Find the Right Plan

From quick email searches to large-scale domain monitoring and high-throughput APIs, choose a plan that fits how you use HIBP.

Plan Finder

Answer a few questions and we'll recommend the best plan for you.

What do you want to do?

Do you need anonymous (k-anonymity) searches?

K-anonymity lets you search without revealing the full email address to the API. This is a Pro-exclusive feature.

What email search rate do you need?

Choose the minimum number of email searches per minute you need and we'll recommend the smallest plan that meets it.

Tell us about your domain monitoring needs

For the most accurate estimate, add your domains to your dashboard first. If you haven't done that yet, you can still estimate the size manually in the next step.

Whose domains are you monitoring?

How would you like to add domains?

The API allows you to add and remove domains programmatically or in bulk — ideal for automation. The dashboard requires adding each domain individually, which is fine for smaller setups but becomes laborious at scale.

How many domains do you need to monitor?

How many addresses do you want to monitor per domain?

Choose the maximum number of addresses for any of your domains. This historical count may be very different from the number of active email addresses you have today.

Do you need to search stealer logs?

All Pro plans include stealer log access. Stealer logs are not available on Core plans.

We recommend

Per month, paid annually

Subscribe

Choose Your Plan

Three tiers designed for different needs: Core for direct email search and monitoring your own domains, Pro for direct and k-anonymity email search plus monitoring your own and your customers’ domains, and High RPM for high-volume, high-throughput email searching.

Free:

Core

Search email addresses on your own domains. Simple API access for direct email search.

From $4.39
Per month, paid annually
See Core plans
New

Pro

Search across your own and your customers’ domains. Includes k-anonymity email search plus discounted 2- and 3-year billing options.

From $379
Per month, paid annually by default
See Pro plans

High RPM

High-throughput API for fast email searches. Supports k-anonymity email search.

From $1,150
Per month, paid annually
See High RPM plans

‡ Max domains only counts domains with more than 10 breached addresses.

Core Plans

Core provides straightforward access to search for breached email addresses across your own domains. It’s designed for simple, direct email lookups via the API with domain monitoring capabilities. Ideal for organisations that want visibility into their own exposure without additional complexity.

Save up to 17% with annual billing
Plan RPM Max Domain Size † Max Domains ‡ Price
Core 1
 10 25 breached addresses 1 domain
$4.39
per month billed as $52.68/y 		Subscribe
Core 2
 50 100 breached addresses 3 domains
$21.59
per month billed as $259.08/y 		Subscribe
Core 3
 100 500 breached addresses 5 domains
$36.99
per month billed as $443.88/y 		Subscribe
Core 4
 500 Unlimited 10 domains
$159
per month billed as $1,908/y 		Subscribe
Core 5
 1,000 Unlimited 20 domains
$319
per month billed as $3,828/y 		Subscribe

† Domain sizes are measured by the number of breached addresses on the domain, that is the number of unique email addresses on the domain that have appeared in data breaches. Always add domains to your dashboard before choosing a Core subscription to ensure the correct size is chosen.

‡ Max domains only counts domains with more than 10 breached addresses.

Pro Plans New

Pro expands on Core by enabling monitoring across both your own and your customers’ domains. It adds k-anonymity email search along with features to manage domains at scale, making it well suited to enterprises and MSPs. This tier is built for broader visibility, operational use across multiple organisations and longer-term billing discounts.

Save up to 23% with multi-year billing
Plan Email RPM Max Domains ‡ Price
Pro 1
 1,000 50 domains
$379
per month billed as $4,548/y 		Subscribe
Pro 2
 2,000 100 domains
$699
per month billed as $8,388/y 		Subscribe
Pro 3
 4,000 200 domains
$1,299
per month billed as $15,588/y 		Subscribe
Pro 4
 8,000 400 domains
$2,499
per month billed as $29,988/y 		Subscribe
Pro 5
 16,000 800 domains
$4,599
per month billed as $55,188/y 		Subscribe

‡ Max domains only counts domains with more than 10 breached addresses.

Pro plans can also be billed over 2-year and 3-year terms. The table above always shows the effective monthly price, while checkout bills the full term upfront.

High RPM Plans

High RPM is designed for high-volume API usage focused on fast, scalable email address searches. It supports both direct and k-anonymity email search with significantly higher throughput limits. This tier is ideal for use cases that prioritise performance and large-scale querying over domain-based monitoring.

Save up to 17% with annual billing
Plan Email RPM Price
High RPM 4000
 4,000
$1,150
per month billed as $13,800/y 		Subscribe
High RPM 8000
 8,000
$2,299
per month billed as $27,588/y 		Subscribe
High RPM 12000
 12,000
$3,449
per month billed as $41,388/y 		Subscribe
High RPM 16000
 16,000
$4,333
per month billed as $51,996/y 		Subscribe
High RPM 24000
 24,000
$5,833
per month billed as $69,996/y 		Subscribe

Need Enterprise-Grade Services?

Enterprise gives you full flexibility with everything in the public plans plus white-label deployment, real-time breach callbacks and no API rate limits. It also includes invoiced billing, custom documentation, support for security and procurement reviews, and dedicated support to help you integrate and operate at scale.

Frequently Asked Questions

This is the number of unique email addresses on your domain that have appeared in known data breaches. For example, if 50 addresses ending in @example.com are found in breach data, your domain has 50 breached email addresses. This is not the total number of email accounts or employees in your organisation, only those exposed in breaches. You can freely check your domain's breach count at any time by adding it to your dashboard.

Core is designed for searching breached email addresses and monitoring your own domains. It supports direct email search via the API and lets you track breaches affecting domains you control. Pro includes everything in Core, plus support for monitoring customer domains, k-anonymity email search for improved privacy, bulk domain enrolment, auto subdomain verification and access to stealer log data. It’s designed for organisations and MSPs managing domains at scale or on behalf of others.

You’ll need a Pro plan. Core is intended for monitoring domains you control yourself and does not permit use on behalf of third parties under the terms of use. Pro is designed for MSPs and organisations managing customer domains, with support for customer domain monitoring, bulk domain enrolment and automated verification, along with k-anonymity email search and access to stealer log data for working at scale.

Pro plans can be purchased monthly, yearly, or on 2-year and 3-year terms. The pricing table shows the effective monthly rate for easy comparison, but checkout bills the full subscription term upfront. Annual billing remains the default selection, while longer terms unlock the largest discounts.

Each plan includes a limit on the number of domains you can monitor. If you exceed this limit, you won’t be able to search any domains until you either upgrade to a higher-tier plan or remove domains to return within your allowance. Some plans also include a limit on the size of each domain, based on the number of breached email addresses it contains. If a domain exceeds this limit, you won’t be able to search that domain unless you upgrade to a plan that supports larger domains.

Yes, you can upgrade to a Pro or High RPM plan at any time via the Subscription link on your dashboard. When you upgrade, any unused portion of your current subscription is applied as a prorated credit towards the new plan, so you only pay the difference.