For startups about to raise

Due-diligence ready, without draining your runway.

Start with the essentials so you don't lose credibility in front of the investor. Write to us and we'll figure out what you need, then only what you need now: no enterprise packages you don't need.

We'll honestly tell you if you need it, or if a little is enough for now.
Scale up when needed, not before.

The investor asked the question. Now what?

During due diligence (or the accelerator checklist) the question lands: "How do you handle data? Do you have a security policy? Are you certified?" You're juggling product, fundraising and everything else, you have no security person, and you fear two opposite things: looking amateur, or being sold a full €50K ISO you don't need and can't afford right now.

Your three fears, at this stage

You don't know where to start.
You fear the cost (the #1 objection at this stage).
You have no time: every week on the raise counts.

Start with the essentials. Scale when needed.

Almost always, at pre-seed/seed, you don't need full ISO 27001 to pass due diligence. Often what's enough: clear security policies, access and data in order, a first assessment, and a Trust Center showing the investor you "do things properly." Then, when the business calls for it (enterprise customers, regulated market), you step up to ISO 27001 or SOC 2.

What's usually enough now

Write to us and we'll figure out what you need: we tell you what investors typically ask and what you already have in place.
Security essentials: policies, access/identity management, baseline hardening, first assessment.
Starter Trust Center: the page that shows at a glance you take security seriously.
Clear growth path: when the enterprise customer arrives, you already know the route to ISO 27001/SOC 2.

Why trust us: no inflated badges

Honesty as method. We tell you whether you need it or not: the signal that we're not trying to sell you the maximum.
We come from real security (pentests, hardening, governance): the essentials we give you are solid, not a template.
Our own Trust Center is live: the same tool you'd use, we use on ourselves.
Clear, accessible pricing for your stage.

Go deeper

Only what you need, when you need it.

ISO 27001: the growth path

When the enterprise customer arrives: the certification, built on the essentials already in place.

Go to service

Transparent pricing

Clear ranges for your stage: you pay only for what you need now.

See pricing

Our Trust Center

The same tool you'd use, applied to ourselves: take a look.

Visit the Trust Center

Anti-overselling: for your round, you'll often need less than you fear. We don't sell fake urgency or enterprise packages you don't need. No customer, body or facilitator name without consent.

The objections you have right now

Is it too much for my stage?

We start with the essentials: write to us and we'll figure out what you need, then you pay only for what you actually need now. No enterprise packages. Startup-minded pricing, with clear ranges.

Do I really need it now, or can I wait?

We tell you honestly when you reach out. Sometimes a little is enough to be credible in due diligence (policies + Trust Center). Sometimes more is needed. We don't sell fake urgency.

Trust Center or full ISO 27001?

Almost always, for the round, starting with a Trust Center + security essentials is enough. Full ISO 27001 makes sense when enterprise customers arrive, and when that time comes, you already know the route.

What do investors usually ask about security?

Typically: how you handle personal data (GDPR), access and secrets, security policies, and a possible roadmap to ISO 27001/SOC 2. We give you a checklist and tell you what's already in place.

If I grow, do I have to redo everything?

No: the essentials we set up now are the foundation for ISO 27001 or SOC 2. You grow without throwing away the work done.

How we start (and how long it takes)

From the little you need now, to growth when it makes sense.

1
Initial analysis
What the investor asks, what you have, what's enough now.
2
Essentials
Policies, access, starter Trust Center: often quick, because it's focused work.
3
Growth
When the enterprise customer arrives → ISO 27001 (typical prep 3-6 months + audit) or SOC 2, and light maintenance that grows with you.

Continue the path

Enterprise deal blocked

When the customer who needs SOC 2 or ISO 27001 to sign comes along.

Learn more

How we work

The transparent method that dispels "for show."

See our method

Continuous security

Light maintenance that grows with you.

Explore the retainer

Is this your situation? Tell us.

We'll reply honestly. You'll often find your round needs less than you fear.