How Token Pricing Works

APT Security Management uses a prepaid token model instead of traditional retainer contracts. Tokens are service credits you buy in advance and spend on any APT service when you need it. The model exists so clients can scale their security spend up or down without renegotiating contracts every year.

The Basics

1. You Buy Tokens

Purchase tokens in any quantity using ACH, wire, or credit card. There is no minimum purchase. Tokens are priced in U.S. dollars.

2. You Spend Them on Any Service

Tokens can be applied to any APT service, including penetration testing, MDR, compliance work, vulnerability management, red team engagements, and consulting hours.

3. Tokens Expire After 12 Months

Tokens are valid for 12 months from the date of purchase. Unused tokens at month 12 are forfeited. We send reminder notices at the 90-day, 60-day, and 30-day marks before expiration.

4. No Hidden Fees

The token rate covers the work itself. There are no commission upcharges, no vendor markups, no auto-renewals, and no surprise invoices.

Why We Use This Model

Traditional MSSP retainers commit you to a fixed monthly spend whether you use the services or not. That works for some companies, but it does not fit growing businesses, startups, or organizations with seasonal or project-based security needs. Token pricing lets you buy what you need, when you need it, without giving up the predictability of prepaid budgeting.

How Tokens Are Estimated

Every APT engagement starts with a free 30-minute consultation. After the call, we send a written estimate that lists each service component and the tokens required for it. You approve the estimate, purchase the tokens, and we begin work. If the scope changes mid-engagement, we discuss it before charging additional tokens.

The number of tokens for a given service depends on:

Scope size (how many systems, users, or assets)

Engagement complexity

Reporting requirements

Engagement model (ravenWing, ravenGuard, ravenSentinel)

Examples of How Clients Use Tokens

Compliance Sprint

A SaaS startup buys tokens for a SOC 2 readiness engagement and reserves the rest for the audit support work that follows.

Annual Pen Test, Then Defense

A client buys a token block sized for one annual pen test, three months of MDR coverage, and a small consulting reserve. They draw down across the year as work happens.

Quarterly Testing Cycle

A growing company buys tokens for quarterly external attack surface scans plus a yearly red team engagement, all under one purchase.

Frequently Asked Token Questions

Can I get a quote without buying tokens first?

Yes. Every quote we send is in writing and includes the token cost for each line item. You only buy tokens after you approve the estimate.

What happens if I do not use all my tokens?

Unused tokens expire 12 months after the purchase date. We send reminder notices in advance so you have time to plan or top up.

Can I add more tokens to an active engagement?

Yes. You can add tokens at any time. The 12-month expiration starts from the purchase date of each batch.

Do tokens roll over if I buy more before the old ones expire?

Yes. Each batch of tokens has its own 12-month expiration tied to its purchase date. If you are a ravenGuard or ravenSentinel customer, purchasing additional tokens will reset the 12-month expiration on any unused credits.

What forms of payment do you accept?

ACH, wire transfer, and major credit cards. We can invoice net 30 for established business clients on request.

Can I get a refund on unused tokens?

Tokens are non-refundable once purchased. We work with clients on planning so you do not over-buy.

Want a Token Estimate?

Book a free 30-minute consultation. We will discuss your environment and send you a written estimate with no obligation.