Onboarding

Getting started with Xpoose CyberSec

Welcome. This guide walks you from "just signed up" to "actively using the portal" in about ten minutes. Keep it open in a tab while you work through the steps.

If anything breaks or feels unclear, email us at hello@xpoose.com — we read every message.

1. Create your account (1 min)

Go to xpoose-cybersec-web.vercel.app/sign-up and sign up with your work email. We support:

• Email + password (with multi-factor auth)
• Passkeys (recommended — Touch ID / Windows Hello / YubiKey)
• Google / Microsoft SSO

You'll land on the dashboard (/portal) immediately after. No email confirmation step — we verify on first sign-in.

2. Create your organization (1 min)

Every customer gets an organization — that's the billing + access boundary. In the dashboard:

1. Top-right corner → click the organization switcher (next to your avatar)
2. Create organization → give it your company name (e.g., "Acme Inc")
3. Invite teammates now or skip and do it later

Once you create the org, the switcher shows your org name and you're scoped to it. All data you create from here forward lives inside your org; teammates you invite inherit that scope.

3. Pick a plan (2 min)

Go to /pricing. You'll see three tiers:

• Essentials · $499/mo — compliance posture + staff training, phishing drills, policy reviews. Best for teams of 5–25 getting their first security program into shape.
• Professional · $1,499/mo — adds continuous evidence collection for CMMC / SOC 2, incident response playbooks, unlimited seats. Best for teams that actually face audits or want to.
• Enterprise · custom — dedicated operator, custom scope, named escalation path. Email us.

Click the tier button. You'll land on Stripe Checkout (our payment processor — your card data never touches our servers). Stripe is PCI DSS Level 1 certified.

4. Complete checkout (1 min)

Fill in your card details. Stripe will:

• Charge the first month immediately
• Set up monthly billing for the same day each month
• Email you a receipt
• Redirect you back to /portal/billing/success on our side

If the checkout page errors, stop and email us — don't retry with a different card until we confirm why.

5. You're live

After checkout, you can:

• /portal — dashboard home
• /portal/billing — manage subscription, payment method, invoices (all handled via Stripe's customer portal; opens in a new tab)
• /portal/settings — your account profile, MFA, connected accounts

What we actually do for you

Compliance posture

We baseline your environment against NIST 800-171 (and CMMC Level 2, for defense contractors). That means:

• We map your current controls against the 110 practice areas
• We identify gaps with specific remediation steps
• Evidence gets collected automatically on Professional tier (logs, config snapshots, attestations)
• Your audit trail lives in our append-only audit.audit_events ledger with HMAC integrity — auditors love this

Staff training

Security is a people problem more than a tech problem. We deliver:

• Role-specific training paths (dev, ops, sales, leadership)
• Monthly phishing simulations with per-employee tracking
• Quarterly tabletop exercises (incident scenarios)
• All completion tracked + reportable for compliance

Active defense

When something actually happens:

• Tier 1+2 tickets are triaged by us within 4 business hours
• Professional tier adds on-call operator access — pager escalation for active incidents
• Enterprise tier has a named operator assigned to your account

FAQ

Can I try before I buy?

Email hello@xpoose.com — we'll set up a 14-day trial on the Essentials tier. No card required.

What if I need to cancel?

Open /portal/billing → Open customer portal → Cancel subscription. Stripe handles it. You keep access until the end of the current billing period. No cancellation fees.

Can I switch tiers?

Yes, mid-cycle. /portal/billing → customer portal → change plan. Stripe prorates the difference automatically.

What data do you store about us?

The minimum required to operate the platform:

• Clerk-mirrored user + org metadata (email, name, org name, role)
• Stripe customer id + billing events
• Audit trail of actions performed in our platform
• No CUI touches our systems unless you explicitly opt into classified workflows (Enterprise tier, separate contract)

All data is encrypted at rest (Neon PG) and in transit (TLS 1.3).

How do I delete my account / data?

Email hello@xpoose.com with the subject "Data deletion request". We respond within 5 business days and complete deletion (soft delete + 30-day retention per our privacy policy) within 30 days of the request.

Who can I talk to if something breaks?

hello@xpoose.com for anything. We respond during business hours (Pacific Time, weekdays). Professional and Enterprise tiers have faster SLAs — see the pricing page.

Security contact

Last updated: April 2026