Scan Email Gate: Free Grade, Full Report After Signup

You scan a domain on SaaSFort. Sixty checks run in under 60 seconds. You see your letter grade — say, C (74/100) — and the top 3 issues that dragged your score down. Then: a prompt asking for your email to unlock the full report.

That’s the new scan results email gate, and it shipped this week.

What You See Before Signing Up

Every scan still runs all 60 checks across 21 categories. Nothing about the scan itself has changed. What changed is how we show the results.

Before email: You get a grade arc showing your overall score (e.g., 74/100 = Grade C), the top 3 security issues ranked by severity, and a count showing how many more checks are hidden (”+ 57 more checks hidden”). That’s enough to tell you whether your security posture needs attention — without any commitment.

After email: The full report unlocks. All 60 checks grouped by category, pass/fail status for each, remediation guidance, and the option to export your results as a NIS2 compliance PDF or generate a Deal Report for procurement teams.

The email capture form includes a soft skip option. If you don’t want to provide your email, you can still access a limited view. We don’t believe in dark patterns — forcing signup to see anything at all kills trust faster than it builds pipeline.

Why We Built This

Two reasons, one practical and one strategic.

Practical: SaaSFort runs 60 CPU-intensive checks per scan — headless browser rendering, certificate chain validation, DNS resolution, OWASP detection. Each scan costs compute. Without any capture mechanism, 100% of that compute value walks out the door with zero way to follow up. That’s unsustainable for a bootstrapped product at €9/month entry pricing.

Strategic: The scan is our product-led growth engine. A visitor lands on saasfort.com/scan, enters a domain, sees their grade, and thinks “I should fix this.” The email gate turns that moment of awareness into a conversation. Not a hard sell — a conversation. We send the full report, followed by relevant content based on what the scan found.

Companies using product-led growth see nearly 4× the adoption rate compared to traditional sales-led SaaS — because the product demonstrates value before anyone asks for a credit card. The email gate sits at exactly that inflection point: value demonstrated, relationship started.

How It Works Technically

The scan flow has four states:

1. Input — domain entry form, no account required
2. Scanning — real-time progress via SSE (Server-Sent Events), showing which category is being checked
3. Results (gated) — grade arc + top 3 issues + email capture form
4. Results (full) — all 60 checks, category breakdown, export options

The email capture fires a POST /api/whitepaper/download with source=scan-gate — the same endpoint used by our whitepaper download form. This means leads from scan results and whitepaper downloads flow into the same pipeline, tagged by source for segmentation.

No account creation happens at this step. The email is captured for follow-up only. Account creation (with password) is a separate flow triggered from the pricing page or dashboard signup. This separation matters: asking for email + password at the scan results stage would cut conversion by 60-80% according to Sequenzy’s PLG benchmarks.

What Happens After You Enter Your Email

Three things, in sequence:

1. Immediate: The full report unlocks in your browser. All 60 checks visible, exportable, actionable.

2. Within minutes: You receive an email with a link to your scan results and a summary of your top issues. If your scan found NIS2-relevant findings, the email includes a direct link to generate your NIS2 compliance PDF.

3. Over the next week: Relevant content based on your scan profile. If your TLS configuration scored poorly, you might receive our guide on NIS2 network security requirements. If your security headers were missing, our continuous monitoring guide explains how to automate those checks.

No daily spam. No “just checking in” emails. Content that maps to what your scan actually found.

For Enterprise Buyers: What This Means

If you’re evaluating SaaSFort as part of your vendor security assessment process, the email gate doesn’t affect your workflow:

• Free scans remain free. No credit card, no trial expiration, no feature walls. The scan itself is unlimited.
• API access bypasses the gate entirely. The CI/CD integration (POST /api/v1/ci) and the NIS2 PDF endpoint (POST /api/nis2/export/pdf) return full results without any email requirement. Authenticate with your API key and get complete data.
• Paid plans show full results instantly. The gate only applies to anonymous web scans. Logged-in users on any tier (starting at €9/month) see everything immediately.

The email gate specifically targets the anonymous first-time scanner — someone who found us via search, ran a scan out of curiosity, and needs a reason to come back. Enterprise procurement teams with API keys or dashboard accounts are unaffected.

The Scan-to-Customer Journey

This feature completes a PLG funnel that looks like this:

Stage	Action	SaaSFort Feature
Discover	Find us via search (“NIS2 compliance scan”, “website security grade”)	Blog content + free scan CTA
Experience	Run scan, see grade + top 3 issues	Scan engine, SSE progress
Capture	Enter email to unlock full report	Email gate (new)
Nurture	Receive scan-specific content	Automated email sequences
Convert	Hit scan limits, need continuous monitoring	Pricing tiers from €9/month
Expand	Multi-domain, team access, compliance exports	Growth + Scale tiers

Before the email gate, the journey had a gap between “Experience” and “Convert” — visitors ran a scan, saw results, and left. No way to re-engage them. The email gate fills that gap without adding friction to the scan itself.

Privacy and Data Handling

Your email is stored in our database, associated with the scan result. We don’t sell email lists, don’t share with third parties, and don’t use your email for anything beyond SaaSFort communications. You can request deletion at any time via contact.

Scan results are stored temporarily (30 days for anonymous scans, permanently for authenticated users). The domain you scan is not shared publicly — your security posture is your business, not a data point in someone else’s marketing.

For German companies concerned about NIS2 data handling requirements: SaaSFort processes only externally observable data (DNS records, HTTP headers, TLS certificates, publicly accessible page content). We never access internal systems, customer databases, or private networks.

FAQ

Can I still scan without providing my email?

Yes. The scan runs all 60 checks regardless. You see your grade and top 3 issues for free. The email gate only hides the remaining 57 checks. A soft skip option is available if you want a limited view without email entry.

Does the email gate apply to API access?

No. API endpoints (/api/v1/ci, /api/scan/stream, /api/nis2/export/pdf) return full results when authenticated. The gate only applies to anonymous web-based scans at saasfort.com/scan.

What emails will I receive after entering my address?

Your full scan report immediately, followed by 2-3 content emails over the next week — matched to what your scan actually found. No generic newsletters, no daily drip campaigns. Unsubscribe link in every email.

Is my scan data shared or sold?

No. Your email and scan results are used solely for SaaSFort communications. We don’t sell data, don’t share with third parties, and delete anonymous scan data after 30 days. Privacy policy details are available in German.

Why not just require account creation?

Account creation (email + password) adds too much friction at the discovery stage. PLG research shows email-only capture converts 3-5× better than full registration at the top of funnel. We want to start a conversation, not gatekeep a demo.

---

See your security grade in under 60 seconds. Run a free scan — your email unlocks the full 60-check report, NIS2 compliance mapping, and actionable remediation guidance.