| ▲ | mlitwiniuk 4 days ago |
| Humadroid (https://humadroid.io) - AI-Assisted SOC 2 & ISO 27001 compliance for small teams. $125/month flat (for now, during beta). Recently crossed the $500/month mark after a painful pivot from HR tech earlier this year. The whole thing started because I did ISO 27001 back in 2019 and was completely lost - overpaid for consultants, got lost with policies and controls, figured it out the hard way. Passed SOC 2 Type I earlier this year using only Humadroid (yes, dogfooding a compliance tool through an actual audit was... an experience). Currently finishing automated evidence collection (AWS and GitHub integrations first). Pretty proud of that one - compliance shouldn't mean "panic-screenshot everything before audit." |
|
| ▲ | tow21 4 days ago | parent | next [-] |
| Really cool stuff, I thought about launching something similar earlier this year, there's definitely a market there. I see a lot of AI-ative startups coming up against compliance requirements way earlier than before, with much smaller teams, and most existing solutions just need too much from you as you engage. How do you see yourself against someone like delve.co? |
| |
| ▲ | mlitwiniuk 4 days ago | parent [-] | | Honestly, Delve is great. Them and Compai are leading the front of modern AI-assisted compliance right now. I'm chasing them. What I'm trying to do differently is depth of context. Humadroid learns about your company first - how you operate, your stack, your processes. From there it generates control descriptions that are actually actionable for your setup, and policies that need minimal review rather than a full rewrite. Whether that's enough differentiation? Ask me in a year. |
|
|
| ▲ | 946789987649 4 days ago | parent | prev | next [-] |
| What's the USP over something like Vanta/Drata (aside the cost being much lower currently)? |
| |
| ▲ | mlitwiniuk 4 days ago | parent [-] | | The big difference is context-awareness. Vanta/Drata give you templates and checklists. Humadroid starts by understanding your company - what you actually do, how you operate, your tech stack. From there, the AI generates policies that are yours, not generic docs with [COMPANY NAME] placeholders. Same with control descriptions - they're specific and actionable for your setup, not "implement access control" with no context. It also identifies risks based on what you actually do and helps build business continuity plans around your real critical processes. You still review everything (it's compliance, not magic), but you're editing 80% done work instead of staring at a blank template wondering where to start. The price difference is real too, but honestly that's a side effect of being early and solo - not the core value prop. | | |
| ▲ | 946789987649 4 days ago | parent [-] | | Gotcha. And then how does that translate into the audit process? Because Vanta/Drata have auditors they work with regularly, there's a bit of an incentive on both sides to use these templates because then it speeds up that part tremendously. I can't imagine the auditors being happy about really diving into hyper bespoke documents for every audit. Your product seems great for actually doing the spirit of these frameworks (reducing risk, improving controls and processes etc.). However from what I've seen the reality of these audits is it's a box ticking exercise for everyone involved, and so improving the efficiency there tends to be the goal. How do you position yourself in that? Also hope this doesn't come off too critical, it's just something I've been through recently and love seeing new things! I'd definitely add a vanta/drata comparison to your website though as that is inevitable. | | |
| ▲ | mlitwiniuk 4 days ago | parent [-] | | Honestly, great questions - this is either good exercise for me or actionable feedback. Both valuable. Right now I recommend auditors but don't have formal partnerships. Vanta/Drata's auditor relationships are... let's say on the edge of conflicted? I don't want to go that route. And at $250/month I can't play the referral game anyway (Vanta pays hundreds per referral - that math doesn't work for me). What I can do is democratize access. I've watched too many small teams get excited about SOC 2, then ghost once they see the total cost - $15k+ for the platform, $20k+ for consultants, $15k+ for auditors. I want the barrier low enough that smaller businesses can actually get certified and compete with bigger players. On the checkbox vs. real security thing - you're right, it's tricky. I don't want to be another "generate docs, tick boxes, forget until next audit" platform. But targeting smaller businesses actually helps here - when you're a 10-person company, management is in the compliance process, not just signing off on someone else's work. It tends to stick better. That said, sometimes I wonder if I help too much. My System Description assistant is almost unfair - what used to take weeks now takes minutes. Is that checkbox-enabling or democratizing? Genuinely not sure. And yes - "vs Vanta/Drata" pages are going on the list. You're not the first to ask. |
|
|
|
|
| ▲ | thelittleone 4 days ago | parent | prev [-] |
| Not clear on site if it integrates third parties for test automation. |
| |
| ▲ | mlitwiniuk 4 days ago | parent [-] | | Not yet - but literally finishing this week. Promised a customer I'd ship it before Christmas, so that's been my deadline. AWS and GitHub integrations first. It auto-fetches and verifies the data (where applicable), creating read-only evidence snapshots. No manual screenshots or "I swear this config was set correctly" moments during audits. Part of the standard price - no integration tier upsell. |
|
