How Lemonade Saved 80% of Time Using Drata’s Continuous Compliance Automation

Lemonade Case Study

Lemonade is a full-stack digital insurance carrier built to provide the best, most delightful, and most transparent insurance experience. Built on social impact, users can sign up instantly to cover their stuff, home, pets, family, and car all within one app.

LocationNew York, NY
IndustryInsurance SaaS
How automated evidence collection and customizable control mapping streamlines Lemonade’s compliance success.

About Lemonade

Lemonade is a consumer-focused insurance company that operates in the U.S. and Europe.

The Challenge

Audits are not fun. I’ve spent well over 200 hours before using Drata just in preparing for and dealing with our SOC 2 audit. If I added in everybody else’s time, I’ve loosely calculated that it’s between 500 to 600 hours of time spent preparing for an audit before using a compliance automation platform like Drata.

At a late-stage growth company like ours—where we’re still developing new product and trying to keep up with the market—that is a lot of time taken away from delivering product. It’s a waste of time in terms of efficiency, and it gets in the way of other important projects like improving overall security for the company.

The Experience

Drata has been great for automating evidence collection. I find it really flexible, and I’m able to make my own control framework. I’m making one specifically around Sarbanes-Oxley’s IT general controls, and we’ve spent less time doing those things that were once manual. I expect I’ll be able to reduce the time that my team and I have to put in by probably 60 to 80 percent.


I just ran a SOC 2 audit with Drata that we completed in January. I actually didn’t think it was true because I heard almost nothing from the auditor until late January, where she said, ‘Okay, we have a draft ready of your final audit.’ I had only been on the phone for about 4 hours with her—which was 1/10th of the amount of time I had anticipated to spend with the auditor. I spent about 35 to 40 hours collecting evidence and was able to rely upon other people for significantly less.

The auditor called to say, ‘Well, your audit is basically done. We just want you to review the draft with zero nonconformities.’ Let’s just say it’s liberating.

Resources for you
G2 Reports Social LinkedIn 1200x627@3x

Drata Named a Cloud Compliance Leader in G2 Spring 2023 Reports

Media - Drata's Continued Support of Auditor Alliance

Drata’s Declaration of Continued Audit Independence

4 States Cybersecurity Laws

4 States Passed Nearly Half of All New Cybersecurity Laws Enacted Across the US in 2022

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.