ShomarShomar
Sign inDemo
Pricing

Annual licences sized for African regulated teams.

Request a Demo Run a Free Scan
Shomar operating loop
1
Security scan
2
Risk scoring
3
Compliance mapping
4
Evidence and reporting
Africa-ready
Evidence-led
Project-bound
Licence tiers

Clear starting points, with room for custom scope.

Starter
SMEs, early fintechs
Annual licence
From $2,500
From NGN 4M

Core SAST, NDPR compliance, limited projects, and light quarterly VAPT coverage for early teams.

  • 5 users
  • 3 projects
  • 50 scans/month
  • 1 VAPT scan/quarter
  • NDPR + core SAST baseline
Run a Free Scan
Growth
Popular
Scaling fintechs
Annual licence
From $6,000
From NGN 9M

Starter plus NITDA, PCI-DSS mapping, NPS readiness support, African threat intel, and more scan volume.

  • 10 users
  • 15 projects
  • 500 scans/month
  • 10 VAPT scans/quarter
  • NPS readiness + African threat intel
Request a Demo
Business
Larger fintechs, agencies
Annual licence
From $15,000
From NGN 22M

Full compliance suite including CBN, NPS readiness, SSO, priority support, and higher VAPT volume.

  • 20 users
  • 50 projects
  • 1,500 scans/month
  • 30 VAPT scans/quarter
  • Assigned compliance bundle + SSO
Book a Security Assessment
Enterprise
Banks, government
Annual licence
Custom
From $50,000/year equivalent

Full CBN compliance-as-code, unlimited frameworks, dedicated VAPT, sovereign/on-prem option, SLA and CSM.

  • Custom seats
  • Unlimited frameworks
  • Dedicated VAPT
  • Sovereign/on-prem option
  • SLA + customer success manager
Request a Demo

Pricing should remain a starting range internally and a starting price externally. Large banks and sovereign deployments should always be quoted.

Pricing principles

What determines final commercial scope.

Annual starting prices.

Trial: 10 working days or 14 calendar days.

Scope by users, projects, bundles, VAPT, deployment, support.

Feature flags support compliance-only, security-only, or mixed packages.

Enterprise adds dedicated VAPT, sovereign options, SLA, and CSM.

Common add-ons

Dedicated VAPT

Reserved testing capacity and deeper validation cycles.

Sovereign deployment

Customer-controlled or local-region deployment conversations.

Extra framework bundle

Additional compliance scope beyond the subscribed package.

Priority support

Named response commitments for regulated teams.

Commercial model

Start simple, expand by real usage.

Compliance-only
Security operations
Full platform
FAQ

Questions buyers usually ask before a demo.

Request a Demo Book an Assessment
Who is Shomar built for?
Shomar is built for regulated African teams: banks, fintechs, PSPs, payment gateways, remittance operators, crypto/VASPs, agencies, government teams, and security-led organisations that need security operations tied to compliance evidence.
Does Shomar cover cross-border payments and remittance?
Yes. Shomar now includes a cross-border payments and remittance compliance baseline covering AML/CFT, KYC, sanctions and PEP screening, FX controls, payment corridors, settlement, reconciliation, partner due diligence, and evidence trails.
Does source code leave our environment?
Shomar supports SaaS scanning and can also support dedicated or customer-controlled worker patterns for sensitive teams. Repository scans are bound to approved projects and integrations so organisations keep clearer control over what is scanned.
Can we choose only compliance or only security scanning?
Yes. Platform admins can assign licence tiers, framework bundles, and feature flags so an organisation can receive compliance-only, security-only, or mixed access depending on the commercial scope.
How does the trial work?
Demo organisations can receive a 10-working-day or 14-calendar-day trial. After expiry, the organisation needs an active licence to continue using subscribed Shomar capabilities.
Can evidence stay in our own storage or local region?
Yes. Shomar supports managed evidence storage and customer-controlled evidence storage patterns, including external-link evidence, to help teams address confidentiality and data residency requirements.
Does Shomar replace auditors or compliance consultants?
No. Shomar helps teams organise evidence, map security posture to controls, track gaps, and export reports. It supports audit readiness, but it is not legal, regulatory, or audit attestation advice.
How do support and onboarding work?
Customers can raise support tickets in the app, request implementation help, and use demo or assessment forms for guided onboarding. Higher tiers can include priority support and dedicated success commitments.