Why every Pental plan runs on your own database, with every feature included
We have made three decisions that shape how Pental works: every customer runs on their own database, every feature is included on every plan, and plans differ only by size. Here is the thinking behind each, and what it means for your firm.
Penetration testing firms hold some of the most sensitive data that exists. Scoping documents that map a client's attack surface. Findings that describe exactly how to break in. Credentials, network diagrams, evidence, and reports that would be a gift to an attacker. If you run a consultancy, protecting that data is not a feature you would like to have. It is the job.
That reality drove three decisions about how Pental is built and priced. None of them is the obvious commercial choice, and that is precisely why they are worth explaining.
Decision one: every customer runs on their own database
Most software as a service keeps all of its customers' data in one place, on infrastructure the vendor owns. It is cheaper to run and simpler to build. It also means the vendor can read your data, and that a mistake or a breach on their side is a mistake or a breach that involves yours.
Pental does not work that way, on any plan. When you set up, you connect your own database, a Supabase project that you create and own. Your clients, findings, reports, credentials, and every other record live there, in a project under your control, in a region you choose.
The first question anyone sensible asks when they read that is simple: can Pental see my data? The answer is no, and it is worth being precise about why.
- We never hold the keys that could read your data. Pental does not store a service-role key for your project. That is the credential that can bypass security and read every table, and we do not have it. The only credential we hold is your publishable key, which on its own cannot read protected data.
- Your database enforces access, not ours. Every request is checked inside your project, against the signed-in user, using security policies that run in your database. The rules live with your data, not with us.
- You can cut us off at any time. You choose the region. You hold the backups. You can rotate the key or delete the project and end the relationship entirely, whenever you want.
This is what people mean by data sovereignty, and we think it should be the default for this industry rather than a premium add-on. Your clients trust you with their most dangerous secrets. You should be able to tell them, truthfully, that the data never sits on someone else's shared system.
Bring-your-own-database used to be the kind of thing that appeared only on an "enterprise, call us" tier. We made it the floor. Every plan, including the cheapest, runs this way.
Decision two: every feature is included on every plan
The usual playbook is to lock the good features behind the expensive tiers. Reporting on one plan, proposals on the next, single sign-on and white-labelling reserved for the top. It is a reliable way to push people upmarket, and it is deeply annoying to be the customer hitting those walls.
We took the opposite approach. Every feature is on every plan.
- Full white-labelling and a custom domain, so your clients never see the word Pental.
- Branded PDF report generation, proposals with e-signatures, and a client portal with magic-link login.
- Invoicing with Stripe and bank transfer, Xero accounting sync, and contractor management.
- A QA workflow, a knowledge base, custom email templates, custom SMTP, and AI content generation.
A one-person firm on the entry plan gets the same platform as a large firm on the top plan. Not a stripped-down version of it. The same one. We would rather you chose Pental because the whole product is good than trap you on a plan that is deliberately missing the parts you need.
Decision three: plans differ only by size
If every plan runs on your own database and every plan has every feature, what is left to charge for? The honest answer, and the only thing that actually scales with the value you get, is how much you use it.
So that is the entire pricing model. Plans differ by two numbers, and nothing else:
- Starter: up to 5 internal users and 50 clients.
- Professional: up to 100 internal users and 1,000 clients.
- Enterprise: unlimited users and unlimited clients.
That is the whole thing. There is no feature matrix to decode, no per-seat add-ons, no "contact us to unlock" footnotes. You pick the size that fits your firm today, and you change it the moment that changes.
Because the plans are otherwise identical, switching is genuinely trivial. Upgrading or downgrading happens in one click from your dashboard and takes effect immediately, with the pro-rated billing handled for you. Nothing else moves. Your domain, your database, your email settings, your templates, and your security keys all stay exactly as they are. There is nothing to set up again, because nothing else changed. Upgrading simply raises your two limits.
Downgrading is just as painless. If you drop to a plan smaller than your current usage, you keep everything you already have. You are not cut off or forced to delete anyone. You just cannot add new users or clients until you are back under the new limit.
Why this combination matters
Each decision is defensible on its own, but they are strongest together. Because every plan already runs on your own database and includes every feature, size is the only thing left that fairly tracks value, which is what makes a two-number pricing model possible in the first place. And because the plans differ only by size, moving between them never touches your configuration or your data, so growing on Pental never means a migration or a rebuild.
The result is a platform that behaves the same whether you are a small team taking on your first retainers or a firm running dozens of testers. You own your data and your brand from day one. You get the complete product from day one. And the only thing that ever changes as you grow is a number.