SOC 2 - public pricing, no sales call

Avow your security. Without the screenshot circus.

One thing - SOC 2 - at a price you can see before you talk to anyone: $499/mo, self-serve, no demo, no annual lock-in. The rest of the field gates its "startup" tier behind a sales call. Evidence streams in seconds, you fix from an action feed instead of a maze, and when your auditor shows up there's nothing to scramble for. Built by a team that survived a Vanta audit and decided it should cost less and hurt less.

Start free

See the price. Leave anytime. Go deep.

The three things that actually matter in a SOC 2 platform - and the three the incumbents make hardest. Public pricing, no contract to trap you, and one framework done deeper than a ten-tool suite can manage.

Priced in public

$499/mo, on the page, no sales call - sign up today. No demo, no annual lock-in, no per-seat tax. The rest of the "startup" field still hides its pricing behind a form. We don't.

Switch in an afternoon

Renewal coming up with the usual hike? Move off Vanta or Drata before you re-sign. Upload your export and we map your controls, evidence, and policies automatically - self-serve, included, no migration fee.

One framework, done deep

SOC 2 is the whole product, so it goes deeper than a ten-framework suite can. Connect AWS, GitHub, and Google Workspace in five minutes - no consultant - evidence streams in real time, and you fix from a feed, not a dashboard maze.

How it works

  1. Connect. AWS, GitHub, Google Workspace. Five-minute setup, no SSO config.
  2. Watch evidence stream in. Real-time, not cron. Every push, every change, captured.
  3. Fix from the feed. No navigation. Failed control becomes a feed item with a one-click fix.
  4. Hand to your auditor. Scoped read-only portal. They get what they need; they don't get your roadmap.

Work the feed to zero. That's what audit-ready looks like.

Why we built this

We just passed a SOC 2 Type 2 audit. The audit passed - the workflow was painful. Screenshots uploaded by hand. Integrations that took a day to sync. UI overload. Vanta-in-Vanta confusion. And to even see the price, you booked a call and waited on a quote. It should cost less and hurt less - so we built the one we wanted.

One framework deep. Real-time evidence. Action feed first. Grounded AI where it counts - it drafts your policies and control narratives from your real evidence, with incident templates built in.

You avow your security posture. Your auditor attests. We just make sure that when they ask, the answer is already on the table - we don't issue the report, we get you ready for the firm that does.

Pricing

Published prices, month-to-month, cancel anytime. No per-seat tax, no "contact sales." Start with SOC 2; add ISO 27001 when you need it - the evidence you already collected carries over.

Start here

SOC 2

$499/mo

Fully automated. Everything below, included.

  • Fully-automated SOC 2 evidence collection
  • AWS, GitHub, Google Workspace + 75 more integrations
  • AI-drafted policies & control narratives - grounded in your evidence (incident templates too)
  • Grounded answers to security questions - cited from your own evidence, or it refuses
  • Action feed - fix from one place, no dashboard maze
  • Free migration from Vanta or Drata - upload your export, we map it
  • Auditor portal (read-only, scoped) + audit-ready exports
  • Email + community support
Start free ->

ISO 27001

$649/mo

The work SOC 2 evidence can't do for you - ISO wants a management system, not just controls.

  • Statement of Applicability - scoped, justified, evidence-mapped
  • ISMS documentation: scope, risk method, objectives
  • Internal audit + management review prep
  • Stage 1 / Stage 2 readiness, then the 3-year surveillance cycle
  • Same engine, mapped to Annex A controls
  • Accredited certification body certifies - we get you ready
Add ISO 27001 ->

SOC 2 + ISO 27001

$999/mo

Both frameworks - $149/mo under buying them apart.

  • ~75% of the evidence is shared - collect once, attest for SOC 2, certify for ISO
  • The other ~25% is the ISO-specific work - SoA, ISMS docs, internal audit, surveillance - included
  • That overlap is the discount: stacked, ISO runs ~$500/mo
  • Everything in the SOC 2 plan, included
Start the stack ->

Not starting today?

Sign-up is open - $499/mo, self-serve, start free whenever you're ready. If your audit or renewal window is further out, leave your email and we'll reach out when it lands instead.