For Corporate security & threat intel teams

Corporate security OSINT, API-first.

Your team runs lean. You're handling executive protection, vendor risk, brand protection, and the occasional pre-employment exception case — with a 3-5 person team and a backlog of platform integrations. Tracelight is the OSINT layer that integrates with what you already have.

Start 7-day free trial Book a demo

What corporate security teams need

Different use cases, same OSINT spine. Executive protection needs continuous monitoring on doxx exposure and venue OSINT briefs. Vendor risk needs a one-pass diligence sweep on the supplier and its principals before signing a contract. Brand protection needs ongoing lookalike-domain monitoring and impersonation detection. Pre-employment vetting (for exception cases not covered by your normal CRA) needs a structured OSINT pass with audit trail.

Executive doxx-exposure monitoring
Vendor / supplier pre-contract OSINT
Lookalike-domain registration alerts
Brand-impersonation detection (social, dark-web)
Pre-employment OSINT for exception cases (not FCRA-covered)
Insider-threat OSINT triage (with HR/legal partnership)

API-first integration

Most corporate security teams are inheriting a stack: a SIEM (Splunk / Sentinel / Datadog), a ticketing system (Jira / ServiceNow), a communication channel (Slack / Teams), and a vendor-management tool (Onspring / Ariba). Tracelight has native integrations for the first three and REST API + webhooks for everything else. Signal alerts can fire directly into your SOAR or ticketing.

Executive protection workflow

Each protected principal is a subject. Monitoring runs continuously across name, email, phone, home address signals, and (with consent) family-member name patterns. Alerts fire on new public mentions, new doxx exposure, new domain registrations matching the principal's name. Pre-trip venue briefs run as a one-pass case with citations.

Vendor risk workflow

Pre-contract: target vendor → Tracelight case bundling the entity and key principals. Run sanctions/PEP, litigation index, beneficial-ownership walk, regulatory-action history. Deliverable is a one-PDF risk summary that goes into the procurement file. Re-run quarterly for high-tier vendors; webhook-fire alerts on signal changes.

Pricing for corporate teams

Most corporate security teams land on Agency tier ($499/mo, 200 cases, multi-seat). For teams above 5 seats or above 500 cases/month, contact us for an enterprise arrangement with annual billing, SSO, and a custom SLA. SOC 2 Type II is in progress — see /trust for current posture.

Recommended tier

Agency

$499/mo, 200 cases included, multi-seat, full API + webhook access. Right for 2-5 person in-house corporate security teams.

See all pricing Start on Agency

Common objections

How does this compare to ZeroFox / Recorded Future / Flashpoint?

Those are threat-intel platforms tuned for SOC-tier IOC ingestion and threat feeds. Tracelight is an investigation platform — you bring the subject, we run the OSINT. Most corporate security teams use a threat-intel platform for IOC enrichment and an investigation platform for case-driven work. See /vs/recorded-future for the detailed comparison.

Can we SSO this?

Enterprise tier includes SSO (SAML/OIDC). The Agency self-serve tier uses email + password with optional 2FA. Email founder@trytracelight.com to set up SSO under an enterprise plan.

Where's data hosted?

US (Vercel + Supabase, primary region us-east-1). EU residency is on the roadmap for enterprise customers. See /trust for current sub-processor list and compliance posture.

What we don't do

Honest positioning matters more than feature-list maximalism. Here's what we're explicitly not, so you can rule us in or out faster:

We're not a threat-intel platform — no IOC feeds, no MISP integration, no SOC-tier threat data.
We're not a vulnerability scanner — Tracelight does not probe attack surface or assess CVEs.
We don't currently offer EU data residency (on the roadmap for enterprise).