Simple, transparent pricing
Choose the plan that fits your CRA compliance needs. Every plan includes EU data residency and the full Academy.
Most Popular
Professional
For solo founders and 1–3 product manufacturers.
€59/mo
- 3 products · 3 users
- Everything in Free, plus:
- Unlimited SBOM uploads + vulnerability scanning
- Declaration of Conformity + end-user info PDFs
- Incident reporting (24h / 72h / 14d)
- 90-day activity log
- Email support (48h response)
Business
For manufacturers with multiple product lines and an active compliance team.
€199/mo
- 15 products · 10 users
- Everything in Professional, plus:
- Daily continuous vulnerability monitoring
- Public PSIRT page + security.txt
- Full document template library
- API access (1000 req/day)
- Priority support (8h) + guided onboarding
- 99.5% SLA
Enterprise
For large organisations, regulated verticals, and parent-child groups.
€749/mo
- Unlimited products · unlimited users
- Everything in Business, plus:
- Real-time vulnerability alerts
- SSO / SAML · parent-child org linking
- Full API · custom integrations
- Dedicated CSM + phone support
- 2-week guided onboarding · custom MSA
- 99.9% SLA + custom data residency
Compare plans
Every feature, across every tier.
Feature
Free
Professional
Business
Enterprise
Limits
Products
1
3
15
∞
Team members
1
3
10
∞
SBOM uploads
—
∞
∞
∞
Activity log retention
30 days
90 days
∞
∞
CRA compliance
CRA scope assessment wizard
Product classification (default / important / critical)
Annex I compliance checklist
Conformity assessment (Module A / B+C / H)
Entity-role obligations (manufacturer / importer / distributor / AR)
Notified-body tracking
SBOM + vulnerabilities
SBOM upload (CycloneDX + SPDX)
—
Component catalog
—
Vulnerability scanning (OSV.dev)
—
CISA KEV flagging
—
CVSS severity classification
—
Triage workflow + MTTR tracking
—
Actively-exploited flag
—
Continuous monitoring frequency
On-demand
Weekly
Daily
Real-time
VEX / CSAF export
—
—
Coming soon
Coming soon
Documents + PDFs
Declaration of Conformity PDF
—
End-user information sheet PDF (Annex II(3))
—
Document templates library
—
Essentials
Full library
Full + custom
Technical file builder
—
—
Coming soon
Coming soon
Custom branding on PDFs
—
—
—
Coming soon
Incident management
Incident reporting (Article 14)
—
24h / 72h / 14d deadline tracking
—
Incident report PDF exports
—
ENISA filing assistance
—
—
Coming soon
Coming soon
CVE linkage from incidents
—
Public security (PSIRT)
Public PSIRT page (/security/<slug>)
—
—
security.txt (RFC 9116)
—
—
Public vulnerability-report intake
—
—
PSIRT triage workflow
—
—
Product lifecycle
Release tracking + CVE-fixed mapping
Support-period tracking
Update-channel tracking
Training + help
Academy (10 CRA lessons)
Full access
Full access
Full access
Full access
Quizzes + PDF certificates
Team progress tracking
—
CSV export of team progress
—
By-screen lesson recommendations
CRA glossary (50+ terms)
Data + exports
GDPR data export (Art. 20)
GDPR deletion rights (Art. 17)
Activity log CSV export
—
SIEM log export
—
—
—
Coming soon
Data residency
EU
EU
EU
EU
Billing currency
EUR
EUR
EUR
EUR
Integrations
REST API access
—
—
1000 req/day
Unlimited
Webhooks
—
—
Coming soon
Coming soon
SSO / SAML
—
—
—
Coming soon
Parent-child org linking
—
—
—
Coming soon
Market-surveillance evidence bundle
—
—
—
Coming soon
Security
Two-factor authentication (TOTP)
Role-based access (5 roles)
Multi-admin deletion confirmation
Coming soon
Coming soon
Coming soon
Coming soon
Audit log
Row-level security (org isolation)
Abuse rate-limiting on public endpoints
Support
Support channel
Community
Email
Priority email + live chat
Dedicated CSM + live chat
Onboarding
Self-serve
Self-serve
1h guided call
2-week guided
Custom MSA / legal terms
—
—
—