If Probe found nothing, it means Probe did not observe supported public-surface findings during that scan. That is useful signal, but it is not a security guarantee.
Probe does not log in, inspect your private source code, review database policies, test every user role, scan dependencies, or run a full manual penetration test.
What a clean scan can mean
A clean scan can mean your public deployment avoided the specific risks Probe checks for, such as exposed environment files, public source maps, obvious secret-like keys in browser code, missing key headers, public debug surfaces, risky endpoint exposure, or webhook signature signals.
It can also mean the issue is outside Probe scope, hidden behind authentication, not reachable from the submitted URL, or not covered by the current rules.
What to do next
Keep the report as a point-in-time public-surface check.
Still review secrets, environment variables, RLS policies, auth and authorization checks, Stripe webhook verification, model endpoint rate limits, logging, and production error behavior.
Scan again after meaningful changes to auth, billing, public API routes, hosting configuration, model endpoints, or deployment settings.
Should you unlock the full audit?
The free scan shows severity counts and a blurred preview. The full audit can still be useful if you want the complete scan record and any available report detail for launch review or internal routing.
There are no refunds just because a scan did not find something you did not already know. Refunds are limited to technical failures, worker crashes, no findings rendered because of a product failure, or broken report access.