> As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.
Is Lumoar SOC2 compliant?
Having the policy doesn't preclude the audit or questionnaire requirement does it? This just puts the answers in one place?
The compliance pros still want all their ceremony - it's most of what they sell.
Trying to register and I get this in the browser console:
Access to fetch at 'https://api.lumoar.com/v1/auth/register' from origin 'https://www.lumoar.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
Before providing any legal-related services, it's better to ensure that your own affairs are in compliance. At least, have a clear terms of service page [1], which is currently not available.
Every “free SOC-2” platform I researched and demoed before landing on paid platform always had a catch. What is yours?
Genuinely curious and debating the costs of other SOC2 platforms. But your tool doesn't load anything when I go to controls.
> Error: Failed to fetch
Not a good way to debut
How isn't this just straight up spam? OP has never posted before today.
That’s a compelling niche. SOC 2 prep is a brutal rabbit hole for small teams. Even just a pre-flight checklist with integrations would be useful—curious how much automation they’re actually packing in.
Every website that does not explain an abbreviation before the first use is automatically non-compliant.
Not sure if my feedback can help.
As someone who don't know anything about SOC2, but still aware that if I want to signal 'data privacy' that I need to get it: I don't know what I'm supposed to do on your site.
Some sort of onboarding can help, like what are my steps from knowing nothing to actually getting the SOC2. Maybe some educational contents or resources can also help.