Compliance infrastructure for firms that carry the risk.

Written for two readers: the principal who owns the liability, and the IT team who approves the vendor. Both get specifics here, not reassurance.

Access model
Read-only scope
Source files
Never written to
Audit trail
Append-only
Security docs
On request

01Who this is for

Two readers, one document trail

An enterprise rollout has to satisfy the office that owns the liability and the department that owns the security review. Nudgy is built to answer both without asking either to compromise.

For the principal

The one who carries the risk

Your seal is on every sheet and the liability does not delegate. Nudgy gives the office a consistent second pass on every revision — the same scrutiny on the last day of a deadline as on the first — so nothing reaches the field on the strength of an exhausted read.

  • A cited punch list before every set is issued
  • One severity standard across projects and reviewers
  • A defensible record of what was checked, and when

For IT

The one who approves the vendor

No new identity platform, no password store, no agent on a workstation. Nudgy authenticates against your existing Microsoft 365 tenant with a single read-only Graph scope, retrieves only the files a project owner picks — and you can revoke access in a single action from your admin center.

  • Microsoft 365 OAuth, read-only Graph scope
  • Nothing installed, nothing to patch
  • Per-organization isolation, enforced server-side

02Rollout

One deployment, every project

Scaling Nudgy across a portfolio doesn't multiply the integration work. The platform is deployed once; each project is added as configuration on top of it.

ISO-01

Per-project isolation

Each project carries its own spec index, its own documents, and its own audit history. A team sees its projects and nothing else — enforced on every query, server-side.

M365

One tenant, read-only

Microsoft 365 access is a single read-only Graph scope, and Nudgy retrieves only the files a project owner picks. It never writes, moves, renames, or deletes a file — there is no code path that does.

+1 PROJECT

Added as configuration

The next project is a spec to index and drawings to audit — not a new deployment, a data migration, or another procurement cycle.

03Institutional memory

The record outlasts the team

Project teams rotate; records remain. Every audit across every project is preserved append-only, so a question that surfaces two years later is answered on file rather than from memory.

REVISION

Which drawing revision was audited, by file and version.

SPEC VERSION

Which version of the spec it was checked against, addenda included.

FINDINGS

Every finding, with its severity and citation, written append-only.

WHO / WHEN

Who ran the audit and when — immutable after the fact.

Isolation enforced per organization and per project

Read-only access to your Microsoft 365 files

Append-only audit record per revision

Security documentation on request

04For your reviewers

Built for the security review

Documented to the depth reviewers ask for

The access model, document lifecycle, data isolation, and full subprocessor list are written out at the level of detail a vendor review actually requires — not a trust badge, the specifics. Our published security overview covers all of it; deeper artifacts — architecture diagrams, subprocessor DPAs, and completed security questionnaires — are available under NDA on request.

Read the security overview

Onboarding and support, stated plainly

Onboarding is a working session against one of your own specs, not a slide deck. Support comes from the people who built the engine and understand spec language. We would rather set accurate expectations here than impressive ones.

Get started

See Nudgy run against one of your own specs.