(www.lumoar.com)

91 points asdxrfx | 2 comments | 12 May 25 19:05 UTC | HN request time: 0s | source

We built Lumoar to help small SaaS teams get SOC 2-ready without paying thousands for Big 4 consultants or dealing with bloated compliance platforms.

As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.

Lumoar is a simpler alternative: - Generate compliant SOC 2 policies automatically - Track your controls and progress in a clean dashboard - Upload evidence and get plain-language recommendations - Designed for engineers and founders, not compliance pros

It's free to start — you can generate policies and explore the dashboard without a sales call or demo.

Would love to hear what blockers you’ve faced with SOC 2 and what other frameworks you’re thinking about (e.g., ISO 27001, GDPR). All feedback is welcome.

1. davsti4 ◴[12 May 25 21:08 UTC] No.43967465[source]▶

>>43966471 (OP) #

Trying to register and I get this in the browser console:

Access to fetch at 'https://api.lumoar.com/v1/auth/register' from origin 'https://www.lumoar.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

replies(1): >>43967666 #

2. asdxrfx ◴[12 May 25 21:33 UTC] No.43967666[source]▶

>>43967465 (TP) #

Hi, thanks for reaching out! The issue you encountered with the CORS policy has been fixed. You should be able to register without encountering the CORS issue anymore. If you run into any other issues, please don't hesitate to let us know!

↑

Show HN: Lumoar – Free SOC 2 tool for SaaS startups