EU-hosted · GDPR-compliant by architecture

Compliance made simple for companies that have better things to do.

Norman is your AI compliance analyst. ISO 27001, SOC 2, GDPR, NIS 2 — in plain English, proportionate to your size, with one-click remediation.

Start free in 2 minutesWatch a 2-min demo
Free to start14-day trial on paid plansNo credit card requiredEU data residency
app.trynorman.com/dashboard
N
Norman AI
Dashboard
Gap Analysis
Policies
Risk Register
Vendors
Certifications
Questionnaires
Trust Center
Good morning, Dylen.
N
Norman's briefing
You're 89% ready for SOC 2. Fix GAP-05 today — I can draft the encryption policy in 2 minutes.
ISO 27001
SOC 2
GDPR
Open gaps
17
Policies
8
Risks
17
Vendors
12

What 47 gaps turn into when Norman reads your policies.

How it works

Three steps. No hand-holding required.

Norman does the compliance work you'd otherwise hire a consultant for — only faster, always on, and you stay in control.

01
Scan your website
Paste your URL. Norman reads your site, figures out what you do, where your data lives, and which frameworks apply.
5 seconds
02
Upload your policies
Drop any PDF or Word doc. Norman reads every line, maps it to controls across all 6 frameworks, and flags the gaps in plain English.
Under a minute
03
Fix the gaps
Every gap has a one-click remediation. Norman drafts the policy, opens a vendor assessment, or reminds your CTO.
Minutes, not months
Every framework

One source of truth for all your compliance.

Norman doesn't make you pick. Fix a control for ISO 27001, and it automatically closes the matching gaps in SOC 2 and GDPR.

ISO 27001:2022
ISO 42001:2023
SOC 2 Type II
GDPR
NIS 2
NIST CSF 2.0

Included in every paid tier. No per-framework upsells. Ever.

N
Your AI compliance analyst
Norman
15 years across ISO 27001, SOC 2, GDPR, NIS 2 — and available 24/7.

Not another checkbox tool. A compliance analyst who sits next to you.

Most compliance software dumps 47 controls on your screen and wishes you luck. Norman does the opposite. He reads your policies the way a senior auditor would, explains what's missing in language a founder can actually follow, and proposes the single most important action you should take today.

He's proportionate. He tells a 5-person startup what to ignore, not what a 500-person bank needs.

N

Your Information Security Policy is 11 months old. Best practice is annual review. Want me to scan it against your updated context?

N

Fixing GAP-01 first closes 4 gaps across 3 frameworks at once. I can draft the breach response plan in 2 minutes — should I start?

Why Norman

Not built for 500-person banks. Built for you.

Enterprise compliance tools start at €22,000/year and assume you have a dedicated security team. Norman doesn't.

Norman AI
Vanta, Drata, Sprinto
Starting price
€29/mo
€22,000+/year
Proportionate advice
Built into the model
One-size-fits-all
EU data residency
Frankfurt · GDPR by architecture
US-hosted · CLOUD Act applies
Plain-English explanations
Every finding, every time
Framework codes (CC6.1, A.5.15)
Time to first useful output
~5 minutes
Days of onboarding calls
Cross-framework deduplication
Fix once, close across all
Framework-by-framework silos
Built in Europe

Your data. Stays here.

Every byte of customer data Norman touches lives in Frankfurt, Germany. Every inference runs in the EU. Every contract is governed by Belgian and EU law.

We are not subject to the US CLOUD Act. We are not subject to FISA §702. Your compliance data doesn't sit one subpoena away from a US authority.

Primary region
Frankfurt
Supabase EU · Vercel fra1
Governance
Belgian
EU law · BE company
Data residency
Frankfurt
50.1109° N · 8.6821° E
GDPR-nativeNot CLOUD ActEU-only inferenceZero retention
From €29/month. Or free, forever, for small teams.
Every paid tier includes all 6 frameworks · No per-framework upsells · 14-day trial · Cancel anytime
See full pricing →

Ready to stop dreading compliance?

Free forever for small teams. €29/month when you're ready to scale.

Start free — no credit cardBook a 15-min call