Plans & Pricing
Start with visibility, expand to enterprise compliance.
Start with visibility into your Security, Privacy, or PCI compliance posture across a small number of websites or mobile applications — and expand to comprehensive enterprise governance and compliance for every site and application, across every jurisdiction, including more than 50 global standards and frameworks with Feroot's DUX Platform.
Trusted by leading brands
Assess
Great for companies with several websites or mobile applications that must comply with privacy laws and standards. Covers use cases including privacy compliance for third-party scripts and pixels, cookie and tracker inventory, consent audit, age verification, and PII discovery across your digital properties.
- Up to 10 unique websites and mobile applications; unlimited dynamic websites
- Unlimited number of website visitors
- Discover tracking technologies, pixels, cookies and vendors
- Comprehensive multi-jurisdiction privacy compliance
- Compliant use of AI
- API and SSO integration
Priced by
Govern
Ideal for companies with multiple websites that must comply with global and U.S. state privacy laws and standards. Covers use cases including real-time consent enforcement, AI-powered consent audit, age verification, third-party script and pixel governance, PII monitoring, and ongoing privacy compliance automation.
- Up to 10 unique websites and mobile applications; unlimited dynamic websites
- Unlimited number of website visitors
- Discover tracking technologies, pixels, cookies and vendors
- Comprehensive multi-jurisdiction privacy compliance
- Enforce Compliance Policies
- AI-powered privacy monitoring and protection
- Compliant use of AI
- API and SSO integration
Priced by
Enterprise
The complete Feroot DUX Platform for privacy. Unlimited scale across every website, mobile application, and jurisdiction — combining DXComply with DXSecure and PaymentGuard for organizations that require enterprise-wide privacy governance, security, and PCI compliance in a single deployment.
- Unlimited websites and mobile applications
- Unlimited number of website visitors
- Discover tracking technologies, pixels, cookies and vendors
- Comprehensive multi-regulation privacy compliance (50+ frameworks)
- AI-powered consent audit across all regulations
- Enforce Compliance Policies
- Runtime privacy monitoring and protection
- AI runtime compliance automation suite — full platform
- Compliant use of AI
- API and SSO integration
- Enterprise SLA
Priced by
Add-On
Additional Traffic & Regulations
Additional bundles of daily events and privacy regulations are available as you grow — including GDPR, CCPA/CPRA, PIPEDA, HIPAA, DORA, Australian Privacy Act, UK DPA, and more. Limits are visible in your contract and platform — no surprise overage fees.
| Assess | Govern | Enterprise | |
|---|---|---|---|
| Monthly Website Visitors | Unlimited | Unlimited | Unlimited |
| Domain Coverage | Up to 10 Domains | Up to 10 Domains | Custom (10–5,000) |
| Mobile Applications | ✓ | ✓ | ✓ |
| Deployment Method | Web Crawler + Script Tag | Web Crawler | Web Crawler + Script Tag |
| AI Runtime Compliance — Global Privacy | |||
| Global Privacy Laws Coverage | ✓ | ✓ | ✓ |
| Jurisdiction-Specific Reporting | ✓ | ✓ | ✓ |
| Automated AI-based analysis and reporting | ✓ | optional | optional |
| Consent Management Audit | |||
| Consent Choice Analysis | ✓ | optional | ✓ |
| Geographic Consent Rules | ✓ | optional | ✓ |
| Privacy Intelligence | |||
| Advanced AI Privacy Analysis | ✓ | ✓ | ✓ |
| Data Collection Monitoring | ✓ | ✓ | ✓ |
| Runtime Privacy Monitoring (Script Tag) | ✓ | — | ✓ |
| Data Protection | |||
| Alerts and Notification Policies | ✓ | ✓ | ✓ |
| Automatic Data Asset Leakage Prevention | ✓ | ✓ | ✓ |
| CHD, PII, PHI Exfiltration Detection | ✓ | ✓ | ✓ |
| Compliance Automation | |||
| Automated Compliance Reports | ✓ | ✓ | ✓ |
| AI Compliance Attestation Analysis | ✓ | ✓ | ✓ |
| Continuous attestation and historical proof of compliance | ✓ | ✓ | ✓ |
| Vendor Management | |||
| Detection and Inventory | ✓ | ✓ | ✓ |
| Monitoring and control third-party data access | ✓ | ✓ | ✓ |
| Integration & Management | |||
| Third-party Integrations (SIEM / SOC) | ✓ | ✓ | ✓ |
| Vendor Risk Management | ✓ | ✓ | ✓ |
| Integration & API Access | ✓ | ✓ | ✓ |
| Single-Sign-On (SSO) | ✓ | ✓ | ✓ |
| Support | |||
| Full Implementation Assistance | ✓ | optional | ✓ |
| Support Level | Support SLA | Tickets + Chat | Support SLA |
| SOC 2 Type II Compliant | ✓ | ✓ | ✓ |
| Business Associate Agreement (BAA) included | ✓ | optional | ✓ |
Assess
For companies with several websites or mobile applications with e-commerce payment pages that must comply with PCI DSS 4 Requirements 6.4.3 and 11.6.1. Covers use cases including payment page script inventory, unauthorized script detection, change-detection baselining, and QSA-ready compliance evidence.
- PCI DSS 4 Requirement 6.4.3
- PCI DSS 4 Requirement 11.6.1
- Up to 10 unique websites and mobile applications; unlimited dynamic websites
- Up to 20 payment pages
- Unlimited number of website visitors
- Advanced Security Policies and Rules
- Compliant use of AI
- SOC/SIEM Integrations
- API and SSO integration
Priced by
Govern
Best for companies with many e-commerce payment pages that must comply with PCI DSS 4 Requirements 6.4.3 and 11.6.1. Covers use cases including runtime payment-field protection, cardholder data access monitoring, script integrity enforcement, skimming and Magecart attack prevention, and continuous PCI evidence automation.
- PCI DSS 4 Requirement 6.4.3
- PCI DSS 4 Requirement 11.6.1
- Up to 10 unique websites and mobile applications; unlimited dynamic websites
- Up to 20 payment web pages
- Unlimited number of website visitors
- Advanced Security Policies and Rules
- Compliant use of AI
- SOC/SIEM Integrations
- API and SSO integration
Priced by
Enterprise
The complete Feroot DUX Platform for PCI compliance. Unlimited payment pages across unlimited domains — combining PaymentGuard with DXComply and DXSecure for organizations classified as Merchant SAQ A-EP or SAQ D that require enterprise-wide PCI, privacy, and security compliance in a single deployment.
- PCI DSS 4 Requirement 6.4.3
- PCI DSS 4 Requirement 11.6.1
- Unlimited websites and mobile applications
- Unlimited payment pages
- Unlimited number of website visitors
- Advanced Security Policies and Rules
- GRC AI automation suite — PCI Content Pack
- API and SSO integration
- Enterprise SLA
Priced by
Add-On
Additional Traffic
Additional bundles of daily events are available as you grow. Traffic add-ons apply to script tag deployment only — crawler-only customers are never charged on traffic volume.
| Assess | Govern | Enterprise | |
|---|---|---|---|
| Monthly Website Visitors | Unlimited | Unlimited | Unlimited |
| Unique Websites & Mobile Apps | Unlimited | Up to 10 | Up to 10 |
| Payment Pages | Unlimited | Up to 20 | Up to 20 |
| Deployment Method | Web Crawler + Script Tag | Web Crawler | Web Crawler + Script Tag |
| PCI DSS 4 Compliance | |||
| PCI DSS 4 Requirement 6.4.3 | ✓ | ✓ | ✓ |
| PCI DSS 4 Requirement 11.6.1 | ✓ | ✓ | ✓ |
| Script Inventory & Authorization Evidence | ✓ | ✓ | ✓ |
| Runtime Payment Page Monitoring (Script Tag) | ✓ | — | ✓ |
| Ongoing PCI Evidence Automation | ✓ | — | ✓ |
| GRC AI — PCI Content Pack | ✓ | — | optional |
| Security & Monitoring | |||
| Advanced Security Policies and Rules | ✓ | ✓ | ✓ |
| Payment-Field Access Visibility | ✓ | — | ✓ |
| Blocking and Runtime Control | ✓ | — | ✓ |
| Integration & Support | |||
| SOC/SIEM Integrations | ✓ | ✓ | ✓ |
| API and SSO integration | ✓ | ✓ | ✓ |
| Support Level | Support SLA | Tickets + Chat | Support SLA |
| SOC 2 Type II Compliant | ✓ | ✓ | ✓ |
Assess
Great for companies with several websites or mobile applications that need foundational security controls. Covers use cases including third-party script inventory and risk discovery, supply chain attack detection, sensitive data exposure analysis, and JavaScript vulnerability assessment.
- Up to 10 unique websites and mobile applications; unlimited dynamic websites
- Unlimited number of website visitors
- Client-side Security for the Front End JavaScript
- Receive Realtime Alerts
- Enforce JavaScript Security Policies
- Compliant use of AI
- SOC/SIEM Integrations
- API and SSO integration
Priced by
Govern
Ideal for companies with multiple websites that require advanced security controls and AI automation to safeguard sensitive information. Covers use cases including runtime script monitoring and blocking, data exfiltration prevention, behavioral threat detection, security framework compliance (NIST CSF, OWASP Top 10), and continuous evidence automation.
- Up to 10 unique websites and mobile applications; unlimited dynamic websites
- Unlimited number of website visitors
- Client-side Security for the Front End JavaScript
- Receive Realtime Alerts
- Enforce JavaScript Security Policies
- AI automation of analysis, reports and compliance
- Security framework compliance (NIST CSF, OWASP Top 10, and more)
- Compliant use of AI
- API and SSO integration
- SOC/SIEM Integrations
Priced by
Enterprise
The complete Feroot DUX Platform for security. Unlimited scale across every website and mobile application — combining DXSecure with DXComply and PaymentGuard for organizations that require enterprise-wide client-side security, privacy governance, and PCI compliance in a single deployment.
- Unlimited websites and mobile applications
- Unlimited number of website visitors
- Hub and spoke client-side security for the front end
- AI runtime compliance automation suite — full platform
- Security framework compliance (NIST CSF, OWASP Top 10, and more)
- Compliant use of AI
- Full enterprise security stack integration
- API and SSO integration
- SOC/SIEM Integrations
- Enterprise SLA
Priced by
Add-On
Additional Traffic & Security Frameworks
Additional bundles of daily events and security frameworks (NIST CSF, OWASP Top 10, and more) are available as you grow. Limits are visible in your contract and platform — no surprise overage fees.
| Assess | Govern | Enterprise | |
|---|---|---|---|
| Monthly Website Visitors | Unlimited | Unlimited | Unlimited |
| Domain Coverage | Up to 10 Domains | Up to 10 Domains | Custom (10–5,000) |
| Mobile Applications | ✓ | ✓ | ✓ |
| Deployment Method | Web Crawler + Script Tag | Web Crawler | Web Crawler + Script Tag |
| Security Framework Coverage | ✓ | — | ✓ |
| JavaScript Security Analysis | |||
| Script Behavior Analysis | ✓ | ✓ | ✓ |
| Script Content AI Analysis | ✓ | ✓ | ✓ |
| Supply Chain Attack Detection | ✓ | ✓ | ✓ |
| Network Traffic Analysis | |||
| Request Analysis | ✓ | ✓ | ✓ |
| Data Transfer Monitoring | ✓ | ✓ | ✓ |
| Runtime Script Tag Monitoring | ✓ | — | ✓ |
| AI-Powered Security | |||
| Behavioral AI Analysis | ✓ | ✓ | ✓ |
| Predictive Threat Detection | ✓ | ✓ | ✓ |
| Runtime Protection | |||
| Script Execution Control | ✓ | — | ✓ |
| Data Exfiltration Prevention | ✓ | — | ✓ |
| Integration & Management | |||
| Third-party Integrations (SIEM / SOC) | ✓ | ✓ | ✓ |
| API Access | ✓ | ✓ | ✓ |
| Single-Sign-On (SSO) | ✓ | ✓ | ✓ |
| Support | |||
| Full Implementation Assistance | ✓ | optional | ✓ |
| Support Level | Support SLA | Tickets + Chat | Support SLA |
| SOC 2 Type II Compliant | ✓ | ✓ | ✓ |