How Lemonade Saved 80% of Time Using Drata’s Continuous Compliance Automation

Asset Lemonade v2

Lemonade is a full-stack digital insurance carrier built to provide the best, most delightful, and most transparent insurance experience. Built on social impact, users can sign up instantly to cover their stuff, home, pets, family, and car all within one app.

LocationNew York, NY
IndustryInsurance SaaS
How automated evidence collection and customizable control mapping streamlines Lemonade’s compliance success.

About Lemonade

Lemonade is a consumer-focused insurance company that operates in the U.S. and Europe.

The Challenge

Audits are not fun. I’ve spent well over 200 hours before using Drata just in preparing for and dealing with our SOC 2 audit. If I added in everybody else’s time, I’ve loosely calculated that it’s between 500 to 600 hours of time spent preparing for an audit before using a compliance automation platform like Drata.

At a late-stage growth company like ours—where we’re still developing new product and trying to keep up with the market—that is a lot of time taken away from delivering product. It’s a waste of time in terms of efficiency, and it gets in the way of other important projects like improving overall security for the company.

The Experience

Drata has been great for automating evidence collection. I find it really flexible, and I’m able to make my own control framework. I’m making one specifically around Sarbanes-Oxley’s IT general controls, and we’ve spent less time doing those things that were once manual. I expect I’ll be able to reduce the time that my team and I have to put in by probably 60 to 80 percent.


I just ran a SOC 2 audit with Drata that we completed in January. I actually didn’t think it was true because I heard almost nothing from the auditor until late January, where she said, ‘Okay, we have a draft ready of your final audit.’ I had only been on the phone for about 4 hours with her—which was 1/10th of the amount of time I had anticipated to spend with the auditor. I spent about 35 to 40 hours collecting evidence and was able to rely upon other people for significantly less.

The auditor called to say, ‘Well, your audit is basically done. We just want you to review the draft with zero nonconformities.’ Let’s just say it’s liberating.

Resources for you
SOC 2 Points of Focus

Everything You Need to Know About the Revised Points of Focus for the SOC 2 Trust Services Criteria

List Shift Left Security

What is Shift Left Security and Why Should Businesses Incorporate It?

List 13 states with comprehensive privacy laws

These Are the 13 States With Comprehensive Consumer Privacy Protection Laws

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.