Pricing
Simple, transparent pricing
for compliance automation
Every plan includes 12+ compliance frameworks, AI-powered evidence review, policy generation, and continuous monitoring. No hidden fees. No per-framework charges. Start free and scale as your compliance program grows.
Built by the same team that builds platforms for
Starter
Full compliance automation platform with capped usage. Ideal for exploring SOC 2, ISO 27001, or HIPAA readiness.
- All frameworks, including custom
- AI-powered evidence review
- AI Assistant for compliance guidance
- Vendor risk management with AI scoring
- 5 policy documents, 10 AI assessments/month
- 10 evidence uploads, 10 MB max
- 1 integration per platform
- Invite your auditor with read-only access
Growth
For small teams getting serious about compliance. More uploads, more documents, more team members.
- Everything in Starter, plus:
- 2 compliance workspaces
- 50 evidence uploads, 15 MB max
- 15 AI-generated documents per month
- 50 AI vendor assessments per month
- 5 integrations per platform
- Up to 5 team members
- AI-generated risk scenarios
- Billing and payment notifications
Professional
For teams actively pursuing SOC 2, ISO 27001, or HIPAA certification with full evidence collection and policy automation.
- Everything in Starter, plus:
- Up to 5 compliance workspaces
- 200 evidence uploads, 25 MB max
- 50 AI-generated documents per month
- 300 AI vendor assessments per month
- 10 integrations per platform
- Up to 10 team members
- Auditor portal with scoped pack access
- IP allowlisting and audit log export
- Priority support
Enterprise
For organizations managing multiple compliance frameworks at scale with dedicated support and custom integrations.
- Everything in Professional, plus:
- 10 workspaces, all frameworks
- Fair use uploads, 100 docs, fair use assessments
- All integrations per platform
- Up to 250 team members
- Auditor portal with full download audit trail
- Custom audit retention up to 7 years
- Dedicated compliance success manager
Need something tailored?
We build custom compliance configurations for teams with unique regulatory requirements, multi-entity structures, or industry-specific frameworks like FedRAMP, HITRUST, or CMMC.
Included in every plan
All compliance frameworks included. Full regulatory coverage.
From SOC 2 and ISO 27001 to HIPAA, GDPR, PCI DSS, FedRAMP, and the EU AI Act. Every plan includes the frameworks your auditors, enterprise customers, and regulators expect. No per-framework charges.
Security & Trust
International Standards
Government & AI Governance
Plan details
Compare every feature
| Starter | Growth | Professional | Enterprise | |
|---|---|---|---|---|
| Compliance Frameworks | ||||
| SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, and 7 more | ||||
| AI-driven framework selection based on your risk profile | ||||
| Auto-generated control checklists mapped to each framework | ||||
| End-to-end control lifecycle tracking | ||||
| Structured by section for faster auditor walkthroughs | ||||
| Real-time readiness scoring per framework | ||||
| Instant audit-ready detection across your entire program | ||||
| Custom frameworks for regional and industry-specific regulations | ||||
| Frameworks per workspace | All available | All available | All available | All available |
| Isolated compliance workspaces | 1 | 2 | 5 | 10 |
| AI-Powered Onboarding | ||||
| Conversational setup that learns your business in minutes | ||||
| Deep-dive profiling across 60+ risk and regulatory signals | ||||
| Automated company profile generation | ||||
| Industry, data classification, and exposure analysis | ||||
| Tailored framework recommendations from day one | ||||
| Adaptive questioning that adjusts to your responses | ||||
| Resume anytime without losing progress | ||||
| AI Assistant | ||||
| Natural language compliance guidance for your team | ||||
| Evidence upload recommendations per control | ||||
| Plain-language explanations of complex framework requirements | ||||
| On-demand compliance posture summaries | ||||
| Personalized answers informed by your company profile and frameworks | ||||
| Prioritized next steps to close compliance gaps | ||||
| Evidence Collection | ||||
| Support for PDFs, images, spreadsheets, and structured data | ||||
| Enterprise-grade encrypted storage (AES-256 at rest) | ||||
| AI-powered evidence review with confidence scoring | ||||
| Automated sensitive data and credential detection | ||||
| One-click evidence approval workflows | ||||
| Complete version history with per-requirement audit trail | ||||
| AI-generated review notes on every submission | ||||
| Automatic document classification and tagging | ||||
| Secure, time-limited access to any document version | ||||
| Malware scanning and file integrity validation | ||||
| Evidence uploads | 10 | 50 | 200 | Fair use |
| Max file size per upload | 10 MB | 15 MB | 25 MB | 50 MB |
| Continuous Monitoring | ||||
| Automated evidence expiry tracking across all controls | ||||
| At-a-glance validity status for every document | ||||
| Countdown timers for upcoming expirations | ||||
| Proactive email alerts before evidence goes stale | ||||
| Priority-sorted remediation dashboard | ||||
| Policy Generation | ||||
| AI-generated policy documents ready for board review | ||||
| 10+ enterprise templates including Security, Incident Response, and Access Control | ||||
| Multi-stage drafting for comprehensive, audit-grade output | ||||
| Policies grounded in current industry best practices | ||||
| Professional formatting with tables, callouts, and structured sections | ||||
| One-click PDF export | ||||
| Approval workflows before policies go live | ||||
| Version-controlled policy change tracking | ||||
| Custom policy generation from free-text descriptions | ||||
| Generated documents per month | 5 | 15 | 50 | 100 |
| Vendor Risk Management | ||||
| Pre-loaded catalog of 230+ enterprise vendors | ||||
| Add any third-party vendor to your risk register | ||||
| Full vendor lifecycle management | ||||
| AI-powered risk scoring with real-time web intelligence | ||||
| Risk severity tiers from low to critical | ||||
| Categorized findings across breaches, CVEs, and regulatory actions | ||||
| Cross-framework impact analysis per finding | ||||
| Automated vendor certification discovery | ||||
| Intelligent alert deduplication across assessments | ||||
| Actionable risk alerts with resolution workflows | ||||
| Daily vendor risk digest delivered to stakeholders | ||||
| Data sharing and contract documentation per vendor | ||||
| Custom vendors | 2 | 5 | 20 | 100 |
| AI risk assessments per month | 10 | 50 | 300 | Fair use |
| Risk Register | ||||
| Centralized risk register per workspace | ||||
| Risk scoring with 5x5 likelihood/impact matrix | ||||
| Inherent and residual risk assessment | ||||
| Treatment strategies: mitigate, accept, transfer, avoid | ||||
| Risk-to-control mapping across all active frameworks | ||||
| Vendor-linked risk scenarios with auto-association | ||||
| Interactive heat map visualization | ||||
| Configurable review frequency and overdue tracking | ||||
| AI-generated risk scenarios based on your company profile | ||||
| Risk owner assignment and accountability tracking | ||||
| 9 risk categories: operational, technical, compliance, and more | ||||
| Dashboard & Reporting | ||||
| Organization-wide compliance readiness score | ||||
| Framework-level progress tracking | ||||
| Evidence status breakdown: approved, pending, and gaps | ||||
| Instant search and filtering across all frameworks | ||||
| Clear audit-ready indicators per framework | ||||
| Team & Collaboration | ||||
| Email-based team invitations | ||||
| Role-based access control (owner, member, auditor) | ||||
| Verified invite acceptance with email confirmation | ||||
| Invitation management and revocation | ||||
| Team member lifecycle management | ||||
| Multi-workspace access for cross-entity compliance | ||||
| Team members (including owner) | 2 | 5 | 10 | 250 |
| Auditor Portal | ||||
| Invite external auditors directly from your workspace | ||||
| Read-only audit view with no access to drafts or internal data | ||||
| Auditors can review all approved policy documents | ||||
| One-click download of the latest evidence per control | ||||
| No visibility into version history, rejected uploads, or AI scores | ||||
| Scoped access per compliance pack | ||||
| Complete audit trail of every auditor download | ||||
| Auditors cannot access other workspaces or companies | ||||
| Integrations | ||||
| Amazon Web Services | ||||
| Google Cloud Platform | ||||
| GitHub and GitLab | ||||
| Okta and Google Workspace | ||||
| Automated evidence collection from connected systems | ||||
| Continuous infrastructure scanning for compliance drift | ||||
| Findings auto-mapped to your active framework controls | ||||
| Connections per platform | 1 | 5 | 10 | All |
| Platform Security | ||||
| Secure email and password authentication | ||||
| One-time passcode verification | ||||
| Passwordless login with passkeys | ||||
| Enterprise password policy enforcement | ||||
| Automatic session rotation and token management | ||||
| Brute-force and credential stuffing protection | ||||
| AES-256 encryption at rest for all stored files | ||||
| Automated credential leak detection on every upload | ||||
| IP allowlisting to restrict access by network range | ||||
| Login anomaly detection with email alerts | ||||
| Audit Trail | ||||
| Comprehensive activity logging across all operations | ||||
| Rich event context for compliance investigations | ||||
| Searchable, filterable audit history | ||||
| GDPR-compliant data deletion with full cleanup | ||||
| Export audit logs as CSV or JSON | ||||
| Audit trail retention | 30 days | 3 months | 1 year | 2 years |
| Custom retention period (up to 7 years) | ||||
| Trust Page | ||||
| Public compliance trust page at trust.evidr.com | ||||
| Live compliance health score from real checklist data | ||||
| Framework badges with completion progress | ||||
| Compliance milestone timeline | ||||
| AI-generated security practice sections from onboarding data | ||||
| Email-gated document vault for sharing approved policies | ||||
| Vendor transparency with risk levels | ||||
| Custom domain with automatic SSL (e.g. trust.yourcompany.com) | ||||
| Document access request tracking | ||||
| Custom branding (logo, colors, intro text) | ||||
| Custom security sections | Up to 4 | Up to 10 | Unlimited | |
| Notifications | ||||
| Instant alerts on evidence rejections and flags | ||||
| Proactive reminders before documents expire | ||||
| Daily vendor risk digest for stakeholders | ||||
| Branded team collaboration emails | ||||
| Payment and billing status notifications | ||||
| Support | ||||
| Email support | ||||
| Priority response times | ||||
| Dedicated compliance success manager | ||||
FAQ
Common questions
What makes the Enterprise plan different?
Enterprise includes 10 isolated workspaces, fair-use evidence uploads, all integrations, 250 team members, a dedicated compliance success manager, and 2-year audit retention. It is built for multi-entity programs.
Can I start with a smaller plan and upgrade later?
Yes. Start with Starter or Growth to evaluate the platform, then upgrade to Professional or Enterprise when you need more workspaces, team members, or dedicated support. Changes are prorated.
Can I switch plans later?
Yes. Upgrade or downgrade at any time from the Billing page. Changes are prorated, so you only pay for what you use.
What frameworks are included?
All plans include SOC 2 Type I & II, ISO 27001, ISO 42001, HIPAA, GDPR, PCI DSS, CCPA, HITRUST, FedRAMP, NIST AI RMF, and EU AI Act. Professional and Enterprise plans can also add custom frameworks.
How is my data protected?
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We use AWS infrastructure with Secrets Manager, and every action is tracked in an audit log. See our Security page for full details.
Do you offer annual billing?
Yes. Professional and Enterprise plans are available with monthly or annual billing.
What integrations are available?
Enterprise plans include integrations with AWS, Google Cloud, GitHub, GitLab, Okta, and Google Workspace for automated evidence collection.
Can I cancel anytime?
Yes. Cancel from the Billing page at any time. Your subscription stays active until the end of the current billing period.
Ready to scale your compliance program?
Talk to our team about Enterprise deployment, custom frameworks, and dedicated support.