Subscription
current: Free (Pack)Stripe checkout wires up in a follow-up pass. Until then, every account stays on the Free tier — no card, no friction.
Compare features
single source of truthloading matrix…
Smart 2FA
adaptive · TOTP + WebAuthn + push
Vilkax 2FA is smart — routine sign-in needs your primary
factor, but sensitive operations (VAX withdrawal, email change) and
anomalous sign-ins (new IP / new ASN / geo-jump) escalate to a stronger
factor automatically.
Supported factors at launch:
- TOTP — RFC 6238, works with Google Authenticator, 1Password, Authy
- WebAuthn — Touch ID, Face ID, Windows Hello, YubiKey, Passkeys
- Push-approve — Pro+: tap the OS notification to approve
- Recovery codes — 10 single-use codes generated at enrolment
Enrolment lives here once the auth flow ships in the next pass.
Devices
— this device —Each device that signs in gets registered with an OS / browser fingerprint and a trust score. The trust score raises with every successful 2FA challenge and drops on anomaly. Your tier caps the number of registered devices (Free: 2 · Pro: 6 · Enterprise: unlimited).
We've already detected this device — we'll register it properly the moment you sign in.
Compliance
your data, your control- Encryption at rest — every email is AES-256-GCM encrypted with a key we rotate on demand.
- Domain-aggregate operator views — the Vilkax operator dashboard surfaces emails as
al★★★@example.com; the business view never reads the email column at all. - Right to export — request a JSON dump of your row + every shield event ever raised on your behalf (self-service on Pro+, ops-assisted on Enterprise).
- Right to be forgotten — soft-delete in 30 days, hard-delete in 90 (configurable on Enterprise).
- Right to explanation — every automated decision (threat score, AI tier, anomaly flag) is logged with its inputs in
shield_decisions+ml_predictions; you can request the row that drove any specific call.