I'm building Lumoar, a compliance preparation platform for early-stage startups (SOC 2 + ISO 27001). We handle controls to framework requirements mapping, evidence collection, risk tracking, vendor/asset management, and integrate with AWS and GitHub to pull evidence automatically.
We launched recently and I'm looking for 2–3 startups to be the first to go through the full process on the platform. Meaning: I'm directly involved, not just the tool. You'll have direct access to me throughout the whole preparation and audit process, not a support queue.
A few things worth being upfront about:
- $499/mo, includes hands-on founder support, not just software access
- You'd be one of the first 2–3 teams to run the full process end-to-end. In return: direct founder access (me, not support), influence on features, and pricing that matches the early stage.
- This covers preparation only, not the audit itself. Once you're ready I can refer you to an auditor or you can bring your own.
If you're getting asked about SOC 2 by a prospect or investor and don't know where to start, happy to just talk through it even if Lumoar isn't the right fit.
Absolutely agree about the tone. I've seen teams where compliance becomes one person's problem instead of a company priority, and it shows during the audit.
On the knowledge gap: the gap assessment route works, but it's expensive upfront and still leaves you building the foundation afterward.
What I've been exploring is the step before the audit: getting teams organized enough that when they do engage a consultant or tool, they're not starting from zero, which would result in faster compliance.
I'm building a platform (Lumoar) focused exactly on this pre-audit organization phase, helping early-stage teams get structured before the compliance pressure hits.
Curious: in your experience, what's the biggest mistake teams make when they're under contract pressure to get SOC 2 done quickly?
The biggest mistake is accepting controls that they cannot manage. I mentioned automation earlier for this reason. If your controls place undue stress on the business then you’ve just created more work instead of enabling success.
Compliance can be a business enabler if done correctly or a burden if treated like a side project.
I just canceled my Mailchimp account after hitting their "Standard" plan limits. $230/month to send emails to 15k subscribers feels insane when my entire server infrastructure costs $50/month.
Started building my own newsletter platform (Fertit) and realized most of the "premium" features are just basic CRUD operations with SMTP integration. The math is wild:
Mailchimp Standard: $230/month for 15k contacts
My current costs: $50/month for unlimited (using my own SMTP)
But then I realized why people pay it - the setup/maintenance time is brutal. Spent 3 weeks just getting subscriber management right.
So the real question: would you pay $10/month for a middle ground? All the features of the big players, but you bring your own SMTP (SendGrid, Mailgun, etc.) and own your data?
Currently testing this approach - curious if others see the same pricing/ownership gap I do.
GitHub: https://github.com/rasadov/NewsletterManager
I'm a solo founder building a Compliance-as-a-Service platform focused on startups and indie developers who find tools like Vanta/Drata too expensive or complex. Think of it as "SOC 2 for solo devs" — affordable, easy to use, and monthly pricing.
I launched about 2 weeks ago, and so far: 100+ registered users; 60+ startups onboarded; Fully built MVP, launched, iterating fast; Based in Azerbaijan, which helps keep ops lean
I'm bootstrapping everything — product, design, support, and growth. No revenue yet, but lots of demand from early users asking about audits, integrations, and long-term support.
Why I'm Posting:
I'm preparing to raise a small seed round to grow this into something serious — cover runway, build a small team, support more frameworks, and partner with audit firms.
I’m considering asking $200K for 10% equity (implying a $2M valuation). This would give me 18–24 months of runway here.
My Questions for HN:
Is this a reasonable raise/valuation given the early traction and solo founder status?
Would investors be open to this if I’m based outside the US (Azerbaijan)?
Any tips on how/where to approach angels or pre-seed VCs who get compliance, SaaS, or developer tools?
Any thoughts, advice, or intros would be massively appreciated
Fair to be cautious, I get it. We’re a real startup, just launched our MVP recently, and wanted to share what we’re building with the community. It’s our first time posting here, but we’re genuinely looking to get feedback and connect with others. Happy to answer any questions!
Hi, thanks for reaching out! The issue you encountered with the CORS policy has been fixed. You should be able to register without encountering the CORS issue anymore. If you run into any other issues, please don't hesitate to let us know!
