Subscription, API key, watched domains, and alert preferences.
π
Welcome to Cipherwake
Activating your subscriptionβ¦
What just unlocked:
Welcome to Cipherwake β let's get you set up
Subscription
Tier
Status
Next renewal
Stripe sub
Update card Β· cancel subscription Β· download invoices Β· pause β all self-serve. No email-the-founder cancellation flow. Charges appear on your statement as CIPHERWAKE (descriptor may include CIPHERWAKE LABS or similar). Billing disputes: billing@cipherwake.io.
Before you downgrade or cancel β what you'll lose:
Watched-domain caps drop (Scale 500 β Growth 50 β Starter 5 β Free 1). Domains over the new cap are kept in your account but stop monitoring + alerting until you re-upgrade or remove them.
Team-seat caps drop (Scale 50 β Growth 5 β Starter & Free 0). Member rows are retained but their access is suspended on tiers without team seats.
API-key quota tightens (Scale 50K/mo β Growth 10K/mo β Starter 1K/mo β Free no signed key).
Scan history retention shortens (Scale 36 months β Growth 24 months β Starter 12 months β Free 30 days). Older entries are not deleted immediately; they roll off naturally as the retention window contracts.
Cross-tenant key map (Growth+ feature) becomes read-only / hidden on Starter and Free.
CSV export (Scale-only) is hidden on Growth / Starter / Free.
Slack + webhook alerts (Growth+) stop delivering on Starter and Free; email alerts still fire.
Cancellation takes effect at the end of the current billing period (no partial-month refunds β see /refund). To permanently delete your account + all data, use the Delete account flow in the Privacy section below β that's a separate action governed by GDPR Article 17.
API key
One key per account. Used by CLI, GitHub Action, webhooks. Rotation displays the new key once β copy it then; no second chance.
API call quota per tier:
Free no signed key Β·
Starter 1,000/mo Β·
Growth 10,000/mo Β·
Scale 50,000/mo.
Watched domains
Add any HTTPS domain β your own, your vendor's, your partner's. Monitoring + email alerts fire on every added domain (cert rotation, new third-party scripts, subdomain churn, posture drift). Per-tier caps: Starter 5 Β· Growth 50 Β· Scale 500. Claiming ownership is optional and unlocks future owner-only features (rebuttal text, faster takedown rights).
Loadingβ¦
Monitoring frequency
How often Cipherwake re-scans each watched domain and how quickly alerts can fire after a change.
Loadingβ¦
Alert delivery
Where monitoring alerts go. Email is included on every paid tier. Webhook + Slack require Growth or above.
π
Real-time alerts β Starter feature
Email alerts fire the moment a watched domain's grade, cert, scripts, or subdomains change. Free tier has no watched domains and no alerts. Subscribe to Starter ($29/mo) to monitor up to 5 domains with daily scans + email alerts.
Webhook + Slack delivery unlock at Growth ($79/mo).
π Webhook delivery unlocks at Growth ($79/mo). Email alerts already work on Starter. Upgrade to Growth β
Slack Growth+ π
π Slack delivery unlocks at Growth ($79/mo). Email alerts already work on Starter. Upgrade to Growth β
Weekly digest
Team members Growth +
Invite teammates by email. Each accepts via magic link and gets shared read or admin access to this account's portfolio + alerts. Tier caps: Growth 5 additional members Β· Scale 50. Only owners + admins can manage members; members are read-only.
Loadingβ¦
Recent alerts
Last 50 alerts emitted for your watched domains. Includes delivery status across email/webhook/Slack channels.
Loadingβ¦
Cross-tenant key map Growth +
For each of your watched domains, the SPKIs (public-key fingerprints) it serves + which other domains share that same key. CDN multi-tenancy is filtered out (Cloudflare/Fastly/etc. shared certs are tagged, not flagged).
Loadingβ¦
Cross-tenant key map Growth + Β· locked
π
See which domains share a key with yours
Maps every SPKI (public-key fingerprint) your watched domains serve and surfaces other domains that share the same key. Most overlaps are expected (Cloudflare / Fastly / Akamai CDN multi-tenancy is tagged, not flagged) β but the unexpected ones can indicate misconfigured wildcard certs, accidental private-key reuse across customer subdomains, or stale infrastructure that's still serving a key you thought you rotated.
Unlocks at Growth ($79/mo) β 50 watched domains, 6-hour cadence, team seats, Slack + webhook alerts, cross-tenant key map.
Download your portfolio's operational data (score, grade, posture, alert counts) as CSV. Refresh-on-demand.
Portfolio CSV export Scale only Β· locked
π
Download your portfolio as CSV β available on Scale
One CSV per refresh with every watched domain's current score, grade, posture, alert counts, and TLS/cert metadata. Refresh-on-demand. Ideal for monthly board reporting, internal dashboards, or pulling into Snowflake / BigQuery.
Unlocks at Scale ($199/mo) β 500 watched domains, hourly cadence, team seats, CSV export, 50K API calls/mo.
Your account identity. Display name shows up in welcome emails + (future) team invites.
Emailβ
A verification email goes to the NEW address. The change isn't final until you click the link.
Display name
Security
Two-factor authentication + active session management. Recommended for accounts with paid subscriptions or admin access.
2FA (TOTP)Not configured
Scan this QR with Authy / Google Authenticator / 1Password / Bitwarden, then enter the 6-digit code below to verify.
Or enter this secret manually: β
Active sessions
Recent activityLoadingβ¦
Last 50 sensitive actions on this account (deletions, exports, team changes, API-key rotations, identity unlinks). Older entries roll off per the data retention schedule on /privacy.
Connected accountsLoadingβ¦
Transfer account ownership
Only the current account owner can transfer ownership. The new owner must have an active Cipherwake account (free or paid). We review every request and verify proof of corporate authority before completing the transfer; this isn't an automated flow.
New owner email
Justification
Proof method
Need to transfer ownership? Email legal@cipherwake.io with proof of corporate authority and we'll work with you.
Preferences
UI theme + alert delivery timezone. Defaults follow your system settings.
Theme
Timezone
Global notification channels
Master switches for delivery channels. Per-domain alert settings only fire on enabled channels β turning off Email here mutes ALL email alerts even if a domain is configured to send them.
Email alerts
Slack alerts
Webhook alerts
Monthly digest email
An end-of-month summary of your watched-domain posture changes, top regressions, and sector benchmarks. Separate from the weekly digest (which fires every Monday). Off by default.
Monthly digest
Privacy + data rights
Per GDPR Article 15 (access) + Article 17 (right to be forgotten). Export your data anytime; delete your account anytime. Account deletion is permanent + cancels any active subscription immediately (not at period_end).
Includes: account profile, watched domains, scan history (last 1000), alerts (last 90 days), API key metadata, subscription history. Stripe customer ID excluded β request directly from Stripe.
Delete my account
β This permanently deletes your account.
All watched domains, scan history, alerts, API keys: deleted
Active Stripe subscription: canceled immediately (not at period_end)
Cannot be undone. Signing up again with the same email creates a fresh account.
Type DELETE to confirm:
Operator override
Visible only to allowlisted operator emails. dogfood = true bypasses tier entitlement checks so you can test paid features end-to-end without an active subscription.