The Challenge: As Lucis expanded rapidly across Europe following their $8.5M seed round, they needed to formalize security practices without slowing down their engineering velocity.
The Solution: Probo’s expert-led services adapted ISO 27001 to Lucis’ actual architecture and workflows, running compliance in the background while the team stayed focused on growth.
The Results:
- ISO 27001 certified without compromising growth momentum
- Minimal internal workload for engineering team
- Continuous compliance monitoring as they scale across Europe
About Lucis
Lucis is a European health-tech company redefining preventive medicine. By analyzing more than 180 biomarkers, Lucis combines AI and medical oversight to calculate a member’s Biological Age and deliver a personalized roadmap across five pillars: nutrition, sleep, activity, supplements, and mental health.
Following a $8.5M seed round, Lucis is scaling rapidly across Europe. But with growth came responsibility: Lucis handles some sensitive data, personal health information. For the team, security wasn’t a future concern. It was a prerequisite for trust.
The Challenge: Scaling Fast Without Compromising Trust
As Lucis expanded across France, the UK, Ireland, and Portugal, Baptiste Debever (co-founder and CTO) and Gauthier Wallet (Founding Engineer) knew their informal security practices needed to become formal, without slowing the business down.
They faced three hard constraints:
-
Extreme data sensitivity
Unlike most B2C products, Lucis manages regulated health data. ISO 27001 wasn’t a sales checkbox. It was a signal to users, partners, and regulators that security was foundational.
-
A lean, fast-moving team
With engineering focused on shipping product and improving member outcomes, the team couldn’t afford months of manual documentation.
-
Compliance that reflected reality
Lucis didn’t want a generic framework that looked good on paper. They wanted certification to reflect how they actually built and operated their systems.
Baptiste Debever, CTO:
Security isn’t just a technical requirement for us. From day one, it’s been a core part of the trust relationship we have with our members.
The Solution: ISO 27001 Without the Overhead
Lucis needed a way to turn their existing security mindset into a globally recognized certification, without pulling focus away from growth.
They chose Probo because it wasn’t a rigid, checklist-driven approach. Probo adapted to Lucis’ stack, processes, and pace, allowing the team to stay focused on product while certification progressed in parallel.
Probo delivered:
1. Compliance tailored to Lucis’ reality
Instead of forcing Lucis into a generic model, Probo mapped ISO 27001 directly onto their actual architecture, workflows, and controls.
2. End-to-end execution
From gap analysis to audit preparation, Probo handled the documentation and coordination that typically stalls early-stage teams.
3. Asynchronous, low-friction collaboration
The entire process ran through Probo’s platform and Slack, fitting seamlessly into Lucis’ day-to-day operations.
Gauthier Wallet, Founding Engineer:
Probo made the process feel effortless. They handled the heavy lifting in the background, and the asynchronous Slack-based collaboration fit perfectly with how we work.
The Results: Certification Without Slowing Growth
With Probo, Lucis achieved ISO 27001 certification while maintaining growth rate, proving that strong security can be built early, without slowing the business down.
Baptiste Debever, CTO:
From kickoff to audit, the entire certification process took far less time than we expected for ISO 27001.
Gauthier Wallet, Founding Engineer:
The internal workload stayed extremely light. Probo absorbed the operational complexity, which let us stay focused on growth and our product.
Today, ISO 27001 isn’t a one-time milestone for Lucis, it’s an ongoing standard. Probo continues to support ongoing compliance, monitoring improvements and ensuring Lucis stays aligned with best practices as the company scales across Europe.
Why It Matters
Lucis didn’t adopt ISO 27001 to satisfy a requirement. They did it to make security a default principle: early, intentionally, and without sacrificing momentum.
With Probo, they proved that even at hyper-growth speed, startups can treat user data with the seriousness it deserves.
