous Penetration Testing
External attack-surface scans on a defined cadence. Passive reconnaissance through to exhaustive deep testing — run once a month, once a week, or every day. PDF findings report, CVSS scores, and a regression diff view with every scan so you see exactly what changed between runs.
Up to 53 security modules
Three scan profiles — Passive (17 modules), Active (44 modules), and Deep (53 modules). Choose at setup, switch any time from the dashboard. Covers OWASP Top 10, injection vectors, authentication weaknesses, TLS analysis, subdomain takeover, and more.
PDF report & CVSS scores
Every scan produces a PDF findings report with per-finding CVSS scores, reproduction steps, and remediation guidance. Download directly from the dashboard or share a link with your team or an auditor.
Regression diff between scans
Each new scan is diffed against the previous run. New findings, resolved findings, and regressions are highlighted so you see exactly what changed — useful for validating a fix landed and nothing new was introduced in the same deploy.
Dashboard access
Scan history, PDF downloads, and diff view available to your team from the client dashboard. No extra accounts or tooling required — everything is in the same portal as your other services.
Monthly
1 scan per month across your chosen profile. Full OWASP findings, CVSS scores, PDF report, dashboard access.
Best for: teams with a monthly release cycle
Weekly
1 scan per week — catch regressions between every release. PDF per scan, regression diff view, dashboard access.
Best for: teams shipping weekly or running CI/CD pipelines
Daily
1 scan per day for continuous monitoring. Priority findings alerts, regression diff view, PDF per scan, dashboard access.
Best for: high-velocity teams shipping multiple times per day
Product questions answered
Are these self-serve or managed?
Both. The self-serve plans are listed above and on the pricing page; you sign up, drop the snippet on your site or configure your monitors, and the data starts flowing. Managed engagements (e.g. our CRO or DevOps work) often bundle the relevant product as part of the scope, in which case our team configures and operates it for you.
Where is the data stored?
On our own infrastructure. Session-recording data is captured first-party from your domain and sent directly to our endpoints — the dataset stays inside our perimeter end-to-end. Uptime check results are stored alongside the monitor configuration. No data is shared with third parties for advertising or analytics purposes.
How does billing work?
Plans are billed as monthly subscriptions. You subscribe directly from the product page or from the pricing page, pay by card via Stripe, and get access immediately. There are no setup fees and no minimum commitments beyond the current billing period.
How does cancellation work?
Cancel any time from the dashboard. Billing stops at the end of the current billing period. Data is retained for 30 days after cancellation so you can reactivate or export it; after that, it’s purged.
Can we host the session-recording script on our own domain?
Yes — on the Pro plan we provide a custom-domain script delivery option, so the recording snippet loads from a path on your domain rather than ours. Helpful for content-security-policy setups and for any browser configurations that block third-party scripts.
Subscribe or talk to us
Subscribe to any plan directly from this page, or visit the dedicated product page for the full feature breakdown. For a custom plan, multi-product bundle, or a managed engagement that includes any of these — send us a message.
Contact us → See pricing →