White-label audits
for agencies
Build a recurring revenue stream from quarterly security & SEO audits — without the cost of a $40k/year enterprise scanner license. AuditCore Business gives you unlimited rescans per client site, white-label PDF reports with your branding, and a one-time price that beats every competitor on margin.
The agency math actually works
If you're an agency selling 'WordPress care + security' or 'SEO retainer + monitoring', the unit economics of using subscription scanners are brutal. Detectify is $89/site/month. Sitebulb is $35/seat/month. Probely is $49/site/month. For 10 clients that's $530-$890/month before margin. You either eat the cost or pass it on and lose deals.
AuditCore's pay-once-per-site model flips this. You pay $299 once per client site for the Business tier — $29 once per site if all you need is the Starter (SEO + headers + SSL + AI-readiness). After that initial purchase, you rescan as often as you want, forever. Run quarterly client reports, weekly diff alerts, on-demand audits when a client emails — all for the same one-time price.
The white-label PDF is the kicker. Pass `?logo_url=...&company=YourAgency` to the report endpoint and the PDF rebuilds with your branding. Clients see a 30-page audit branded with YOUR name and YOUR logo. They don't know AuditCore exists. You become the security expert they trust.
The problems we see
From hundreds of audits — the pain points that come up over and over.
Subscription scanner pricing kills agency margins
$89/month/site adds up fast. With 20 clients you're paying $1,780/month before any time spent on the actual work. Even at $200/client/month you have <50% margin before headcount.
Generic competitor reports look unprofessional under your brand
Excel exports, basic HTML. Hard to charge $500-1000 per quarterly audit when the deliverable looks like a spreadsheet.
Different clients, different needs — one tool can't do it all
WordPress agency client #1 needs WP-specific tests. E-commerce client #2 needs business-logic abuse testing. SaaS client #3 needs API authz scanning. Three different tools, three subscriptions, three vendors to manage.
Client churn when audits feel disposable
Quarterly audit gets emailed once and forgotten. Clients don't perceive ongoing value, churn at renewal. Need recurring touch-points and visible deliverables.
No way to demonstrate value between audits
Client asks 'is my site still secure?' between quarterly reports. You don't have a quick answer beyond 'yes, probably' — looks bad.
Manual reporting for SEO + security takes 4-6 hours per client
If your $500 retainer breaks even on the report alone, you're not making money on that client.
How AuditCore helps
Every solution below maps to a specific scanner or feature in our pipeline.
$299 once per client site (vs $89/mo competitors)
Buy once, rescan forever. After 4 months you've broken even vs Detectify's $89/mo, then it's pure margin. After 12 months you're $769 ahead per client. Multiply by your client count.
White-label PDF with your logo + company name
Pass logo_url and company params to the report endpoint. PDF regenerates with your branding. Client sees 'Audit by YourAgency' — never sees AuditCore. Filename uses your company name.
All-in-one — security, SEO, AI-readiness, mobile
53 security scanners + 60+ SEO checks + AI-readiness + APK/IPA mobile analysis. Different client needs covered by one tool. Cancel three other subscriptions.
Embeddable security badge — visible value between audits
Each scanned client gets a security badge SVG (auto-updating). Embed it on their site. They see 'Verified secure by YourAgency' at all times. Reduces 'is it still secure?' questions, justifies retainer.
Scheduled scans + diff alerts
Set monthly auto-scans on every client site. New finding appears? Email alert. Old finding fixed? Diff report. You proactively notify clients of issues — they perceive constant attention.
API + Slack + GitHub integration for tech-forward clients
Some clients have dev teams. Hand them an API key (ac_live_*), let them integrate scans into their CI. You stay the audit owner; they self-serve technical detail.
Custom scan profiles per client type
Save scanner presets per audience: 'WordPress quick' (11 WP tests + headers), 'SaaS API' (BOLA + JWT + GraphQL), 'E-commerce' (business logic + bot-vs-browser pricing). Run the right scan in one click.
Real scenarios
Scenario 1 — WordPress care plan agency, 30 clients
You charge $99/month per site for 'WP care + security'. Adding AuditCore Starter at $29 once per client = $870 one-time spend across all 30 sites. With unlimited monthly rescans, you generate a branded quarterly PDF at zero marginal cost.
Year-over-year math: at $89/mo Detectify equivalent, 30 sites = $2,670/month = $32,040/year. With AuditCore's $870 one-time spend you're $31,170/year ahead. Plus you've justified your retainer with concrete deliverables — churn drops, average client lifetime extends. The Embeddable Badge ('Verified secure') becomes your marketing asset for new client acquisition.
Scenario 2 — Boutique agency selling enterprise SEO retainers
Clients pay you $5-15k/month for SEO. They expect deep audits, not Ahrefs exports. AuditCore's 60+ SEO checks across 20 pages per scan, plus the AI-Readiness Score (which 99% of competitors don't measure), gives you genuinely differentiated reporting.
Practical workflow: every Monday, scheduled scans run on all client sites. Tuesday morning you have diff reports across the board. By 11am you've sent 12 personalized 'we noticed X improved / Y regressed' emails. Clients feel the work — your retention numbers speak for themselves.
Scenario 3 — Solo freelancer specializing in WordPress security
You sell one-off security audits at $499-799 per WordPress site. Your hourly rate is high because the audits are deep — but each one takes 6-8 hours of manual work. AuditCore Business runs the same checks (47 generic + 11 WP-specific + AI-readiness) in 15 minutes.
Your time per audit drops from 8 hours to 2 hours (interpretation, executive summary, fix recommendations the AI Fix Generator drafts for you). Your hourly rate effectively quadruples. Or — keep the same price and run 4x as many audits per week. Either way, AuditCore pays for itself on the first audit.
Business ($299) — White-label, unlimited rescans, all features
For agencies the Business tier is almost always the right call: 500-page coverage, full pentest stack, white-label PDF, unlimited rescans per site, mobile APK/IPA analysis. $299 once per client site means after 4 months it's cheaper than any monthly competitor — and from month 5 onward it's pure margin.
Frequently asked questions
How does white-label work, exactly?+
The PDF endpoint accepts ?logo_url=https://your-cdn.com/logo.png&company=YourAgency. The PDF regenerates with your logo at the top of every page, your company name in the filename and the cover, and we strip 'Powered by AuditCore' from the footer (Business tier only). Output: a fully branded PDF you can email to clients without any AuditCore reference.
Can clients see AuditCore branding anywhere?+
On the white-label PDF — no. On the live result page (audit-core.tech/scan/<id>) — yes, but you usually don't share that URL with clients. You share the PDF. If clients log into a portal you build using our API keys (ac_live_*), they see your branding only.
Do I need separate accounts per client?+
No, one agency account is fine. The Organizations feature (Business tier) lets you create per-client sub-orgs with their own member access, but all billing rolls up to your master account. Useful if you want to grant a client read-only access to their own report history.
What does 'one-time per client site' actually mean?+
Each domain (e.g. clientacme.com) needs one purchase at one tier. After that, you can rescan that domain as many times as you want forever, with no recurring charges. If you have 30 clients = 30 domains, that's 30 separate one-time purchases. Higher tiers cover lower-tier rescans (Business covers Pro and Starter rescans for free).
Can I resell AuditCore as my own SaaS?+
Reselling individual reports under your brand: yes (white-label PDF). Reselling AuditCore-the-platform as your own SaaS: requires a partnership conversation — email [email protected]. We do offer agency partnership terms.
How does pricing work if a client cancels?+
You keep the license — it's tied to the domain, not the client relationship. If you re-acquire the same domain (or the client comes back), you can rescan immediately. No 'oh, that license expired' situation.
Do you have a referral / affiliate program?+
Yes — built-in. Each account has a unique referral code (settings > referrals). Both you and the new customer get $20 off when they purchase. For agencies running this at scale, contact us for custom partnership terms with higher revenue share.
What about EU compliance — can I run scans on EU client sites?+
Yes. AuditCore is operated by a Polish sole proprietor (Valer Krystian Szozda, NIP 6912545436) under EU jurisdiction. We're GDPR-compliant by default. We process scan results in the EU. The Trust page (/trust) has the full data-processing agreement and DPA template you can hand to clients.