Frequently asked
Every objection. Every clarification. One searchable list.
Filter by topic or search across every answer. If a question is missing, email feedback@cybertwin.io and we add it within a week.
Browse by topic
- (01)Pricing4
- (02)Billing5
- (03)Tiers5
- (04)Product6
- (05)Data & privacy4
- (06)Compliance1
- (07)Enterprise1
26
Answers
(01)SEARCH EVERY ANSWER
Showing 26 of 26 questions.
No. Assess and Operate both offer monthly (cancel-anytime) and annual billing. Annual saves the real dollar gap per tier — $1,188/yr on Assess, $3,588/yr on Operate, about 20% off the monthly run-rate. Program is annual-only.
Most companies have one production environment. Charging more for "more environments" rewards the wrong thing. We tier on what you need — depth of audit, breadth of tool coverage, ongoing monitoring vs one-time decisions — not on how much you use us. Every paid tier includes unlimited environments.
Operate covers one tool category's configuration audit; if you've got one critical system to scrutinize, Operate fits. Program covers all 37 supported tools, multi-vendor attack-path stitching, and proof-over-time. If you're running a full security program with identity, network, endpoint, cloud, email, and SIEM all needing ongoing scrutiny, Program is the fit. (Today you upload exports/configs and we re-parse them — live read-only system connections are on the post-launch roadmap, not live yet.)
Assess and Operate: yes — monthly billing cancels at the next billing cycle. Annual billing runs to term. Program is annual-only; cancellation takes effect at end of the 12-month term.
No. We don't offer refunds, but you can cancel before any future charge. After cancellation, your account is read-only for 90 days so you can export your data; we retain the data for another 90 days for re-activation; deleted permanently after 180 days.
You keep your data. You lose access to features the lower tier doesn't include. Your existing PDFs remain downloadable for 90 days. You can re-upgrade anytime.
Credit card via Stripe (Visa, Mastercard, Amex). ACH for annual purchases over $10,000 — email billing@cybertwin.io to set up. Wire transfer for multi-year contracts. No invoicing on monthly plans.
No free trial. Card is required at signup. The sample report at /sample-report is the evaluation path — download it, see exactly what the engine produces, decide.
Monthly billing is charged every 30 days. Annual is one upfront payment and saves the real dollar gap per tier — $1,188/yr on Assess, $3,588/yr on Operate, about 20% off the monthly run-rate. Program is annual-only. Both options support the same feature set on the chosen tier.
Upgrade anytime — proration is applied automatically, you pay the difference for the remainder of the term. Downgrade takes effect at the end of your current billing cycle (you keep access at the higher tier through the term you paid for). No upgrade penalties, no downgrade penalties.
Yes. 10% off year 2 of an annual subscription. 20% off year 3. Three-year prepay available — email billing@cybertwin.io. The discount applies to the published list price; we don't negotiate beyond what's published.
30% off any tier for: registered 501(c)(3) nonprofits, accredited education institutions, pre-seed and seed-stage startups (under $5M raised). Email hello@cybertwin.io with proof before signup. Discount applies for as long as you remain eligible.
60 days before renewal, we email you a year-in-review summary of what CyberTwin produced for you (assessments generated, posture score change, frameworks covered, findings resolved, dollars saved vs do-nothing). Renewal is at the then-current published list price. If our list price hasn't changed, your price doesn't change.
When you need any of: white-label PDFs (custom logo + cover branding), single-tenant deployment, multi-entity grouping (parent + subsidiaries under one contract), a dedicated success manager, SLA-backed response time with contractual penalties, custom framework mapping, or custom integrations. Email enterprise@cybertwin.io or use the contact form — pricing typically lands in the $72,000–$150,000/year range depending on scope.
Three steps, shown as a checklist on your home screen. Describe your environment (the intake wizard), add a real artifact (a config export, network diagram, or prior audit), and open your risk readout. Each step unlocks the next; the first assessment lands in the same session.
Whatever you have. A network diagram, a prior audit report, or a vendor invoice all feed the model on every tier. On Operate and Program, a tool configuration export (firewall, identity provider, cloud IAM) also runs a Configuration Review — no live scan, no agent, no connected integration. No artifacts yet? The intake wizard alone produces a scored assessment.
Assess and Operate include 5 team members. Program includes 10. Enterprise is unlimited. Seats cover the people working in the app — the PDFs and report links you produce can go to anyone.
The wizard intake is 12 minutes. Engine computation runs in under 90 seconds. Your full report (recommended stack, ALE, compliance scoring, attack-path simulation, deployment plan, audit-evidence pack, board pack) is ready immediately after.
Yes — every paid tier is unlimited. You typically run one environment per business unit, region, or production-vs-staging boundary. Reports can be scoped to a single environment or compared across environments via the Environment Diff report.
Not yet — live read-only API connections (Microsoft Graph / AWS / FortiManager / Cloudflare etc.) are on the post-launch roadmap. Today you provide artifacts — config exports, identity/CSPM exports — and CyberTwin re-parses the real bytes; nothing is scanned live and no agent is deployed. When connections ship, they'll be read-only with scoped credentials.
All paid tiers include all 24 supported frameworks: SOC 2, ISO 27001, PCI DSS v4, HIPAA, GDPR, NIST 800-53, NIST CSF, CIS v8, NIS2, DORA, Cyber Essentials, CMMC L2, NCA ECC v2, NCA CCC, NCA CSCC, NCA OTCC, SAMA CSF, PDPL-KSA, PDPL-UAE, UAE IA / NESA, DESC, Australia Essential Eight, India DPDP, and Brazil LGPD.
The engine computes capability requirements deterministically from your industry, headcount, region, and frameworks; matches them against 99 catalog products with real prices; runs cross-vendor attack-path simulation across 15 vendor plugins; scores compliance against 24 frameworks simultaneously with explicit/derived/ceiling provenance. The output is auditable end-to-end — every recommendation cites its catalog source.
The EU — Frankfurt, Germany. Data is encrypted in transit (TLS 1.3) and the underlying volume is encrypted at rest. Tenant isolation is at the database row level. Audit logs are retained for 12 months (searchable in-app and exportable as CSV over that window). The full subprocessor roster and locations are on /trust.
Permanent hard-delete is by request on every plan: from Settings → Data management (or email trust@cybertwin.io) send a "Deletion request" from an Owner/Admin address — we execute it within 5 business days and confirm by email. You can also export your full tenant data yourself, any time, from the same page.
No. The engine is deterministic — no LLM trained on customer data. Catalog updates and methodology refinements come from public sources cited in the methodology doc.
Secrets are redacted across 8 secret classes (API keys, connection strings, passwords, tokens, certificates, PSKs, private keys, generic secrets) before storage. The redaction step runs in-memory; the redacted config is what gets persisted. Original raw files are never written to disk.
Didn't find what you needed? Email feedback@cybertwin.io with the question — we add it to this list and reply within a business day.