I had a pretty poor experience as a startup on Vanta. Maybe this is my own ignorance, but I told them when our contract was to renew that we do NOT want to renew. We were an early-stage startup soon to shut down and didn't need it. We never touched Vanta for 10 months before this, we never got SOC-2 (it was deprioritized). Not a single login in 10 months.

Nevertheless, they said it was: too late to opt out, that it can't be canceled or postponed, and then kept emailing us endlessly and sending to collections to pay them another $10K platform fee for the next year (more than we had in the company bank account).

I understand this with large corporations, but I don't think they're a good fit for startups.