Hey, thanks for flagging this Oasnjdskjdn.

Indeed, we are not GDPR compliant. This explains why we don't have a cookie banner. I understand the confusion as this is something we offer to our customers.

In any case, we have cookie & privacy policies with an updated subprocessors list (and a security page) that you can check in our footer.

I understand your worries about privacy - we are fully OSS, you can inspect everything and check what we are tracking (our landing page is here: https://github.com/getprobo/getprobo.com)

If you are not at all familiar with the space, you can view SOC2 as a safety checklist for company storing important data online. The idea behind it is to push companies to implement security measures or processes to protect said data.

However, it does not make you secure. You can look at it like a restaurant health inspection—just because a restaurant passes doesn’t mean you’ll never get food poisoning. It just means they’re following the right procedures at the time of inspection.

One of the reason I'm open-sourcing it (and making it free) is the hope that, if I am able to properly tailor the experience to start-up, they implement security measures adapted to their needs early on, they actually follow them, those security measures grow with them, and when they get the SOC2 audit (later), it actually means something.

Hey everyone,

Over the last months, I built an open-source solution for compliance. The platform is still early stage, but it is already serving a few customers.

SOC 2 is the first framework with which we started, and as it is mainly good practice (especially early on), I believe it should be openly accessible.

So if it can help you out, feel free to use it!

Approval is not mandatory for all PRs. You can change your policy about it and easily justify it with your auditor. => It makes way more sense to have important stuff reviewed vs automated approval from a bot.

I think most people blindly try to get controls in Vanta/Drata to pass like us. I'd much rather build a dumb bot than having to talk to my auditor. But still

> we realize how stupid this is

Hey, Probo founder here.

We are helping several companies achieve compliance using our MVP and are building the open-source software in parallel. You can check our avancement here: https://github.com/getprobo/probo

As it is under construction, no testimonial yet regarding the self-hosted part.

But happy to help you if we can, feel free to reach out.

If I’m understanding correctly, the MVP and OSS are separate. If correct then I have to ask if the OSS version is in a usable state? Regardless, I’ll keep an eye on this project. Kudos.

I did plenty of user interviews to understand user pains with Vanta & like for Probo.

Obviously, one of the question was "How much are you paying?" and most of the time, the answer was not the same (at all).

With Vanta, the price depends on several factor:

- Employee count

- Number of framework

- Years of commitment & auto-renew

- Ability to negotiate

So I played a bit with Replit, and hopefully it will help people get better with the last factor.

If needed, I can add more elements on the results page :)

It does not -> if a compliance framework requires an auditor, you will need to work with one.

However, we can recommend auditors fit for your company or, if you don't want to handle the relationship, we can do that for you (that is what we do for our customers).

The platform is not live yet (MVP will be in ~two weeks), so we are still exploring, but:

- Open core -> Feel free to self-host and have it for free.

- Cloud -> for less than 50 employees, it will be cheaper than $250 monthly (no engagement)