←back to thread

Show HN: Lumoar – Free SOC 2 tool for SaaS startups

(www.lumoar.com)
91 points asdxrfx | 2 comments | 12 May 25 19:05 UTC | HN request time: 0s | source

We built Lumoar to help small SaaS teams get SOC 2-ready without paying thousands for Big 4 consultants or dealing with bloated compliance platforms.

As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.

Lumoar is a simpler alternative: - Generate compliant SOC 2 policies automatically - Track your controls and progress in a clean dashboard - Upload evidence and get plain-language recommendations - Designed for engineers and founders, not compliance pros

It's free to start — you can generate policies and explore the dashboard without a sales call or demo.

Would love to hear what blockers you’ve faced with SOC 2 and what other frameworks you’re thinking about (e.g., ISO 27001, GDPR). All feedback is welcome.

Show context
reconnecting ◴[12 May 25 19:35 UTC] No.43966731[source]
Before providing any legal-related services, it's better to ensure that your own affairs are in compliance. At least, have a clear terms of service page [1], which is currently not available.

[1] https://www.lumoar.com/terms-of-service.html

replies(1): >>43966911 #
asdxrfx ◴[12 May 25 20:01 UTC] No.43966911[source]
Good day. We apologize for our mistake. We have now fixed the link on the page so it works correctly. Thanks for pointing out
replies(1): >>43966990 #
reconnecting ◴[12 May 25 20:10 UTC] No.43966990[source]
IANAL, but it looks like very poor AI generated T&C.
replies(1): >>43967051 #
1. asdxrfx ◴[12 May 25 20:19 UTC] No.43967051{3}[source]
Appreciate you flagging this. The current Terms of Use was generated using a standard terms generator we integrated into our site, so it’s not AI-generated, but we agree it still needs improvement. We’re planning to have it reviewed and refined soon to better reflect our product and responsibilities. Thanks again for keeping us sharp.
replies(1): >>43967236 #
2. reconnecting ◴[12 May 25 20:41 UTC] No.43967236[source]
Perhaps it's an acceptable approach for a very limited type of non-commercial websites, but your organization pretends to provide a platform for compliance management, and from this perspective, you must first clarify your business responsibilities and your terms of service, as this is actually a part of what your company tries to sale at scale.