Simple, transparent pricing

Choose the plan that fits your CRA compliance needs. Every plan includes EU data residency and the full Academy.

Free

Explore CRA requirements for one product.

€0/mo

1 product · 1 user
CRA scope assessment + product classification
Full compliance checklist (Annex I)
Academy + glossary (full access)
30-day activity log
Community support

Professional

For solo founders and 1–3 product manufacturers.

€49/mo

3 products · 3 users
Everything in Free, plus:
Unlimited SBOM uploads + vulnerability scanning
Declaration of Conformity + end-user info PDFs
Incident reporting (24h / 72h / 14d)
90-day activity log
Email support (48h response)

Business

For manufacturers with multiple product lines and an active compliance team.

€179/mo

15 products · 10 users
Everything in Professional, plus:
Daily continuous vulnerability monitoring
Public PSIRT page + security.txt
Full document template library
API access (1000 req/day)
Priority support (8h) + guided onboarding
99.5% SLA

Need more than Business?

For large portfolios, regulated verticals, SSO, parent-child groups, or a custom SLA, we build a plan and price around your requirements.

Unlimited products and team members
SSO / SAML · parent-child org linking · real-time alerts
Dedicated CSM, guided onboarding, and a custom MSA

Compare plans

Every feature, across every tier.

Feature

Free

Professional

Business

Limits

Products

Team members

SBOM uploads

—

∞

Activity log retention

30 days

90 days

∞

CRA compliance

CRA scope assessment wizard

Product classification (default / important / critical)

Annex I compliance checklist

Conformity assessment (Module A / B+C / H)

Entity-role obligations (manufacturer / importer / distributor / AR)

Notified-body tracking

SBOM + vulnerabilities

SBOM upload (CycloneDX + SPDX)

—

Component catalog

—

Vulnerability scanning (OSV.dev)

—

CISA KEV flagging

—

CVSS severity classification

—

Triage workflow + MTTR tracking

—

Actively-exploited flag

—

Continuous monitoring frequency

On-demand

Weekly

Daily

VEX / CSAF export

—

Coming soon

Documents + PDFs

Declaration of Conformity PDF

—

End-user information sheet PDF (Annex II(3))

—

Document templates library

—

Essentials

Full library

Technical file builder

—

Coming soon

Incident management

Incident reporting (Article 14)

—

24h / 72h / 14d deadline tracking

—

Incident report PDF exports

—

ENISA filing assistance

—

Coming soon

CVE linkage from incidents

—

Public security (PSIRT)

Public PSIRT page (/security/<slug>)

—

security.txt (RFC 9116)

—

Public vulnerability-report intake

—

PSIRT triage workflow

—

Product lifecycle

Release tracking + CVE-fixed mapping

Support-period tracking

Update-channel tracking

Training + help

Academy (10 CRA lessons)

Full access

Quizzes + PDF certificates

Team progress tracking

—

CSV export of team progress

—

By-screen lesson recommendations

CRA glossary (50+ terms)

Data + exports

GDPR data export (Art. 20)

GDPR deletion rights (Art. 17)

Activity log CSV export

—

Data residency

Billing currency

EUR

Integrations

REST API access

—

1000 req/day

Webhooks

—

Coming soon

Security

Two-factor authentication (TOTP)

Role-based access (5 roles)

Multi-admin deletion confirmation

Coming soon

Audit log

Row-level security (org isolation)

Abuse rate-limiting on public endpoints

Support

Support channel

Community

Priority email + live chat

Onboarding

Self-serve

1h guided call