Skip to main content
Palavir Productized Service

Vendor risk evidence in 30 minutes.

$499 fixed price. You provide the target SaaS domain. We scrape the public trust surfaces, run a federal exclusion screen, and deliver a 15 to 25 page attestation-ready PDF to your inbox. Built for procurement, M&A pre-diligence, and security review teams that need a defensible diligence file without burning analyst hours.

Single order, single domain. Delivered within 30 minutes for most domains.

What is inside the PDF

  • Status page, privacy, security, terms, sub-processor list scrape
  • /.well-known/security.txt detection
  • DNS posture: SPF, DMARC, MTA-STS, CAA
  • HTTPS certificate chain inspection
  • WHOIS snapshot with registrant org and domain age
  • Federal exclusion check: OFAC SDN + LEIE + SAM (269K records)
  • Certification mention matrix: SOC 2, ISO 27001, HIPAA, GDPR, CCPA, PCI-DSS, FedRAMP
  • 15 to 25 page attestation-style PDF with findings and recommendations
  • Delivered to your inbox within 30 minutes of payment
  • Cited and dated for your vendor file

Three use cases

Procurement

You inherited a vendor request and you need a defensible diligence file before signing the MSA. This bundle gives you a dated, sourced record without burning four hours of analyst time.

M&A pre-diligence

Pre-LOI vendor and supplier mapping for an acquisition target. Run the bundle across the target's top 10 SaaS suppliers in an afternoon and price the integration risk.

Security review

Your CISO asks for a quick read on a SaaS tool a team wants to adopt. This is the lightweight artifact that satisfies the question without standing up a full third-party risk program.

What this is NOT

Not a SOC 2 audit

SOC 2 Type I and Type II audits are CPA-firm engagements that cost $15,000 to $50,000 and take weeks. This bundle does not opine on controls.

Not a continuous monitoring tool

Vanta, Drata, and Secureframe run on the vendor side year-round. This bundle is a point-in-time buyer-side artifact for one vendor.

Not a penetration test

No active scanning, no probing of the target's infrastructure. Only public URLs, DNS records, and the public TLS handshake.

Not legal advice

The PDF is a fact-pattern. Your counsel decides what to do with it.

Order
$499
one target domain, delivered in ~30 min

Payment by Stripe. Bundle is emailed from orders@palavir.co.

FAQ

Is this a SOC 2 audit?
No. A SOC 2 Type I or Type II audit is performed by a licensed CPA firm at a cost of $15,000 to $50,000 and takes weeks. This bundle is an evidence packet built from public surfaces. It does not opine on controls.
Is this a Vanta or Drata replacement?
No. Vanta and Drata are continuous-monitoring platforms that the vendor itself runs. This bundle is a buyer-side artifact for one target at a point in time.
Do you scan anything that requires consent?
No. The engine fetches only public URLs at conventional paths, runs standard DNS resolutions, and inspects the public TLS handshake. No authentication, no active scanning, no penetration testing.
How fast is delivery?
Target is 30 minutes from Stripe confirmation to PDF in your inbox. The first two orders are manually QA'd by Josh and may take up to a few hours.
Can you cover a private vendor with no public presence?
If the vendor has no public privacy, security, or status pages, the report will say so. The bundle still includes DNS, TLS, and exclusion screening. If most surfaces are missing, the report is shorter and we will refund the difference at our discretion.
Refund policy
If the engine cannot resolve the domain at all, we refund in full. Otherwise the bundle is delivered as-is. The whole point is a defensible point-in-time record, including the absence of published surfaces.
Palavir LLC. The Vendor Risk Bundle is a point-in-time evidence packet built from public surfaces and is not a SOC 2 audit or legal advice. See the scope disclaimer for full terms.