frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Show HN: Lumoar – Free SOC 2 tool for SaaS startups

https://www.lumoar.com
32•asdxrfx•2h ago
We built Lumoar to help small SaaS teams get SOC 2-ready without paying thousands for Big 4 consultants or dealing with bloated compliance platforms.

As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.

Lumoar is a simpler alternative: - Generate compliant SOC 2 policies automatically - Track your controls and progress in a clean dashboard - Upload evidence and get plain-language recommendations - Designed for engineers and founders, not compliance pros

It's free to start — you can generate policies and explore the dashboard without a sales call or demo.

Would love to hear what blockers you’ve faced with SOC 2 and what other frameworks you’re thinking about (e.g., ISO 27001, GDPR). All feedback is welcome.

Comments

reconnecting•2h ago
Before providing any legal-related services, it's better to ensure that your own affairs are in compliance. At least, have a clear terms of service page [1], which is currently not available.

[1] https://www.lumoar.com/terms-of-service.html

asdxrfx•2h ago
Good day. We apologize for our mistake. We have now fixed the link on the page so it works correctly. Thanks for pointing out
reconnecting•1h ago
IANAL, but it looks like very poor AI generated T&C.
asdxrfx•1h ago
Appreciate you flagging this. The current Terms of Use was generated using a standard terms generator we integrated into our site, so it’s not AI-generated, but we agree it still needs improvement. We’re planning to have it reviewed and refined soon to better reflect our product and responsibilities. Thanks again for keeping us sharp.
reconnecting•1h ago
Perhaps it's an acceptable approach for a very limited type of non-commercial websites, but your organization pretends to provide a platform for compliance management, and from this perspective, you must first clarify your business responsibilities and your terms of service, as this is actually a part of what your company tries to sale at scale.
edoceo•2h ago
Having the policy doesn't preclude the audit or questionnaire requirement does it? This just puts the answers in one place?

The compliance pros still want all their ceremony - it's most of what they sell.

havefunbesafe•2h ago
True, but having this makes the entire process easier. Organization is key to a speedy and clean audit.
asdxrfx•1h ago
Exactly, staying organized is half the battle. Our goal with Lumoar is to make that organization effortless from day one. We’re also working on future updates with AI agents and automation to make audits and questionnaires even less painful. More coming soon!
throw03172019•1h ago
Every “free SOC-2” platform I researched and demoed before landing on paid platform always had a catch. What is yours?
asdxrfx•1h ago
No catch. It's completely free. We plan to offer paid add-ons (like AI automation and integrations) later, but the basics stay free.
aagha•30m ago
Which paid one did you land on?
java-man•1h ago
Every website that does not explain an abbreviation before the first use is automatically non-compliant.
asdxrfx•42m ago
Thanks for pointing out. We fixed our mistake.
davsti4•55m ago
Trying to register and I get this in the browser console:

Access to fetch at 'https://api.lumoar.com/v1/auth/register' from origin 'https://www.lumoar.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

asdxrfx•29m ago
Hi, thanks for reaching out! The issue you encountered with the CORS policy has been fixed. You should be able to register without encountering the CORS issue anymore. If you run into any other issues, please don't hesitate to let us know!
Oras•46m ago
> As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.

Is Lumoar SOC2 compliant?

asdxrfx•37m ago
Thanks for asking! We’re not SOC 2 compliant yet, but we’re actively preparing for it. We recently launched our MVP, and ensuring strong security and compliance has been a key part of our roadmap from day one. We’re happy to share more about how we handle security today if that’s helpful!
Oras•29m ago
My point was that compliance is about trust. If I want to go the SOC2 or ISO27001 route, I want a company that has done it before.

Free in your case is not free, it's pretty expensive. If I can't comply in time, that might mean losing potential business, being late to the market, etc.

Good luck though, you made the first step.

asdxrfx•25m ago
We understand your concern, and we will focus more on this step for now. Thanks for the feedback. If you have anything else to say, we are glad to listen.
GiorgioG•11m ago
How isn't this just straight up spam? OP has never posted before today.

Our Genetic Constitution

https://www.palladiummag.com/2025/05/11/our-genetic-constitution/
2•minifyre•6m ago•0 comments

Qatar-gifted Air Force One may be security, upgrade disaster

https://www.defensenews.com/air/2025/05/12/experts-qatar-gifted-air-force-one-may-be-security-upgrade-disaster/
1•howard941•8m ago•0 comments

VPNSecure cancels lifetime subscriptions after changing owners

https://arstechnica.com/gadgets/2025/05/vpn-firm-says-it-didnt-know-customers-had-lifetime-subscriptions-cancels-them/
2•ndr42•10m ago•1 comments

Ask HN: What is the objective of your life?

1•astrodude•12m ago•0 comments

WaSCR: A WebAssembly Instruction-Timing Side Channel Repairer

https://dl.acm.org/doi/10.1145/3696410.3714693
1•nenaoki•13m ago•0 comments

Blitzscaling for Tyrants

https://www.programmablemutter.com/p/blitzscaling-for-tyrants
1•namenumber•15m ago•0 comments

2025 EuroLLVM Developers' Meeting

https://www.youtube.com/playlist?list=PL_R5A0lGi1AA3VCp6hZtgJKq4snmBQGDF
3•matt_d•16m ago•0 comments

Bhutan's Plan to Boost Its Economy with 'Mindful Capitalism'

https://time.com/7204652/gelephu-mindfulness-city-bhutan-economy/
1•jaredwiener•16m ago•0 comments

Microsoft is killing SharePoint alerts

https://www.neowin.net/news/microsoft-is-killing-sharepoint-alerts/
1•bundie•16m ago•0 comments

Tech oligarchs are gambling our future on a fantasy

https://www.theguardian.com/commentisfree/2025/may/03/tech-oligarchs-musk
4•doener•21m ago•1 comments

Journal for the Philosophy of Planetary Computation

https://journal.antikythera.org/
1•namenumber•23m ago•0 comments

New concept drastically reduces manufacturing time for aircraft doors

https://techxplore.com/news/2025-04-concept-materials-production-drastically-aircraft.html
1•PaulHoule•24m ago•0 comments

National Hotel Disease (1857)

https://en.wikipedia.org/wiki/National_Hotel_disease
1•quuxplusone•26m ago•0 comments

From Ashes to Innovation: How Personal Tragedy Forged My Entrepreneurial Path

https://www.indiehackers.com/post/from-ashes-to-innovation-how-personal-tragedy-and-global-crisis-forged-my-entrepreneurial-path-0019cbffeb
1•buzzbyjool•27m ago•0 comments

Multiple Security Issues in Screen

https://security.opensuse.org/2025/05/12/screen-security-issues.html
2•_JamesA_•30m ago•0 comments

First white South Africans arrive in US as Trump claims they face discrimination

https://www.reuters.com/world/first-white-south-africans-fly-us-under-trump-refugee-plan-2025-05-12/
1•belter•31m ago•0 comments

Anthropic Cofounder: 'Manager Nerds' Will Be 'Incredibly Powerful'

https://www.businessinsider.com/anthropic-cofounder-jack-clark-ai-manager-nerds-2025-5
2•andrewfromx•31m ago•2 comments

Chinese researchers develop silicon-free transistor, claim efficient and fast

https://www.techradar.com/pro/chinese-researchers-develop-silicon-free-transistor-technology-claimed-to-be-fastest-and-most-efficient-ever-heres-what-we-know
1•gnabgib•31m ago•0 comments

Ninth Bridgewater Treatise

https://en.wikipedia.org/wiki/Ninth_Bridgewater_Treatise
1•benbreen•34m ago•0 comments

Coinbase set to join S&P 500

https://www.cnbc.com/2025/05/12/coinbase-joining-sp-500-replacing-discover-financial.html
3•mfiguiere•35m ago•0 comments

A Year Later: Getting Kicked Out of the Recurse Center

https://notebook.wesleyac.com/rc-reflection/
2•gaws•35m ago•0 comments

Reasoning LLMs Guide

https://docs.google.com/document/d/1AwylUdyciJhvYn-64ltpe79UL7_G-BmNwqs4NNt4oQ0/edit?usp=sharing
1•omarsar•36m ago•0 comments

FCC Seeks Comment on EchoStar Licenses of 2 GHz MSS Spectrum

https://docs.fcc.gov/public/attachments/DA-25-405A1.txt
1•impish9208•40m ago•0 comments

Self-hosting HyperDX for fun and profit

https://weberdominik.com/blog/self-host-hyperdx/
1•brendanashworth•41m ago•0 comments

Show HN: Launched Badges-showcase launches on HN, Reddit and more, not just PH

https://launched-badges.lovable.app/
1•sundaywong•43m ago•0 comments

ChatGPT could never get a PhD in geography

https://garymarcus.substack.com/p/chatgpt-blows-mapmaking-101
3•garymarcus•44m ago•3 comments

Why aren't more Windows programs written in JavaScript?

https://old.reddit.com/r/microsoft/comments/1kkzmmu/why_arent_more_windows_programs_written_in/
3•bundie•45m ago•1 comments

The DoD Is Looking for C-UAS Low-Cost Sensing Solutions

https://www.diu.mil/latest/diu-presents-c-uas-low-cost-sensing-challenge
1•josh_carterPDX•47m ago•1 comments

Show HN: Understand your current page at a glance – chrome extension

https://chromewebstore.google.com/detail/page-overview/linicdbaokahhhglapipfcadglghbadh
1•samiezkay•50m ago•0 comments

Why is Bella Ramsey the target of so much hate?

https://english.elpais.com/culture/2025-05-12/why-is-bella-ramsey-the-target-of-so-much-hate-the-last-of-us-star-sparks-the-fury-of-the-manosphere.html
5•geox•50m ago•3 comments