Limits & quotas
Pwnkemon enforces three layers of limits to keep costs predictable and the platform stable.
Credit budget (the main one)
Scans are metered in credits, granted monthly and banked up to a per-plan cap. Full details on the Credits & banking page.
| Plan | Monthly grant | Bank cap | Targets |
|---|---|---|---|
| Free | 5 | 5 | 1 |
| Starter | 1,000 | 1,500 | 5 |
| Pro | 5,000 | 15,000 | 25 |
| Business | 15,000 | 45,000 | Unlimited |
| Enterprise | Custom | Custom | Unlimited |
Tier costs: Quick 5, Standard 20, Deep 40. A failed scan costs 0.
Per-scan ceiling
Every scan has a hard internal cost ceiling enforced by the orchestrator, in addition to your credit balance. This is a defence-in-depth backstop — the agent aborts cleanly if it tries to spend past the tier's safety ceiling.
- Quick: 5 credits
- Standard: 20 credits
- Deep: 40 credits
Set max_credits on the request to enforce a lower ceiling for budget-conscious CI usage. You cannot raise it above the tier default.
API rate limits
- 60 requests/minute per user across all endpoints.
- 20 scan creations/hour on
POST /api/scans.
Hitting the limit returns 429 with a Retry-After header.
Concurrent scans
Each user can have up to 3 scans running simultaneously. Queue a 4th and it'll wait for one to finish. Enterprise plans can request higher concurrency.
Report retention
- Free: 7 days. Reports auto-delete after that.
- Starter and above: indefinite. We'll keep them until you delete the scan.
Need higher limits?
Enterprise plans include custom quotas, concurrency, and rate limits. Contact us via the dashboard to discuss.