Pricing
Simple, transparent pricing
for compliance automation
Every plan includes 12+ compliance frameworks, vendor risk management, and continuous monitoring. AI usage follows each plan feature gate and is billed separately as pay-as-you-go. No hidden fees. No per-framework charges. Start free and scale as your compliance program grows.
Growth
For small teams getting serious about compliance. Evidence collection, policy automation, continuous monitoring, and device security — all included.
- All frameworks, including custom
- Evidence collection and AI review
- AI Assistant (Ask Sam)
- Policy generation — 50 docs / mo
- Continuous monitoring — AWS, Azure, GCP, M365
- Device monitoring — 10 devices
- Access reviews with AI risk analysis
- Vendor risk management with AI scoring
- Up to 5 team members & auditors
- Custom domain trust page
- IP allowlisting, audit export
Professional
For teams actively pursuing SOC 2, ISO 27001, or HIPAA certification with full evidence collection, policy automation, and infrastructure monitoring.
- Everything in Growth, plus:
- Policy generation — 200 docs / mo
- Continuous monitoring — 5 connections per platform
- Device monitoring — 25 devices
- Evidence uploads, 25 MB max
- Up to 10 team members & auditors
- Up to 20 custom vendors
- Higher AI vendor assessment limit
Enterprise
For organizations managing multiple compliance frameworks at scale with dedicated support, unlimited device monitoring, and continuous infrastructure scanning.
- Everything in Professional, plus:
- 2 compliance workspaces
- Policy generation — 500 docs / mo
- Continuous monitoring — 10 connections per platform
- Device monitoring — unlimited devices
- Evidence uploads, 50 MB max
- Up to 100 custom vendors
- Up to 50 team members & auditors
- Custom audit retention up to 7 years
- Dedicated support
Custom
Need more workspaces, higher limits, dedicated support, or custom SLAs? We build plans around your requirements.
- Everything in Enterprise, plus:
- Dedicated support engineer
- Custom SLAs and uptime guarantees
- Unlimited workspaces
- Unlimited team members
- Custom audit retention
- On-call onboarding assistance
Need something tailored?
We build custom compliance configurations for teams with unique regulatory requirements, multi-entity structures, or industry-specific frameworks like FedRAMP, HITRUST, or CMMC.
Included in every plan
All compliance frameworks included. Full regulatory coverage.
From SOC 2 and ISO 27001 to HIPAA, GDPR, PCI DSS, FedRAMP, and the EU AI Act. Every plan includes the frameworks your auditors, enterprise customers, and regulators expect. No per-framework charges.
Security & Trust
International Standards
Government & AI Governance
Plan details
Compare every feature
| Growth | Professional | Enterprise | Custom | |
|---|---|---|---|---|
| Compliance Frameworks | ||||
| SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, FedRAMP, HITRUST, CCPA, ISO 42001, NIST AI RMF, EU AI Act, and custom frameworks | ||||
| AI-driven framework selection based on your risk profile | ||||
| Auto-generated control checklists mapped to each framework | ||||
| Real-time readiness scoring per framework | ||||
| Instant audit-ready detection across your entire program | ||||
| Custom frameworks for regional and industry-specific regulations | ||||
| Isolated compliance workspaces | 1 | 1 | 2 | |
| AI-Powered Onboarding | ||||
| Conversational setup that learns your business in minutes | ||||
| Deep-dive profiling across 60+ risk and regulatory signals | ||||
| Automated company profile generation | ||||
| Tailored framework recommendations from day one | ||||
| AI Assistant | ||||
| Natural language compliance guidance | ||||
| Evidence upload recommendations per control | ||||
| On-demand compliance posture summaries | ||||
| Personalized answers informed by your company profile and frameworks | ||||
| Prioritized next steps to close compliance gaps | ||||
| Sam daily messages | ||||
| AI-generated evidence documents with conversational context gathering | ||||
| Conversation memory with NLP-powered context recall | ||||
| Evidence Collection | ||||
| AI-powered evidence review with confidence scoring | ||||
| AI evidence reviews per month | ||||
| Automated sensitive data and credential detection | ||||
| One-click evidence approval workflows | ||||
| Complete version history with per-requirement audit trail | ||||
| AI-generated review notes on every submission | ||||
| AI evidence documents per month | ||||
| Automatic document classification and tagging | ||||
| Malware scanning and file integrity validation | ||||
| Evidence uploads per month | ||||
| Max file size per upload | 20 MB | 25 MB | 50 MB | |
| Continuous Monitoring | ||||
| Automated evidence expiry tracking across all controls | ||||
| Proactive email alerts before evidence goes stale | ||||
| Priority-sorted remediation dashboard | ||||
| Infrastructure scanning | 1 per platform | 5 per platform | 10 per platform | |
| Device monitoring agent (Mac & Windows) | 10 devices | 25 devices | Unlimited | |
| Automated control mapping from scan findings | ||||
| Audit evidence collection from scan results | ||||
| Policy Generation | ||||
| AI-generated policy documents ready for board review | ||||
| AI-recommended policy list based on your frameworks | ||||
| One-click PDF export | ||||
| Approval workflows before policies go live | ||||
| Version-controlled policy change tracking | ||||
| Custom policy generation | ||||
| Generated documents per month | 50 / mo | 200 / mo | 500 / mo | |
| Policy Signatures | ||||
| Send approved policies to employees for acknowledgment via email | ||||
| Typed or drawn signature capture on every acknowledgment | ||||
| Signed acknowledgment PDF auto-generated and stored for audit | ||||
| Per-document progress tracking with employee-level status | ||||
| One-click reminders for pending signatures with cooldown protection | ||||
| Vendor Risk Management | ||||
| Pre-loaded catalog of 230+ enterprise vendors | ||||
| AI-powered risk scoring with real-time web intelligence | ||||
| Categorized findings across breaches, CVEs, and regulatory actions | ||||
| Cross-framework impact analysis per finding | ||||
| Automated vendor certification discovery | ||||
| Actionable risk alerts with resolution workflows | ||||
| Daily vendor risk digest delivered to stakeholders | ||||
| Custom vendors | 5 | 20 | 100 | |
| AI vendor assessments per month | ||||
| Risk Register | ||||
| Risk scoring with 5x5 likelihood/impact matrix | ||||
| Inherent and residual risk assessment | ||||
| Risk-to-control mapping across all active frameworks | ||||
| Vendor-linked risk scenarios with auto-association | ||||
| Interactive heat map visualization | ||||
| AI-generated risk scenarios based on your company profile | ||||
| Risk owner assignment and accountability tracking | ||||
| Dashboard & Reporting | ||||
| Organization-wide compliance readiness score | ||||
| Framework-level progress tracking | ||||
| Evidence status breakdown: approved, pending, and gaps | ||||
| Team & Collaboration | ||||
| Role-based access control (owner, member, auditor) | ||||
| Multi-workspace access for cross-entity compliance | ||||
| Team members & auditors (including owner) | 5 | 10 | 50 | |
| Auditor Portal | ||||
| Invite external auditors directly from your workspace | ||||
| Read-only audit view with no access to drafts or internal data | ||||
| Scoped access per compliance pack | ||||
| Complete audit trail of every auditor action | ||||
| Access Reviews | ||||
| AI-powered user access review campaigns | ||||
| Automated IAM user discovery from connected integrations | ||||
| AI risk analysis with flagging for inactive, over-privileged, and MFA-less accounts | ||||
| Email-based review workflow with tokenized access links | ||||
| Mandatory justification on every approve, revoke, and flag decision | ||||
| Auto-revocation of unreviewed access when campaigns expire | ||||
| Evidence PDF auto-generated and attached to compliance checklist on close | ||||
| Campaign cancellation with automatic token invalidation | ||||
| Access review AI runs per month | ||||
| Personnel Checklists | ||||
| AI-generated onboarding and offboarding checklists tailored to your frameworks | ||||
| Create custom checklist templates with categories and required items | ||||
| Per-employee checklist runs with real-time progress tracking | ||||
| Notes and audit trail on every checklist item for compliance evidence | ||||
| Completed runs serve as audit evidence for SOC 2, HIPAA, and ISO 27001 | ||||
| Cloud Integrations | ||||
| Amazon Web Services | ||||
| Google Cloud Platform | ||||
| GitHub | ||||
| GitLab | ||||
| Google Workspace | ||||
| Microsoft 365 | ||||
| Microsoft Azure | ||||
| Automated evidence collection from connected systems | ||||
| Continuous infrastructure scanning for compliance drift | ||||
| AI-guided remediation chat for failing security checks | ||||
| Connections per platform | 1 | 5 | 10 | |
| Integration matching AI calls per month | ||||
| Platform Security | ||||
| Passwordless login with passkeys | ||||
| AES-256 encryption at rest for all stored files | ||||
| Brute-force and credential stuffing protection | ||||
| Automated credential leak detection on every upload | ||||
| IP allowlisting to restrict access by network range | ||||
| Login anomaly detection with email alerts | ||||
| Audit Trail | ||||
| Comprehensive activity logging across all operations | ||||
| Searchable, filterable audit history | ||||
| Export audit logs as CSV or JSON | ||||
| Audit trail retention | 90 days | 1 year | 7 years | |
| Custom retention period (up to 7 years) | ||||
| Trust Page | ||||
| Public compliance trust page at trust.evidr.com | ||||
| Live compliance health score from real checklist data | ||||
| Framework badges with completion progress | ||||
| AI-generated security practice sections from onboarding data | ||||
| Email-gated document vault for sharing approved policies | ||||
| Vendor transparency with risk levels | ||||
| Custom domain with automatic SSL (e.g. trust.yourcompany.com) | ||||
| Custom branding (logo, colors, intro text) | ||||
| Custom security sections | Up to 4 | Up to 10 | Up to 50 | |
| Security questionnaire answers per month | ||||
| Notifications | ||||
| Evidence rejection and flag alerts | ||||
| Proactive reminders before documents expire | ||||
| Daily vendor risk digest | ||||
| Support | ||||
| Email support | ||||
| Priority response times | ||||
| Dedicated support | Custom plans only | Custom plans only | Custom plans only | |
FAQ
Common questions
What makes the Enterprise plan different?
Enterprise includes 2 isolated workspaces, 300 evidence uploads per month, 10 connections per integration platform, 50 team members and auditors, dedicated support, and custom audit retention up to 7 years. It is built for multi-entity programs.
Can I start with a smaller plan and upgrade later?
Yes. Start with Growth to evaluate the platform, then upgrade to Professional or Enterprise when you need more workspaces, team members, or dedicated support. Changes are prorated.
Can I switch plans later?
Yes. Upgrade or downgrade at any time from the Billing page. Changes are prorated, so you only pay for what you use.
What frameworks are included?
All plans include SOC 2 Type I & II, ISO 27001, ISO 42001, HIPAA, GDPR, PCI DSS, CCPA, HITRUST, FedRAMP, NIST AI RMF, EU AI Act, and custom frameworks.
How is my data protected?
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We use AWS infrastructure with Secrets Manager, and every action is tracked in an audit log.
How is billing structured?
All paid plans are billed annually. Prices shown are the monthly equivalent for easy comparison. You can cancel anytime, and your subscription remains active through the end of the billing period.
What integrations are available?
All plans include continuous monitoring for AWS, Azure, Google Cloud, and Microsoft 365 with 80+ security checks. The Evidr device agent monitors endpoint posture on Mac and Windows (10 devices on Growth, 25 on Professional, unlimited on Enterprise). Additional integrations include GitHub, GitLab, Okta, and Google Workspace.
Can I cancel anytime?
Yes. Cancel from the Billing page at any time. Your subscription stays active until the end of the current billing period.
How does Sam AI billing work?
AI usage is billed separately as pay-as-you-go when an enabled AI workflow is used. Input tokens: $0.20/1M. Output tokens: $0.60/1M. You are billed monthly based on AI tokens consumed. If you don't use AI in a given month, you are not charged. A minimum of $1.00 applies to months with usage. A saved payment method is required for billable usage.
Is there a free trial?
Contact us for a demo and trial access. All plans include a 14-day money-back guarantee.
Ready to scale your compliance program?
Talk to our team about Enterprise deployment, custom frameworks, and dedicated support.