EU AI Act Hochrisiko-Compliance ab August 2026. ·DSGVO-konform·Server in Deutschland
For audit firms · BAIT · VAIT · DORA

One auditor seat. Twenty to forty client environments. Zero per-engagement procurement.

EverHarden as part of your audit workflow. Per-seat pricing for your team, white-label PDF for the client report, API for embedding scans into your existing tooling. Built for TÜV-class auditors and BaFin-aligned Prüfer who handle BAIT, VAIT, and DORA assessments for EU-regulated SaaS.

Why audit firms use EverHarden

Indirect prompt injection on public web content is a new attack class your existing audit toolchain doesn't see. We give you the scan; you keep the audit relationship.

01 / WHITE-LABEL PDF

Your branding, your report

Report cover, footer, and disclaimer match your audit firm's brand. The audit fingerprint stays yours; EverHarden is a tool in your stack, not a co-signature on the report. Available today.

02 / BATCH-SCAN API [Q3 2026]

Bulk evidence collection

HTTP API to queue scans across a portfolio of client environments in one call, retrieve findings, attach evidence to your existing engagement record system. Webhook for completion. JSON output for spreadsheet pipelines. Q3 2026 — early-access slots available for design-partner firms.

03 / CLIENT MGMT DASHBOARD [Q3 2026]

Portfolio view across engagements

One screen showing every client environment under audit, last scan date, open finding counts by severity, remediation status. Per-auditor seat assignment. Q3 2026 — Practice + Firm tiers get it first.

REGULATORY FRAMING

Indirect prompt injection is increasingly named in ICT risk audits under DORA Art. 9 RTS and BAIT / VAIT Section 5. EverHarden gives you a defensible evidence artifact for that line item.

Per-seat pricing

Volume bands reflect how many active scans a typical audit firm runs against client environments per quarter. Pricing scales with seats, not per-scan — so your engagement margins stay yours.

Starter
10 seats
~200 client environments / quarter
  • 10 active auditor seats
  • Unlimited scans during license term
  • White-label PDF (your branding on cover + footer)
  • API access (scan, retrieve, webhook)
  • Email support, 1 business-day response
Request quote →
Practice · most common
25 seats
~500 client environments / quarter
  • 25 active auditor seats
  • Unlimited scans during license term
  • White-label PDF + custom report templating
  • API access + webhook + Postman collection
  • Quarterly review call (operator + your practice lead)
  • Priority response (4-business-hour SLA)
Request quote →
Firm
50 seats
~1,000 client environments / quarter
  • 50 active auditor seats
  • Unlimited scans during license term
  • White-label PDF + custom report templating
  • API access + webhook + dedicated integration support
  • Monthly review call (operator + your practice lead)
  • Same-day response SLA for active engagements
  • Co-marketing on request (one joint research note / year)
Request quote →

Pricing is per-firm and depends on seat count, annual scan volume, and white-label / API scope. We quote on a single discovery call (30 minutes) and start with a friendly pilot — one of your client engagements at no cost — so you can validate the workflow before signing the license. Larger firms (>50 seats) and group-level licenses negotiated separately.

Friendly pilot — one engagement at no cost

Before any license commitment, we run EverHarden against one of your active client engagements at no cost, deliver the report in your white-label format, and join one of your audit calls if useful. You evaluate the actual workflow on a real engagement — not a demo dataset.

Case study

Case study coming Q3 2026 — once a friendly-pilot firm completes their first engagement and consents to a named attribution. We deliberately keep this block empty rather than fabricate a quote; if you want to be the first named reference, the friendly-pilot offer above is open.

DSGVO + Server-in-Deutschland

Auditors care about data lineage more than end customers. Here's what we tell you on the first call so you can put it directly into your engagement memo.

DATA RESIDENCY

All scans, findings, and generated reports stay on Hetzner Falkenstein / Nürnberg. No US edge transit, no third-country processing. No cloud-provider data-classification escape hatches.

AVV / SCOPE

Auftragsverarbeitungsvertrag (Art. 28 DSGVO) provided on license signing. Scope is restricted to publicly-reachable URLs only — no authenticated areas, no customer data, no credentials, no PII ingestion.

Full Datenschutzerklärung · Impressum · operator established in DE (Einzelunternehmer, Fellbach)

Für deutsche Prüfungspraxen

Wer EverHarden im DACH-Markt einsetzt, bekommt das hier in deutscher Sprache:

Auf Deutsch

Eine Prüfer-Lizenz. 20–40 Mandanten. Kein Beschaffungs-Marathon je Engagement.

EverHarden lässt sich als Werkzeug in Ihren bestehenden Prüfungs-Workflow einbetten — per-Seat-Lizenz für Ihre Prüfergruppe, White-Label-PDF mit Ihrem Branding für den Mandantenbericht, API zur Integration in Ihre Audit-Workflow-Tools. Konzipiert für TÜV-nahe Prüfer und BaFin-orientierte BAIT/VAIT/DORA-Prüfungspraxen, die für regulierte SaaS-Anbieter prüfen.

Vertragsstruktur: Lizenzvertrag zwischen EverHarden und Ihrer Prüfungspraxis. Auftragsverarbeitungsvertrag (Art. 28 DSGVO) bei Vertragsabschluss. Server in Deutschland (Hetzner Falkenstein/Nürnberg) — kein Datenexport in Drittländer.

Friendly Pilot vor Lizenzvertrag: Einen Ihrer aktiven Prüfaufträge übernehmen wir kostenlos als Pilot — Sie evaluieren den Workflow an einer echten Engagement, nicht an einer Demo-Vorlage. Ergebnis: Whitelabel-Report + ein Audit-Call mit unserem Operator, falls hilfreich.

Direkter Kontakt: auditors@erpforgeai.de

Audit-firm pilot — zero cost, one engagement.

One discovery call (30 min), one of your active client engagements piloted at no cost, white-label report in your branding, optional join on your audit call. Then we quote.

Email auditors@erpforgeai.de →
Direct reply within 48h · No mailing list · No tracking