Everything that happens from the moment you click "Buy" to the moment every finding is closed. 10 steps across 4 phases. Most customers finish the active work in under 2 hours of their own time, spread over a few days. Click any step for the detailed article.
You buy Scope
Stripe checkout, $697 one-time. North American billing supported (CAD or USD pricing — whichever your card is in).
What's included in Scope →We confirm and run the audit
You get an intake email within a minute confirming payment. Meanwhile our scan runs in the background — checks roughly 10 sources for credential exposure, breach corpora, paste sites, domain impersonation, and infrastructure tied to your company. No action needed on your side.
You get the "Audit Ready" email
Subject: "Your forensic audit for [your company] is complete." Inside is a link to your audit dashboard. The link is permanent — bookmark it. No password required.
Find your audit report →You read your findings
Findings are grouped by severity (Critical, High, Medium, Low). Each one has a plain-English description and concrete remediation steps right inside the finding. This is where you'll see whether you can fix things yourself or whether they need an expert.
Read findings and action items →You decide how to fix: DIY or Implementation
Two paths and you can mix them per-finding:
- DIY — follow the remediation steps inside each finding yourself (or hand them to your IT person). Best for simple things: rotating a password, enabling MFA, updating a DNS record.
- Book Implementation ($1,499 Tier 1 / $2,499 Tier 2) — our contractor walks you through every fix in screen-share sessions. Best for technical work like M365 conditional access, DMARC policy, or anything you don't recognize. Ends in a dated Hardening Certificate.
Fixes get made
Whichever path you chose, the actual remediation happens here — you (or your IT, or our contractor) make the change. You don't need to tell us in advance which findings you'll handle and which you won't. You can decide per-finding.
You mark each fix done + we reverify
Click "I've done this" on a finding once it's fixed, then click Reverify. We re-check the same source the finding came from. Status flips to Resolved (gone), Mitigated (historical record, credential rotated), or Still present with a note on what remains. Repeat per finding.
Reverify a finding after you fix it →You download PDFs
Three formats: Executive summary (for leadership), Technical report (for IT or your own audit team), Compliance evidence package (for PIPEDA / HIPAA / PCI / insurance questionnaires).
Download PDF reports →Share evidence with an outside reviewer
Generate a time-limited read-only link for your insurance broker, CPA, compliance auditor, or your enterprise client's vendor-security team — anyone outside LeakTrace who needs to verify the audit happened. They get a view of findings and the evidence package; they cannot change anything. (Different from Implementation — this is for external parties, not our contractor.)
Share evidence with a reviewer →You choose what's next
Most customers do one of these: activate Continuous Monitoring (alerts on new exposures going forward), or collect your Hardening Certificate (if you went the Implementation route — dated proof you can hand to insurance or vendor reviewers). Many do both. Your audit dashboard stays accessible either way.
Activate Monitoring → About the Hardening Certificate →