QUESTIONS, ANSWERED
Frequently asked questions
Everything worth knowing before you scan — what Snytchr checks, whether it’s safe to run on a live app, and how the fixes work.
Getting started
What is Snytchr?
Snytchr is a launch-readiness scanner for apps built with AI tools. Paste your app's URL and it probes the app the way an attacker would, then gives you a plain-English verdict — safe to launch or not — a 0–100 readiness score, and the exact fix for anything it finds. One URL in, a launch decision out.
What's a “vibe-coded” app, and do I need to be technical?
Vibe-coded apps are the ones you build by describing what you want to an AI builder — Lovable, Bolt, v0, Cursor, and the like. Snytchr is written for exactly that audience: every result is in plain English with a copy-paste fix, so you don't need a security background to understand it or act on it.
Which builders and platforms does Snytchr support?
Snytchr is tuned for apps shipped with Lovable, Bolt, v0, Cursor, Claude, ChatGPT, Replit, Windsurf, Base44, Rork, Emergent, and IndigiCoder, and for Supabase and Firebase backends. But it works on any deployed web app — if it has a URL, Snytchr can scan it.
How long does a scan take?
The free scan returns your first verdict in 30 seconds. A Deep Scan goes further — it logs in, crawls more of the app, and runs deeper checks — so it takes longer to finish.
Do I need to share my code or sign up?
No. The free scan needs nothing but your app’s URL — no signup, no code access. If you later want a white-box Deep Scan or hands-off Auto-Fix, you can optionally connect a GitHub repository through the Snytchr GitHub App, and revoke that access anytime. More on how we handle this on the security page.
Safety & your data
Is it safe to run on my live or production app?
Yes. The free scan is read-only — it only looks at what your app already shows any visitor, and its probes test whether a door is open without walking through it. Nothing is changed, created, or deleted. See how we scan safely →
What does Snytchr access or store?
For a URL scan, only what’s publicly reachable: your pages, the JavaScript they load, and your public API responses. A Deep Scan additionally uses the test credentials you provide to check the signed-in experience. The security page covers this in detail.
Deep Scan logs into my app — how do I keep that safe?
Use a dedicated test account rather than a real user or admin login. Deep Scan signs in with those credentials and re-runs the same non-destructive checks as a logged-in user, so a throwaway test account gives full coverage with nothing real at stake.
Results & fixes
What does Snytchr actually check?
Snytchr checks authentication, authorization, secrets, databases, APIs, AI endpoints, infrastructure, abuse protection, and dozens of other production risks. See the full list on What we scan.
What do the score and verdict mean?
Every scan produces a 0–100 readiness score and a launch verdict. Snytchr marks an app “Not safe to launch yet” if it finds any critical or high-severity issue, is missing an essential protection, or scores below 70 — the launch bar. Clear those and you're safe to ship.
What do I get for free, and what's paid?
Free gives you the launch verdict, the readiness score, and the checklist of what passed and what didn't. Unlocking the report adds the evidence behind each finding and the exact, copy-paste fix for every issue — plus a re-scan to prove your fixes worked.
How do the fixes work?
For each finding, Snytchr writes the fix as a prompt tailored to your builder and stack — you paste it back into Lovable, Bolt, Cursor, or wherever you build. Then you re-scan, and Snytchr tests the same door again to prove it's closed. Prefer it hands-off? On a paid plan, Auto-Fix can open the change as a pull request for you — more on that just below.
What is Auto-Fix, and how is it different from the copy-paste fixes?
Auto-Fix is the hands-off way to fix. Instead of handing you a prompt to paste, Snytchr connects to your GitHub repo, writes the actual code change, tests it, and opens a pull request — one per issue — for you to review and merge. It always works on a separate branch and never pushes to your main branch, and if it can't produce a high-confidence fix it safely skips that issue and leaves your code alone. Auto-Fix is a members feature and runs on your credits — 10 per run.
Is a “Safe to launch” result a guarantee?
No — and we're honest about that. A passing result reflects your app as scanned, at that moment, against the checks Snytchr runs. It's a strong signal you've cleared the common launch blockers, not a warranty or a substitute for a full professional audit of a high-stakes app.
Pricing & plans
How much does Snytchr cost?
Scanning and your verdict are always free. Unlock the full report and exact fixes for $29. To keep shipping, Continuous is $39/month (monitoring plus 20 credits) and Studio is $149/month (multiple apps, Auto-Fix, and 80 credits). See pricing for the details.
What's the difference between a free scan and a Deep Scan?
The free scan is passive and black-box: it inspects what your app exposes without logging in. A Deep Scan is active and authenticated: it signs in with your test credentials, crawls deeper, and runs additional non-destructive tests — like checking whether one logged-in user can reach another's data.
What are credits?
Paid plans run on monthly credits. A quick or full-report scan costs 1 credit, a Deep Scan costs 5, and an automated fix (Auto-Fix) costs 10. Continuous includes 20 credits a month and Studio includes 80.
Can I cancel a subscription?
Yes. Continuous and Studio are month-to-month, and you can manage or cancel anytime from the billing portal in your dashboard.