The Security customer journey end-to-end, from LeakTrace Scope purchase through every finding closed. Optional upsells (Continuous Monitoring, Implementation Tier 1 or Tier 2) branch off this same journey at known decision points — they are not separate journeys. Most customers finish the core active work in under 2 hours of their own time, spread over a few days.
Scope purchase
Stripe Checkout completes the order. North American billing supported, with CAD or USD pricing depending on the card issued. Payment confirmation arrives within a minute.
What's included in Scope →Confirmation and audit scan
You receive an intake email within a minute confirming payment. Our scan runs in the background — checking roughly 10 sources for credential exposure, breach corpora, paste sites, domain impersonation, and infrastructure tied to your company. No action required on your side.
Audit Ready notification
Subject: "Your forensic audit for [your company] is complete." The email contains a permanent link to your audit dashboard — bookmark it. No password required.
Find your audit report →Findings review
Findings are grouped by severity (Critical, High, Medium, Low). Each finding has a plain-English description and concrete remediation steps embedded inline. This is where you assess which items you can handle internally and which require specialist support.
Read findings and action items →Remediation path selection (DIY or Implementation)
Two paths and you can mix them per-finding:
- DIY — follow the remediation steps inside each finding yourself (or hand them to your IT person). Best for simple things: rotating a password, enabling MFA, updating a DNS record.
- Book Implementation — our contractor walks you through every fix in screen-share sessions. Best for technical work like M365 conditional access, DMARC policy, or anything you don't recognize. Tier 1 ($1,499) covers DNS hardening, credential resets, MFA rollout, and port closure. Tier 2 ($2,499) adds compliance documentation and the dated Hardening Certificate suitable for cyber-insurance renewals.
Remediation is performed
Whichever path you chose, the actual remediation happens here — you, your IT, or our contractor implements each change. No need to declare in advance which findings you will handle yourself versus which you will outsource. You can decide per-finding as you go.
Mark fixed and reverification
Click "I've done this" on a finding once it's fixed, then click Reverify. We re-check the same source the finding came from. Status flips to Resolved (gone), Mitigated (historical record, credential rotated), or Still present with a note on what remains. Repeat per finding.
Reverify a finding after you fix it →Next steps
Most customers proceed in one of two directions: activate Continuous Monitoring for ongoing alerts on new exposures, or — for customers on the Implementation Tier 2 path — collect your Hardening Certificate as dated proof for insurance underwriters or vendor security reviewers. Many do both. Your audit dashboard remains accessible regardless.
Activate Monitoring → About the Hardening Certificate →Other things you can do anytime
Features available throughout the audit lifecycle. Not steps you have to take in order — use them whenever you need to.
Download PDF reports
Three formats: Executive summary (leadership), Technical report (IT / your auditor), Compliance evidence package (PIPEDA / HIPAA / PCI / insurance questionnaires). Available from the moment the audit is delivered.
Download PDF reports →Share evidence with an outside reviewer
Time-limited read-only link for your insurance broker, CPA, SOC 2 / ISO auditor, or enterprise client's vendor-security team. Most useful when an outside party asks for proof of your security review (insurance renewals, compliance audits, vendor questionnaires). Different from Implementation — this is for external parties, not our contractor.
Share evidence with a reviewer →Export the compliance evidence package
One bundled archive containing the technical report, severity breakdown, evidence per finding, and an attestation cover sheet — formatted for regulators and insurance underwriters.
Export the evidence package →