Answer security questionnaires with evidence-backed AI.
PacketProof helps EU SaaS, IoT, and software vendors collect security evidence, map it to CRA / NIS2 / ISO 27001 readiness requirements, and generate answers for customer security questionnaires — every answer cited from your own evidence, never hallucinated.
PacketProof is a preparation tool. It is not a substitute for legal counsel or an accredited auditor.
What you get
Evidence Vault
Central, workspace-scoped store for policies, attestations, screenshots, and URLs. Magic-byte verification on uploads. RLS keeps every workspace's evidence isolated.
Readiness mapping
Three seeded frameworks (CRA, NIS2, ISO 27001) with weighted readiness percent + gap surfacing. Add your own custom framework with the requirements your customers actually ask about.
Questionnaire automation
Upload a customer's CSV, we parse the questions and your team reviews evidence-backed AI drafts before exporting clean CSV answers.
Evidence-backed AI
Drafts cite your own evidence ids — when no match exists we return a documented gap with a recommended next action. Raw evidence files, source URLs, and storage filenames are never sent to the AI provider.
Audit log + notifications
Append-only audit log with PII-safe metadata. In-app bell + email digests for invites, role changes, AI quota warnings, and evidence expiry.
EU-first, RLS-enforced
Vercel Frankfurt, Supabase EU, Stripe EU. Per-workspace Row Level Security enforced at the database — application bugs cannot leak across tenants.
How it works
Create a workspace
Sign up, name your workspace, invite teammates with the role they need. Owner / admin / editor / viewer.
Add evidence
Upload policies, screenshots, attestations, or paste URLs. Each item has an optional expiry so you can chase renewals before auditors do.
Map evidence to readiness
Open a framework (CRA, NIS2, ISO 27001), open a requirement, link evidence with a status: covered / partial / gap.
Upload a customer questionnaire
Drop the CSV. The parser auto-detects the question column. Up to 500 questions per file.
Generate evidence-backed drafts
Owner accepts the AI Data Processing addendum once; editors generate drafts. Each draft cites the evidence ids it used; missing-evidence questions are flagged as gaps.
Review and export
Approve, edit, or reject each draft. Export the reviewed answers as CSV with the disclaimer line. Audit log records every action.
Security & privacy by design
- Per-workspace Row Level Security in Postgres — application bugs cannot leak across tenants.
- Append-only audit log; PII-safe metadata (no card data, no raw email local part, no invite tokens).
- Stripe-hosted checkout + customer portal — payment cards never touch PacketProof.
- Raw evidence files, source URLs, and storage filenames are never sent to AI; only the question, evidence ids + titles, capped descriptions, and capped extracted-text excerpts for text-format evidence.
- Anti-enumeration on auth, invite, and workspace lookup endpoints.
- Constant-time secret compare on internal cron endpoints.
Frequently asked
Does PacketProof certify my product?
No. PacketProof is readiness tooling. It tracks coverage of evidence you have recorded against framework requirements you map. Certification is a separate process by an accredited auditor.
Can the AI hallucinate an answer?
Drafts are constrained to cite your own evidence ids. When no matching evidence exists the AI returns a documented gap with a recommended next action — never a fabricated answer.
Where is my data stored?
Vercel Frankfurt for the app, Supabase EU for data, Stripe EU for billing. AI inference defaults to OpenAI; you can point it at Azure OpenAI EU via env config.
How does the free plan compare to paid?
Free includes a single-member workspace, full Evidence Vault, manual readiness mapping, and questionnaire upload — no AI generation and no CSV export. Paid plans add monthly AI quota, CSV export, and higher member caps.
Do you send marketing emails?
No. Email is used for transactional purposes only — invite links, optional notification digests you can disable, and password reset.
Stop dreading the next questionnaire.
Sign up free, add a few evidence items, and answer your first questionnaire with citations in minutes.