// overview

What Oneleet Does

Oneleet is a security-first compliance platform founded in 2022 by Bryan Onel, Ora Onel, and Erik Vogelzang. Part of Y Combinator's S22 batch, the company is based in Amsterdam and has raised $35M in total funding, including a $33M Series A led by Dawn Capital in October 2025. Notable investors include Dropbox co-founder Arash Ferdowsi and former Snowflake/ServiceNow CEO Frank Slootman.

What sets Oneleet apart is its founding team: professional penetration testers who spent over a decade breaking into Fortune 500 companies. Rather than treating compliance as a checkbox exercise, Oneleet starts with actually making companies secure and then uses that security posture to achieve certifications like SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, NIST 800-171, and DORA.

The platform bundles compliance automation with built-in penetration testing, dark web monitoring, code scanning, mobile device monitoring, and virtual CISO guidance. With $9M+ ARR and a 4.9/5 G2 rating, Oneleet has carved out a niche among startups and growth-stage companies that want genuine security, not just a certificate on the wall.

best for

▸Startups and growth-stage companies that need SOC 2 or ISO 27001 to close enterprise deals but also want genuine security improvements, including pen testing and vulnerability scanning, in one package.

not ideal for

▸Large enterprises needing to manage 5+ frameworks simultaneously (Oneleet handles frameworks sequentially, not in parallel). Companies with urgent deadlines under 4 weeks. Organizations needing deep integrations with niche tools beyond the ~20 supported platforms. Budget-constrained teams who only want basic compliance automation, since the bundled pricing includes pen testing and vCISO whether you need them or not.

// pricing

Pricing

Starting price ~$12,000/yr (estimated from user reports)

Pricing model Custom/enterprise only

Free trial No

Free tier No

Pricing disclosed No

Starts around $12K/yr for small teams. Mid-sized SaaS companies with multiple frameworks can exceed $50K/yr. Price includes pen testing (normally $5K-$10K separately), platform access, monitoring, vCISO time, and audit support. No self-serve signup; requires live demo for scoped proposal.

Full Pricing Breakdown → View Oneleet Pricing Page →

// at a glance

Frameworks, Features & Integrations

Frameworks

SOC 2

ISO 27001

HIPAA

PCI DSS

GDPR

FedRAMP

CCPA

NIST

DORA

Total 10+

Features

Evidence collection Partial

Continuous monitoring

Auditor portal

Vendor risk mgmt

Pen testing

Trust center

Security Q&A

API access

Policy mgmt

Employee training

Integrations

Total count 20+

AWS

GCP

Azure

GitHub

Jira

Slack

Key platforms: AWS, Azure, GCP, GitHub, GitLab, Google Workspace, Microsoft 365, Cloudflare, DigitalOcean, JumpCloud, Slack, Okta, Vercel, Supabase, Zoom

// ratings

Ratings & User Sentiment

G2

4.9 ★★★★★

125 reviews

Read G2 Reviews →

what users praise

▸Expert vCISO support available for hands-on help with audit prep, risk management, and even weekend security emergency calls
▸Bundled penetration testing and code scanning provide real security improvements, not just compliance paperwork
▸Easy to use with fast SOC 2 readiness (4-6 month Type 2 timeline commonly cited by users)

what users criticize

▸Limited integrations (~20 vs competitors' 300+), requiring manual evidence uploads for unsupported tools
▸No public pricing and bundled all-in-one cost structure means you pay for services you may not need. Some report rising costs after onboarding.
▸Handles frameworks sequentially (not in parallel) and onboarding takes 2-3 weeks

👤

Typical Customer

Series A-C startup with 30-300 employees needing SOC 2 to close enterprise sales, led by a CTO or security-conscious founder who values actual security over just getting a certificate.

// compare

Oneleet Comparisons

Ready to evaluate Oneleet?

Visit their site to request a demo and get current pricing for your team size.

Visit Oneleet →

Data sources: Pricing and features from vendor website, G2, and Capterra. Re-verified every 90 days. Last check: Mar 2026. Next re-check: June 2026. Spot an error? Report it.