CertIQ
Home Brokers Insurers & MGAs How it works Pricing API FAQs Contact
Login
FAQs

Frequently asked questions.

Answers to what most people ask about the score, our data handling, and how CertIQ fits into the renewal conversation. For pricing-specific questions, see the pricing FAQ.

About the score

What does CertIQ actually do?
CertIQ scans a domain from the outside and combines the result with a short Essential Eight self-assessment to produce a hybrid cyber risk score. The output is a plain-English report you can send to a client — or to an underwriter.
What data sources power the external scan?
Five independent sources run in parallel: CertIQ:scan, CertIQ:breach, public DNS and email authentication records (SPF, DKIM, DMARC), TLS certificate health, and CVE databases for exposed services. No credentials or system access required.
What is the Essential Eight self-assessment?
The Essential Eight is the Australian Signals Directorate's baseline control framework. CertIQ maps seven short yes-no questions onto those controls, so a non-technical business owner can answer them in five minutes.
How is the final score calculated?
Roughly 70% of the score comes from the external scan, 30% from the self-assessment uplift. You get an A–F grade, a 0–100 number, and the specific findings that moved the score in either direction.
Can I re-run a scan later?
Yes. Scans are tied to a domain, so re-running one on the same domain later shows what has changed. On the freemium tier you get three scans per month per IP; broker plans are unlimited.

Data & privacy

What data do you collect about my business?
Only what's needed to run the scan: the domain you entered, the external signals our sources returned, and your answers to the Essential Eight questions. We don't touch anything inside your systems.
Where is scan data stored?
All CertIQ infrastructure is hosted in Australia. Scan results and the generated PDFs are stored on Australian-region servers and never leave the country.
Who can see my scan results?
Only you, and — if you ran the scan through a broker — that broker's firm. We don't sell scan data. Anonymised, aggregated statistics may be used to improve the scoring engine.
Will a CertIQ scan trigger my security tools?
No. Our external scan only reads public signals — DNS, certificate transparency logs, breach databases, and port visibility. We don't send traffic to your infrastructure beyond what any browser would.
How long do you keep scan results?
Scans run without an account are kept for 90 days so you can come back to the report. Scans run under a broker subscription are retained for the life of the subscription plus 12 months, in line with typical audit requirements.

Plans, the API & everything else

How much does CertIQ cost?
Freemium is free — three scans per month per IP, no account. The broker tier is $149/month for unlimited scans with branded reports. API access is $0.50 per scan with volume pricing. Full detail on the pricing page.
Is there an API?
Yes — a REST API returns the same score, signals, and findings as the web report. It's aimed at broker platforms, MGA quote engines, and insurers who want CertIQ scoring attached to the risk inside their own systems. The /api page has details.
Are you hiring / can I partner with CertIQ?
We're a small team opening up gradually. Partnership questions, press, or anything we haven't covered — email hello@certiq.au and we'll reply within one business day.
How do I get in touch?
Use the contact form if you'd like us to reach out to you, or email hello@certiq.au directly. For urgent broker onboarding questions, mention it in the message and we'll prioritise.

Still got questions?

If you can't find what you're after, drop us a line. We reply to every message within one business day.

Contact us