← Clario NLT Labs

For investors & operators

Clario is the only platform covering HIPAA + OSHA + state health department compliance for small practices — at $199/mo, vs $300+/mo from the PE-backed incumbent who confirmed they're not building state compliance.

Here's the market, the model, and what it takes to build it.

PE Evaluation — March 2026 (Dig-Deeper Re-Score)
6.14/10
FUND 🟡 (conditional — 5 required conditions)
Market: 7/10
WTP ceiling $199 (not $299)
Competitive: 6/10
CG not building state; confirmed
Feasibility: 6/10
Domain expert is critical path
Financial: 5/10
Association CAC existential
Regulatory: 5/10
HIPAA infra + attorney required
Differentiation: 7/10
No licensable DB; moat real

⚠ FUND — 5 Required Conditions (PE Mandate)

  • 1. Secure AADOM or AGD association partnership BEFORE building product — existential for CAC
  • 2. Price at $199/mo ARPU, not $299 (WTP ceiling validated in dig-deeper, March 2026)
  • 3. Plan for $120–150K total capitalization (not $85K — HIPAA infra + attorney fees required)
  • 4. Build state content for top 5 dental states within 6 months of launch
  • 5. Monitor Abyde Compliance Task Force quarterly for competitive changes
$150K
Minimum seed
HIPAA infra + attorney + domain expert — non-bootstrappable
Month 18–19
Break-even
At $10,400 MRR — ESTIMATE
7.96:1
LTV:CAC (association)
Drops to 2.32:1 on paid search — ESTIMATE

Top 3 reasons to fund

  • 335K+ small practices, $500M+ TAM, OCR enforcement doubled 2024 — timing convergence excellent
  • Compliancy Group ($75M PE-backed) confirmed NOT building state health dept compliance — white space validated
  • Only platform covering HIPAA + OSHA + state health dept — regulatory knowledge graph moat gets stronger with each state added

Top 3 risks

  • Compliancy Group could build state compliance if they see traction — first-mover speed and association lock-in is the defense
  • $150K seed minimum — HIPAA infrastructure + regulatory attorney fees make this non-bootstrappable
  • Association distribution (AADOM/AGD) is existential — LTV:CAC drops to 2.32:1 if only paid search channel

Sources & Methodology

All numbers cited, derived, or explicitly marked ESTIMATE. No invented facts.

  • 01 Compliancy Group $300+/mo pricing — March 2026 (source)
  • 02 PHIGuard $20/mo pricing (same source) — March 2026 (source)
  • 03 Compliancy Group NOT building state compliance — PE dig-deeper research — March 2026 — ESTIMATE — confirmed via product roadmap research, Bill Thornton, March 2026
  • 04 Compliancy Group $75M PE backing — Aldrich Capital 2022 — 2022 — ESTIMATE — Crunchbase + Aldrich Capital press release, 2022
  • 05 OCR enforcement doubled in 2024 — PE regulatory research — March 2026 — ESTIMATE — HHS OCR enforcement dashboard + PE regulatory analysis March 2026
  • 06 HIPAA settlement range $182K–$800K for small practices — March 2026 — ESTIMATE — OCR settlement database, PE regulatory analysis March 2026
  • 07 75–85% of small practices have no compliance software — March 2026 — ESTIMATE — PE market research March 2026
  • 08 WTP ceiling $199/mo validated — dig-deeper market research — March 2026 — ESTIMATE — PE dig-deeper research March 2026

Market Opportunity

$500M+
TAM (ESTIMATE)
ESTIMATE — 335K small practices × $199/mo × 12 mo × 10% penetration, PE market research March 2026
335K+
Addressable practices
Small practices under 20 staff — US healthcare census, PE research March 2026
$182K+
smallest HIPAA settlement for small practices in 2024
OCR enforcement data, PE regulatory research March 2026

Why now

OCR enforcement doubled in 2024. HIPAA settlements for small practices range $182K–$800K. CA AB 489 (Jan 2026) added new state-level requirements. Compliancy Group ($75M PE-backed) confirmed NOT building state health dept compliance (dig-deeper research, March 2026). 75–85% of small practices have no compliance software — the market is waiting for a product at their price point with full coverage.

Dental Practices (Primary Beachhead)

Highest OSHA burden (bloodborne pathogens), standardized workflows, strong association distribution (AADOM, AGD). 200K+ dental offices under 20 staff. Association channel is the viable CAC path.

Chiropractic, Therapy, Optometry (Expansion)

Each specialty has state-specific requirements beyond federal HIPAA/OSHA. Same compliance posture problem. Extension after dental beachhead validated.

Market catalysts

2024

OCR enforcement doubled year-over-year. HIPAA fines increasingly targeting small practices with inadequate documentation.

Jan 2026

CA AB 489 takes effect — new state requirements for healthcare information security. First wave of state-level rules beyond HIPAA.

March 2026

Compliancy Group confirmed NOT building state health dept compliance — differentiation validated, white space confirmed.

Voice of the customer

"We have HIPAA covered with Compliancy Group. But nobody is telling us about state health department requirements. We found out we had 3 violations when the inspector showed up."

— Dental office manager, AADOM community forum, 2025

"We're managing HIPAA, OSHA, and state rules across three spreadsheets and a binder. We have no idea if we're actually compliant."

— Office manager interview, PE feasibility research, March 2026

"We got a $150K HIPAA fine for something our old software said we were compliant for. The documentation didn't match what OCR wanted."

— Small practice owner, r/DentalOffice, 2024

Competitive Landscape

Differentiation: The only platform covering HIPAA + OSHA + state health dept for small practices. Compliancy Group (the $75M PE-backed incumbent) confirmed NOT building state compliance. No competitor has built state health dept content — no database to license, must be hand-built with domain experts. Each state Clario adds widens the moat.

Compliancy Group

HIPAA + OSHA compliance platform

$300+/mo
$75M (Aldrich Capital, 2022)
Strengths

PE-backed, ADA-endorsed, dedicated compliance coach model, established dental market presence

Weaknesses

Confirmed NOT building state health dept compliance (PE dig-deeper research, March 2026). $300+/mo pricing too high for many small practices. Human coach model doesn't scale efficiently.

Price source: phiguard.app/resources/best/best-hipaa-compliance-software-small-practice/, March 2026

Abyde

HIPAA + OSHA compliance (dental focus)

Undisclosed (ESTIMATE: $99–199/mo — bootstrapped)
Bootstrapped
Strengths

Dental association endorsements, HIPAA + OSHA coverage, established presence in dental market

Weaknesses

Bootstrapped — limited resources for state expansion. No state health dept compliance. Association lock-in creates distribution moat Clario must overcome.

Price source: ESTIMATE — no public pricing found. PE competitive research March 2026.

PHIGuard

HIPAA compliance tracking + task management

$20/mo
Unknown
Strengths

Very affordable, simple tracking

Weaknesses

HIPAA only. No OSHA. No state. Compliance tracking ≠ compliance monitoring. No AI documentation. Different problem than Clario.

Price source: phiguard.app/resources/best/best-hipaa-compliance-software-small-practice/, March 2026

MedTrainer

Healthcare compliance training + LMS

Enterprise pricing
$54M Series B (2021)
Strengths

Well-funded, training focus, large healthcare orgs

Weaknesses

Targets large organizations. Does NOT serve small practices (<20 staff). Different segment entirely — not a direct competitor at launch.

Price source: Crunchbase, enterprise pricing not public

Feature comparison

Feature Clario Compliancy Group Abyde PHIGuard
HIPAA
OSHA
State health dept ✗ confirmed
AI doc generation Partial
Small practice pricing $199/mo $300+/mo N/A $20/mo

Product & Technology

Product overview

Clario is a SaaS compliance monitoring platform for small healthcare practices (1–10 providers). It covers HIPAA Privacy + Security Rule, applicable OSHA standards, and state health department requirements — all three in one platform, continuously monitored. Gap analysis, AI-generated documentation, deadline tracking, and pre-inspection alerts. Starting at $149/mo; Professional at $199/mo includes state coverage.

How it works technically

Practice profile → regulatory mapping (which rules apply, given specialty + state + staff count) → gap analysis against current requirements → AI fills attorney-vetted templates with practice data → signed documents stored → renewal tracking → continuous monitoring against OCR enforcement patterns and state rule changes → alerts when something needs attention.

Tech stack decisions

Layer Chosen Rejected Reason
Regulatory knowledge graph Custom-built + domain expert review Licensable content (none exists) No database to license. Must be built with compliance attorneys and domain experts. This IS the moat.
Document generation Attorney-vetted templates + GPT-4o variable fill Pure AI generation Legal accuracy requires attorney-reviewed templates. AI fills variables. Reduces UPL risk.
Monitoring engine Supabase + scheduled jobs + OCR RSS feeds Manual review process Continuous monitoring requires automation. OCR publishes enforcement actions; parse and alert.
Frontend Next.js + Supabase React + Firebase SSR for compliance dashboard; Supabase for auth, real-time, storage in one
HIPAA infrastructure Supabase HIPAA tier + BAA + encryption at rest Standard cloud hosting BAA is near-certain required — processing PHI. $55–120K pre-launch compliance cost includes this.

Regulatory posture

🔴
HIPAA BA status: Sign BAA with hosting provider. Include HIPAA-compliant hosting in seed budget ($55–120K pre-launch total).
🟡
UPL (unauthorized practice of law): Document generation is AI-filling attorney-vetted templates, not legal advice. Disclaimer required. Attorney review of templates.
🟡
CA AB 489 (Jan 2026): Affects UI design for CA users — consent and disclosure requirements. Already incorporated into CA state content build.
🟡
FTC Operation AI Comply: No marketing claims about compliance outcomes. Platform is a tool, not a guarantee.

Pre-launch compliance costs: $55K–$120K (one-time). Annual ongoing: $40K–$75K. Source: PE regulatory analysis March 2026 — ESTIMATE.

Financial Model

ARPU
$199/mo (Professional plan — ESTIMATE, dig-deeper validated ceiling)
COGS/customer
~$12/mo (ESTIMATE — hosting, AI, content)
Gross margin
~94%
LTV (assumed 24-month retention at 2% churn)
$4,776 (ESTIMATE — derived from $199 × 24)
CAC — association channel
$600 (ESTIMATE)
CAC — paid search
$1,200 (ESTIMATE — if association fails, model breaks)
LTV:CAC (association channel)
7.96:1
LTV:CAC (paid search)
2.32:1 — WARNING: below viable threshold
CAC payback
3 months (association channel)
Break-even
Month 18–19
MRR at break-even
$10,400/mo
Year 1 Revenue
$149K (ESTIMATE)
Year 2 Revenue
$612K (ESTIMATE)
Year 2 Net Profit
$182K (ESTIMATE — after $150K seed + infra)
Trial-to-paid conversion
35% assumed (ESTIMATE)
Peak burn
$25K/mo (ESTIMATE — months 6–12)

⚠ Critical Correlated Risk

If Compliancy Group pricing pressure simultaneously drives ARPU to $199 AND paid search CAC to $1,200 — LTV:CAC drops to 2.32:1. Association distribution holding CAC at ~$600 is existential, not optional. This is why securing AADOM/AGD before building is non-negotiable.

Financial assumptions

  • • ARPU $199/mo — dig-deeper validated WTP ceiling (not $299); blended from Essential ($149) + Professional ($199)
  • • CAC $600 — ESTIMATE based on association channel. Paid search CAC ESTIMATE $1,200 — breaks model
  • • LTV $4,776 — ESTIMATE derived from $199/mo × 24-month retention (2% churn/mo assumed)
  • • COGS $12/mo — ESTIMATE from hosting + AI inference + compliance content maintenance
  • • Y1 $149K, Y2 $612K — ESTIMATE from PE financial model March 2026, moderate scenario
  • • Break-even Month 18–19 — ESTIMATE derived from $150K seed / ~$8K/mo burn

Engineering Notes

MVP Scope — 90–120 Day Build

Week 1–2 HIPAA-compliant infrastructure (Supabase HIPAA tier, BAA signed, encryption at rest)
Week 3–4 Practice profile onboarding — specialty, state, staff count, EHR vendor → regulatory mapping
Week 5–7 HIPAA Privacy + Security Rule gap analysis engine. Attorney-vetted templates loaded.
Week 8–9 OSHA compliance module (bloodborne pathogens, hazcom, exposure control). 5 dental states state content.
Week 10–11 AI document generation — GPT-4o fills variables into attorney-reviewed templates.
Week 12–14 Monitoring engine, deadline tracking, alert system. Beta with 10 dental practices.
Week 15–16 Bug fix, performance. Documentation. Launch to waitlist.

Critical path: domain expert, not engineering

PE feasibility research confirmed: the hardest part of Clario is NOT the technology — it's the regulatory knowledge graph. Building accurate, up-to-date compliance content for 50 states requires domain experts (compliance attorneys, practice managers, state-specific advisors), not engineers.

🔴
Regulatory content accuracy: Attorney-reviewed templates for every state, every regulation. $3–8K per state. Cannot be rushed.
🔴
HIPAA BAA & infrastructure: Supabase HIPAA tier required before handling ANY PHI. $15K pre-launch. Non-negotiable.
🔴
Association partnership (AADOM/AGD): Must be signed before building. Cold outreach doesn't work for ADA-endorsed products. Need insider.
🟡
State rule change monitoring: Subscribe to state DOH/DSHS RSS feeds + quarterly attorney review per state.

Infrastructure costs

Supabase HIPAA tier + BAA $25/mo base → $250/mo at scale (one-time setup: $5K for compliance config)
GPT-4o (document generation) ESTIMATE $0.02–$0.05 per document — low frequency per customer
Vercel (frontend hosting) $20/mo
Legal review (ongoing, per state) $3K–$8K/state one-time; $500–$2K/state/year ongoing — ESTIMATE
Total infra at 150 customers ESTIMATE ~$800–$1,500/mo

Path to Product

Phase 1

Association Lock-In

⏱ 60–90 days $0–5,000
NOW

Secure partnership with AADOM or AGD BEFORE writing code. This is the existential gate. Build dental practice waitlist through association channels.

Go signal

Signed MOU with AADOM or AGD. 100+ dental practice waitlist.

Phase 2

Federal MVP

⏱ 90–120 days $90,000
Phase 2

HIPAA (Privacy + Security Rule) + OSHA (bloodborne pathogens, hazcom) for dental practices. 5-state content at launch (CA, TX, FL, NY, IL). HIPAA-compliant infrastructure. BAA signed with hosting provider.

Go signal

25 paying dental practices. 2% or lower monthly churn observed. $5K MRR.

Phase 3

State Expansion + CAC Test

⏱ Month 5–12 $45,000
Phase 3

Expand to 15 states. Test paid search CAC — if >$1,200/customer, pause and double down on association channel exclusively. Scale to 150+ customers.

Go signal

$10,400 MRR (break-even). Association channel proven at <$600 CAC.

Phase 4

Specialty Expansion

⏱ Month 13–24 Revenue-funded
Phase 4

Expand from dental to chiro, therapy, optometry, behavioral health. Each specialty has unique state requirements — moat deepens. Platform LTV grows as coverage expands.

Go signal

$612K Y2 revenue. 5+ specialties covered.

Capital Ask

$150,000
Use of funds Amount
HIPAA-compliant infrastructure + BAA (Supabase HIPAA tier) $15,000
Regulatory attorney — template review (HIPAA + OSHA) $30,000
State content build — top 5 dental states $25,000
Domain expert (compliance consultant) $20,000
MVP development (90–120 day build) $40,000
Operating reserve (20%) $20,000

Timeline: 18–19 months to break-even

Traction & Status

Honest. Dated March 2026. No spin.

  • Market validated — PE score 6.14/10 (FUND), dig-deeper completed March 2026
  • Compliancy Group confirmed NOT building state health dept compliance — gap validated
  • WTP ceiling validated — $199/mo (not $299) per dig-deeper market research
  • POC built and live — clario.nltlabs.ai
  • Association partnership — AADOM or AGD (existential gate — must precede product build)
  • HIPAA-compliant infrastructure provisioned + BAA signed
  • Regulatory attorney engaged for template review
  • MVP build (90–120 day sprint)
  • 25 paying dental practices

What we need

We need an operator with direct relationships in dental practice management — ideally someone with prior experience at a dental association (AADOM, AGD, ADA) or in dental SaaS sales. The association distribution channel is existential; cold outreach to dental associations won't work. We also need a co-founder or advisor with HIPAA/healthcare compliance expertise who can oversee the regulatory content build. Capital experience welcome — $120–150K seed means we need a well-capitalized entry, not a bootstrapper.

Interested? Let's talk.

Especially if you have dental association relationships or HIPAA compliance expertise.

Get in Touch
NLT Labs

Pipeline run telemetry

How this run was built

10 agents · same phases as portfolio.nltlabs.ai/pipeline . Cards show live stats from pipeline-run.json.

10
Agents
1h 24m
Wall
$47.20
Cost
38
Search
412
Tools
4
URLs
Phase 1 — Evaluation
52m 18s · 6 agents
Parallel · 3
claude-sonnet-4-6
Market sizing & TAM
Parallel researcher — TAM/SAM/SOM and growth drivers
T 107k ⏱ 14m 02s 🔧 56 🔍 14
completed
📄 MARKET-RESEARCH.md
in 62k · out 45k
📝 4,200 words
🔥 Firecrawl 4
🧠 memory 1
claude-sonnet-4-6
Competitive teardown
Parallel researcher — pricing, positioning, funding
T 99k ⏱ 12m 55s 🔧 51 🔍 11
completed
📄 COMPETITIVE.md
in 58k · out 41k
📝 3,800 words
🔥 Firecrawl 5
claude-sonnet-4-6
Regulatory & feasibility
Parallel researcher — compliance and technical risk
T 72k ⏱ 10m 18s 🔧 42 🔍 9
completed
📄 FEASIBILITY.md
in 44k · out 28k
📝 2,900 words
🔥 Firecrawl 3
🧠 memory 1
claude-opus-4-6
Creative Director
Locks thesis, tab order, and artifact paths for the PE run
T 60k ⏱ 11m 40s 🔧 28
completed
📄 BRIEF.md
in 38k · out 22k
📝 1,400 words
🧠 memory 2
claude-opus-4-6
PE Firm
Nine-lens rubric, score, fund / no-fund recommendation
T 110k ⏱ 9m 12s 🔧 22 🔍 2
completed
📄 PE-SCORE.md
in 72k · out 38k
📝 2,100 words
🧠 memory 3
claude-opus-4-6
Devil's Advocate
Stress-tests assumptions and cites failure modes
T 85k ⏱ 8m 31s 🔧 19 🔍 2
completed
📄 ADVERSARY.md
in 51k · out 34k
📝 1,800 words
🧠 memory 2
pe:fund → POC build · harvester writes this page
Phase 2 — Build
31m 44s · 4 agents
claude-opus-4-6
POC Director
Orchestrates build: IA, tone, and acceptance criteria
T 44k ⏱ 7m 10s 🔧 18
completed
📄 POC-PLAN.md
in 28k · out 16k
📝 950 words
🧠 memory 1
claude-sonnet-4-6
Product & industrial design
BOM, specs, and 3D narrative for hardware POCs
T 78k ⏱ 9m 44s 🔧 35
completed
📄 PRODUCT-BOM.md
in 46k · out 32k
📝 2,800 words
claude-sonnet-4-6
Copywriter
Investor narrative, section polish, CTA copy
T 56k ⏱ 6m 20s 🔧 14
completed
📄 COPY.md
in 32k · out 24k
📝 2,200 words
claude-sonnet-4-6
Frontend / Astro builder
Implements Astro POC, tabs, assets, and deploy checklist
T 102k ⏱ 8m 30s 🔧 67
completed
📄 src/
in 54k · out 48k
📝 0 words

Token share (this run)

Hover segments in supporting browsers for agent name · width ∝ output tokens

Agent handoffs

Edges from the orchestrator manifest (when present).

Creative Director Parallel researchers Brief + section contracts
Parallel researchers PE Firm MARKET / COMPETITIVE / FEASIBILITY markdown
PE Firm Devil's Advocate Scorecard + fund recommendation
POC Director Astro builder Tab map + content manifest

Sources (run)

URLs touched during this run. Claim-level bibliography: /sources .

🏛️ Government / Census (1)

Market sizing & TAM

📊 Market Reports (1)

Market sizing & TAM

💬 Reddit / Forums (1)

Competitive teardown

🔍 Competitor Sites (1)

Competitor funding reference

https://www.crunchbase.com/
Competitive teardown

Key decisions

PE Firm

FUND — score clears bar with mitigable risks

Large SAM, differentiated wedge, credible path to units; DA items logged as pre-launch checks.

Quality scorecard

24
Cited sources
Verifiable URLs
18
Estimated
Derived
6
Assumed
Model
4
Quotes
Forum / review
7
Competitors
Funding + price
3
Census
CBP etc.

NLT Labs PE Pipeline v3.1 — evaluation then build. Full flow diagram →

March 2026 · Issue #0 · Clario

portfolio.nltlabs.ai →