For your IT person
The technical details, straight.
If you're the one who runs email, laptops, and the store platform, you'll be asked whether we're legit. Here's exactly what we do, what we need from you, and what we'll never touch — no sales pitch.
What we monitor
Everything an attacker can see from the outside, plus the exposure that leads to a breach:
- Your domain and email authentication — SPF, DKIM, DMARC, and look-alike domains registered to impersonate you.
- Your public web presence — cloned or fake versions of your storefront, and your data showing up where it shouldn't.
- Your team's exposure to phishing — measured with controlled simulations, not guesswork.
- Credential and data leaks tied to your domain across public and dark-web sources.
How we do it
From the outside, the way an attacker would — external scans and open-source intelligence, with a human reviewing the findings on top of the automated checks. We don't install agents on your employees' machines unless you specifically ask us to.
What access we need
As little as possible. To run phishing simulations we need the list of addresses you authorize. To confirm you own a domain, we ask for a simple confirmation email or a DNS TXT record — your choice. We do not need admin on your mail platform, your store, or your servers.
What we never touch
We don't read your customers' data, log in to your systems, change anything without your say-so, or install software on employee devices behind your back. You approve every action, and you can see what we did and why.
Want to check something yourself right now?
Try the free security tools →