Protecting Brand Trust in the Age of Exposure

BreachID transforms complex breach data into affordable, actionable insights that help organisations manage exposed credentials and protect customer trust.

Daily monitoring. Prioritized remediation workflows. Audit-ready reporting for POPIA and cyber insurance due diligence.

For internal teams and MSPsEmployee + customer credential exposureActionable over alert-noise

FreeDark Web Exposure Scan

Enter your work email to see if your company’s data has been exposed and get a quick risk overview.

• Instant result for personal exposure
• Domain-level risk signal for your business
• No obligation — use it to benchmark your current risk

We use this email to run the scan and show your result. No credit card required.

Choose your next step: run the free scan above for an instant risk snapshot, or book a walkthrough for team rollout planning.

Book walkthrough

Prefer a guided setup for your team?

Book walkthrough

Need a quick overview first? Download brochure.

Breach Exposure Insights

Gain visibility into exposed credentials, cyber exposure, and brand risk

Learn how BreachID helps you uncover exposed credentials visible to malicious actors, customers, and cyber insurance providers — helping you protect your brand while managing and tracking exposure risk over time.

See what others see

Uncover exposed credentials visible across the open web, dark web, and breach data.

Protect your brand

Reduce risk, strengthen trust, and maintain your reputation.

Manage and track risk

Prioritize exposure, monitor progress, and track risk reduction over time.

Why it mattersDark web exposure is a business risk.

Stolen credentials are traded daily. Even when your systems were not directly breached, leaked logins can still be used to access your environment and customer portals.

BreachID gives you early visibility plus a response path, so you can act before attackers do — reducing account takeover risk, operational disruption, and reputational damage.

Outcomes teams care about

Find exposed credentials early
Prioritize what matters with source context
Respond quickly with clear remediation steps
Demonstrate due diligence to auditors and insurers

Built for security operations

BreachID gives security and risk teams a shared operating picture: what is exposed, what matters first, and what has been resolved.

Dark dashboard heatmap showing credential exposure by business unit and risk level

Exposure heatmap

A real-time view of affected employees, customers, and domains, helping your team identify concentration risk and exposure hotspots quickly.

Dark UI workflow board showing remediation tasks in triage, in progress and resolved states

Remediation workflow

Assign, track, and resolve risks associated with credential exposure from detection through to closure with ownership and status tracking.

Dark analytics card with trend lines and compliance status metrics

Executive reporting

Board-friendly snapshots for POPIA alignment, insurer evidence and response metrics.

Threat intelligence panel with source labels and confidence indicators

Source intelligence

Detailed exposure and infection indicators to help teams investigate incidents and identify security policy blind spots.

Security panel highlighting leaked customer credentials associated with a portal

Customer account protection

Identify leaked customer credentials linked to your platform before takeover attempts escalate.

Compliance, insurance and executive reporting.

Insurers and regulators increasingly expect evidence that you can detect, prioritize and remediate credential exposure risk.

BreachID supports this with audit-ready reports, risk visibility and an operational response model teams can execute quickly.

Why choose BreachID over generic threat feeds?

Built for action, not noise
Detailed exposure intelligence that helps uncover security policy blind spots
Visibility into how credentials were exposed, not just that they were exposed
Customer and portal credential exposure, not only employee accounts
Built-in remediation tracking and auditing
POPIA-forward positioning for South African organisations
Reporting tailored for both security teams and executives

POPIAProtection of Personal Information Act
GDPRGeneral Data Protection Regulation
CCPACalifornia Consumer Privacy Act
HIPAAHealth Insurance Portability and Accountability Act

Platform capabilities

BreachID is an operational response layer that closes the loop from detection to remediation — not just another alert feed.

Credential Exposure Monitoring
Continuously detect, assess, and manage exposed employee and business credentials linked to your domains — with actionable workflows that support remediation, tracking, and governance.
Customer Credential Exposure
Identifies exposed customer credentials linked to your platforms and portals, helping security and risk teams proactively mitigate account takeover, fraud, and abuse risk.
Source & Infection Context
Adds detailed exposure context to findings so teams can triage quickly, investigate likely exposure paths, and uncover security policy blind spots.
Alerting & Workflow
Scans daily for new breach records, alerts teams when exposed credentials are found, and lets you assign, track, and manage records through to resolution.
Compliance & Insurance Reporting
Provides audit-ready reporting for governance, POPIA alignment, cyber insurance evidence, and operational support across the Detect, Assess, Act, and Govern lifecycle.

Proof over promises.

Already ran the free scan? Next step is a focused walkthrough to map your monitored scope, response workflow and reporting needs.

Clear ownership

Track who is assigned to each remediation action and what still needs closure.

Progress visibility

See exposure trends and response movement over time in one operating view.

Audit-ready evidence

Export reports your governance team can use for POPIA and insurer discussions.

Book a BreachID walkthroughNo obligation — we’ll align on fit, rollout effort, and practical next steps.

Choose the right plan for your risk profileBreachID plans

Choose a plan based on the number of domains and email addresses associated with your organisation.

Spark
Essential monitoring for single-domain organisations.
R399
per month (Incl. VAT)
- •1 Monitored Domain
- •Covers up to 10 email addresses
- •Add additional email addresses as needed
- •Daily exposure scans + alerts + reporting
Start with Spark
Beacon
Expanded protection for organisations scaling across domains.
R989
per month (Incl. VAT)
- •2 Monitored Domains
- •Covers up to 25 email addresses
- •Add additional email addresses as needed
- •Daily exposure scans + alerts + reporting
Upgrade to Beacon
Lumen
Comprehensive coverage for high-volume, multi-domain environments.
R1,949
per month (Incl. VAT)
- •4 Monitored Domains
- •Covers up to 50 email addresses
- •Add additional email addresses as needed
- •Daily exposure scans + alerts + reporting
Go with Lumen

Every plan includes

✓Daily dark web scans of your domains
✓Alerts on newly discovered breach records
✓Weekly reports
✓Report exports and scheduled reporting
✓Employee and customer credential exposure detection
✓Operational remediation workflow tracking
✓Compliance and cyber insurance readiness support

Need something tailored?

If your exposure exceeds these tiers, contact us for a customised package.

Frequently Asked Questions

Choose a plan based on the number of domains you need to monitor and the number of email addresses associated with your organisation. As a guideline, most organisations have at least one email address per employee, but this can increase depending on multiple domains, customer accounts, aliases, and system usage.
You can start with a plan that fits your current needs and add more email addresses as required. If you need to monitor additional domains, you can upgrade to a higher plan or contact us to discuss your requirements.
For more details, feel free to review our Fair Usage Policy.
BreachID scans daily across all plans and alerts on newly discovered exposure records tied to your monitored scope.
Yes. BreachID includes Customer Credential Exposure to help identify leaked credentials your customers use on your platform, even when the leak originated elsewhere.
Most security tools focus on activity inside your environment. BreachID focuses on exposed credentials and dark web signals that often appear before account compromise, then structures response actions your team can execute quickly.
It helps teams move from detection to remediation with less noise and clearer ownership.
If you need to monitor additional domains, you can upgrade to the next plan or contact us to discuss a tailored solution.
BreachID provides audit-ready evidence and reporting that demonstrates continuous monitoring and response capability for governance, POPIA-aligned controls and insurer due diligence.
Immediately enforce password resets, revoke risky sessions, verify MFA posture, and investigate the source context. BreachID gives you the evidence trail and workflow context to coordinate this response quickly.
Licensing is based on the number of domains and email addresses you want to protect. Each plan includes a defined number of domains and email addresses. You can easily add more email addresses within your current plan as your organisation grows.
No. Detected results reflect only known exposures and do not represent all email addresses associated with your organisation or being monitored by BreachID. Your plan should reflect your organisation’s overall size and unique email footprint, not just detected data.
For more information, please refer to our Fair Usage Policy.
Not necessarily. It can be difficult to determine upfront how many customer email addresses may appear in your breach data.
Customer email addresses linked to your domains do count towards your licence, but you can choose a plan based on your current needs and license additional.
If the number of protected email addresses exceeds your plan, additional email addresses can be added to maintain coverage. If you require additional domains, you can upgrade to a higher plan. If you are already on the highest plan, please contact us to discuss your requirements.
As per our Fair Usage Policy, plans should be representative of your organisation’s unique email footprint. Plans that are significantly mismatched may be reviewed and may require adjustment, upgrade, or suspension.
BreachID monitors your organisation’s domains and identifies exposed records for email addresses associated with those domains. Licensing should reasonably reflect your organisation’s overall email footprint, based on the domains being monitored.
Plans (subscriptions) that are significantly mismatched with the organisation’s expected size and email footprint may be subject to review and adjustment. In such cases, we reserve the right to apply service limitations, require plan adjustments or upgrades, or suspend the plan (subscription), in line with our Fair Usage Policy.
You can move to a higher tier or a custom package to increase monitored domains and breached-email capacity while keeping historical visibility and reporting continuity.

Competitor matrix

High-level positioning view for buyer conversations. This comparison emphasizes operational response, remediation workflow, and reporting value rather than broad CTI parity claims.

Vendor	Core Focus	Employee Exposure	Customer Exposure	Remediation Workflow	Compliance / Executive Reporting
BreachID	Operational credential exposure response layer	Strong	Strong	Strong	Strong
Constella	Identity intelligence	Strong	Medium	Light	Light
Flare	External threat exposure + CTI	Medium	Light	Medium	Light
SOCRadar / Cyble	Broad CTI + exposure monitoring	Medium	Light	Light	Light
Serus.ai	Brand / external threat visibility	Light	Light	Medium	Medium

BreachID

Recommended fit

Core Focus: Operational credential exposure response layer
Employee Exposure: Strong
Customer Exposure: Strong
Remediation Workflow: Strong
Compliance / Executive Reporting: Strong

Constella

Core Focus: Identity intelligence
Employee Exposure: Strong
Customer Exposure: Medium
Remediation Workflow: Light
Compliance / Executive Reporting: Light

Flare

Core Focus: External threat exposure + CTI
Employee Exposure: Medium
Customer Exposure: Light
Remediation Workflow: Medium
Compliance / Executive Reporting: Light

SOCRadar / Cyble

Core Focus: Broad CTI + exposure monitoring
Employee Exposure: Medium
Customer Exposure: Light
Remediation Workflow: Light
Compliance / Executive Reporting: Light

Serus.ai

Core Focus: Brand / external threat visibility
Employee Exposure: Light
Customer Exposure: Light
Remediation Workflow: Medium
Compliance / Executive Reporting: Medium

Let's Start a Conversation

We'd love to hear from you! Whether you have a question, need a bit of guidance, or just want to learn more about our services, our team is here and happy to help.

Feel free to reach out using the contact details below, or use our full enquiry form for faster triage.

Get in Touch

Talk to Sales

+27 10 593 0601

sales@tph.io

Need product support?

Support Portal

Penetration Testing

Security Consulting

Managed Security Services