Troja
The Terms

Free to look inside. Pay only to seal the gaps.

Every scan is free. You see exactly what's hiding before you spend a cent — then unlock the fixes when you're ready to patch.

Garrison

Starter

Unlock every fix prompt. Patch the walls.

$13.30/mo

$159.60 billed yearly

Start with Garrison
  • Everything in Recon
  • Full report + every AI fix prompt
  • 120+ security checks, all findings unlocked
  • Accessibility (WCAG) audit + AI fixes
  • Email auth: SPF/DKIM/DMARC + BIMI/MTA-STS/TLS-RPT
  • GEO & entity AI-visibility depth
  • 100 scans / month
  • 5 projects
  • API access + MCP server
  • Shareable PDF reports
Most chosen

Citadel

Pro

Live watchtowers. Continuous defense.

$34.30/mo

$411.60 billed yearly

Defend with Citadel
  • Everything in Garrison
  • Connected deep scans — link GitHub, Supabase, Stripe, Vercel & Railway
  • Active attack-surface scanning (DAST) on domains you verify
  • AI vulnerability analysis with copy-paste fix prompts for Claude Code / Codex
  • Domain threat-intel — malware blocklist & IP/geo reputation
  • CVE / dependency vulnerability scanning + SBOM
  • Subdomain enumeration + takeover detection
  • Broken-link audit + Google Search Console & PageSpeed data
  • 100 connected/active deep scans / month
  • Live threat detection & continuous monitoring
  • 500 scans / month · 25 projects
  • Priority support

Empire

Max

Command the whole frontier. Unlimited siege.

$69.30/mo

$831.60 billed yearly

Command with Empire
  • Everything in Citadel
  • Full-site crawl — every page, site-wide aggregation
  • Live AI-engine answer testing — ChatGPT/Perplexity/Gemini citation grading (opt-in)
  • Unlimited connected deep scans & AI fix prompts
  • Unlimited scans & projects
  • 20 API keys
  • Custom monitoring schedules & alerts
  • 300-page crawl depth
  • Dedicated support

Scanning is free. A plan unlocks your full report and every AI fix prompt. Cancel anytime.

Before you decide

Pricing questions, answered.

Why is scanning free?

Because finding out you're exposed shouldn't cost anything. The free scan shows your issue count and severity. You only pay when you want the full report and the fix prompts that close each hole.

What counts as a 'project'?

A project is one domain (and its subdomains) you scan and monitor. Garrison includes 5, Citadel 25, and Empire unlimited.

Can I cancel anytime?

Yes. Cancel from your dashboard in one click. You keep access until the end of your billing period — no clawbacks, no dark patterns.

Do you offer refunds?

If Troja didn't help you ship something safer, email [email protected] within 14 days and we'll refund you. We'd rather earn the renewal.

Pricing — Free to scan. Pay to fix. — Troja