Compliance, without the theatre.

Why PolicyForge exists

Writing the policies required by ISO 27001, SOC 2 or GDPR takes weeks and burns consulting budget — yet 80% of the content is common to every organisation. Startups and SMEs end up either copy-pasting templates found online (inconsistent, unmaintained) or paying a consultant by the day. PolicyForge industrialises this documentary layer: control-aligned templates, tailored by a wizard, exportable and versioned — so you keep your consulting budget for what actually matters.

Who is behind it

PolicyForge is published by NAGASHIELD SECURITY, a French cybersecurity company founded by Vyrhak SATH. NAGASHIELD SECURITY builds tooling and helps organisations with governance, risk and compliance (GRC). PolicyForge was born from a field observation: the same policies were being rewritten over and over, with no dedicated tool.

Our principles

• Verifiable, not declarative

  Our own security posture is documented publicly on the Trust page: EU hosting, encryption, RLS, MFA, audit log, DPA, security.txt.

• No false promises

  No fake testimonials, no invented customer logos, no unverifiable superlatives. We state what the tool does — and what it does not.

• EU by default

  Your data and your customers’ data stay in the EU. It matters for NIS2, HDS and DORA.

• You stay in control

  Free PDF/DOCX export, self-service GDPR export and deletion. No captive lock-in of your documents.