OneTrust and Vanta are documentation-first compliance platforms. They help you track what your policies say and generate reports for auditors. Aguardic is enforcement-first. We evaluate every AI action against your installed policies in real time and block, warn, or log based on your enforcement mode. When the Colorado Attorney General asks for evidence of reasonable care, we export the actual record of enforcement decisions. Both approaches can coexist. Most teams use both.

Model-level safety features filter harmful outputs and prompt injections at the model layer. Aguardic operates above the model layer to enforce regulatory obligations. Bedrock Guardrails won't tell you whether your AI satisfies Sec. 6-1-1703(2) of the Colorado AI Act or generate audit evidence formatted for the Colorado AG. We enforce policies that map to specific statute sections across every model you use: OpenAI, Anthropic, Gemini, custom models. The two layers complement each other.

Aguardic integrates with OpenAI, Anthropic, Gemini, GitHub, GitLab, Bitbucket, Google Drive, Dropbox, OneDrive, Slack, Microsoft Teams, Gmail, and Outlook via OAuth. For AI embedded directly in your application code, our Node SDK is available today, with Python and Go SDKs coming soon. If your AI stack isn't natively supported, we work with you directly to add integration.

Policy packs auto-update when regulators issue implementing rules or amendments. When Colorado AI Act was delayed by SB 25B-004 in August 2025, our policy pack updated within the week. When the EU AI Office issues Article 9 guidance, our EU AI Act pack updates to reflect it. You see the update in your changelog with citations to the source document.

No. Aguardic is not a law firm and does not provide legal advice. Our coverage matrices, policy packs, and audit evidence are tools to help you demonstrate compliance with specific regulations. Your legal counsel should review the evidence before you rely on it in a regulatory proceeding. We cite specific statute sections to make counsel's review faster, but we do not replace counsel.

No, and any vendor that does is lying to you. Compliance with regulations like the Colorado AI Act requires both software enforcement, which we provide, and human judgment calls, which we don't. Our coverage matrix honestly shows what Aguardic covers, partially covers, and does not cover for each regulation. Full compliance requires your counsel, your operators, and your organization's judgment on top of the evidence we generate.

Aguardic generates evidence that supports your affirmative defense, for example the Colorado AI Act's rebuttable presumption under Sec. 6-1-1706 for deployers aligned with NIST AI RMF. Whether that evidence is sufficient in any specific enforcement action depends on the facts, the agency's judgment, and your legal defense. We do not indemnify customers against regulatory fines. Our terms of service specify this clearly.

SOC 2-aligned architecture with Type II audit in preparation. AES-256 for data at rest. AES-256-GCM for integration credentials. TLS 1.2+ for data in transit. Organization-level data isolation at the database layer: your data is never accessible to other organizations. Full security documentation is available at /security.

Only the access you grant through OAuth scopes. For most integrations we request read-level access to evaluate AI actions. For enforcement actions like blocking a violation, the scopes required are higher and explicitly disclosed before you authorize. If you want to evaluate without touching the request path, monitor-only mode records every policy evaluation without blocking or warning.

Monthly plans cancel any time with no cancellation fee. Annual plans renew annually unless you cancel before the renewal date. Data export is always available during your subscription and for 30 days after cancellation. Specifics are in our terms of service.

For customers with AI deployed through supported OAuth integrations, onboarding is typically 30 to 60 minutes end to end: installing the policy pack, connecting integrations, and generating first evidence in the same session. For customers with AI embedded in production application code, SDK integration is work on your engineering team's side, and we support you through it directly. A 30-minute working session with our team is the fastest way to understand what implementation looks like for your specific architecture.

Growth is $499/month with 50,000 policy evaluations, 15 integrations, and 10 seats. Business is $1,299/month with 250,000 evaluations, 50 integrations, and 50 seats. Enterprise is custom — SSO/SCIM, dedicated CSM, custom SLA, HIPAA BAA. Every paid plan includes all major compliance policy packs at no extra cost. 14-day free trial, no credit card.

No. Every paid plan includes all major compliance policy packs — Colorado AI Act, EU AI Act, HIPAA, SOC 2, NIST AI RMF, ISO 42001, AIUC-1, and more — at no extra cost. Packs auto-update when regulators issue implementing rules or amendments. We don't charge per pack, per regulation, or per control. The only cost drivers are scale (evaluations, integrations, seats) and the enterprise-grade features gated to Business and Enterprise.