Investors · Pre-seed

Pre-Vanta · Post-Vercel.

Secure cloud architectures from day one. Plaza is a cloud deployment and compliance platform that takes teams from rapid prototyping to production-grade cloud — opinionated security, SOC 2 and ISO 27001 readiness built in, no dedicated platform team required. Built for the big three: AWS today, GCP and Azure next. We're raising a pre-seed to ship it globally from Tokyo.

01 — THESIS

A generation of builders is shipping more, faster, with fewer people than ever before. AI-assisted development, prototype platforms, and no-code tools have collapsed the distance between idea and demo from months to days.

But the distance between demo and production has barely moved. A hardened multi-account cloud organisation, centralized networking, identity, evidence collection, and a posture that will pass a customer security review still cost a six-month rebuild — or a full-time platform hire — exactly when a company can least afford either.

"The next generation of builders will ship in days. The platforms they ship on are still built for a six-month rollout."

Plaza is the missing layer. An opinionated, secure-by-default cloud architecture — centralized ingress/egress networking, envelope-encrypted credentials, SOC 2 and ISO 27001 readiness, continuous evidence collection — delivered as a product, inside the customer's own cloud account. Built for AWS, GCP and Azure; shipping AWS first. No dedicated platform team. No rebuild at audit.

02 — WHY NOW

Three shifts converging.

AI collapses build time.

Teams of one or two are producing software that would have taken a squad of eight. The bottleneck has moved from writing code to hardening, compliance, and everything that surrounds it.

II.

SOC 2 is on the first call, not post-Series-A.

Customer security reviews and ISO 27001 expectations now arrive with the first enterprise pilot — not after. The rebuild problem hits earlier, and harder.

III.

Control Tower ends where compliance begins.

AWS-only, rigid, and framework-agnostic, Control Tower doesn't bridge to SOC 2 or ISO, and it can't cross clouds. The ground is clear for a product-shaped replacement.

03 — MARKET

A platform layer hiding inside a $700B+ stack.

Total Addressable

$700B+

Global cloud & infrastructure software

Every team that runs workloads in a public cloud is a candidate for production-grade orchestration, compliance and security tooling.

Serviceable

$80B

DevEx, platform engineering & compliance automation

The slice being re-platformed today — internal platforms, compliance-as-code, cloud posture — where Plaza replaces 6+ tools with one.

Obtainable (5yr)

$2–4B

Builders graduating from prototype tools

The leading edge: teams shipping with modern AI-native stacks that now need enterprise-grade posture without a rebuild.

Figures are directional estimates. A detailed market map is available in the investor deck on request.

04 — PRODUCT

What makes Plaza defensible.

AI prototype → production pipeline.

Plaza converts AI-generated prototypes (Lovable, v0, Bolt) into production-grade cloud-native Go — a Bedrock-backed pipeline that handles the conversion, generates and runs tests, builds, and deploys through Plaza's governed CI/CD. A weekend prototype becomes an enterprise-ready backend without a rewrite. Shipping on AWS today; GCP and Azure follow the same pipeline.

Opinionated, secure-by-default architecture.

Multi-account cloud organisation, centralized ingress/egress networking, no public endpoints in workload accounts, envelope-encrypted customer credentials behind a WAF-protected private API gateway. What a senior platform team takes months to assemble per cloud, shipped as a product — on AWS today (Transit Gateway, VPC topology, Org SCPs), with GCP and Azure landing on the same control-plane abstractions.

Compliance as a continuous product.

Continuous evidence collection, controls monitoring, and a read-only auditor portal — SOC 2 and ISO 27001 readiness built into the default path, not a once-a-year audit sprint. ISMAP on the Japan track; HIPAA and PCI added with client demand.

A product-shaped replacement for AWS Control Tower.

Control Tower is AWS-only, rigid, and ends where compliance begins. Plaza is a multi-cloud-ready control plane that keeps running once you've landed — our own 15-account, 6-OU AWS organisation is on Plaza-managed infrastructure, with the Control Tower → Plaza migration in active execution.

300+ guided security cards.

A compounding content library of concrete checks and remediations — not abstract policy documents. Every engagement writes back into the library; the moat widens with every customer.

05 — TRACTION

Early signal.

20+ Letters of intent

Early demand from teams preparing for compliance and production-readiness — LOIs signed in hand ahead of a paid launch.

1 First customer · onboarding now

Actively onboarding our first paying customer — a multi-cloud AI-tools shop operating across AWS, GCP and Azure to leverage model vendors wherever they ship. Validates the big-three bet from the first engagement.

3 Enterprise supply-chain inbound

Inbound interest from large organisations that need to secure their third-party supply chain — an NGO onboarding member charities, an aerospace prime diversifying and hardening suppliers, and a Point-of-Sale vendor securing the SMB retail networks attached to their backend.

15 AWS accounts · 6 OUs · self-dogfood

Plaza runs its own 15-account, 6-OU organisation on Plaza-managed infrastructure. Control Tower → Plaza migration in active execution — CloudFormation templates, SCPs and deployment scripts shipping. Operational credibility, not customer traction.

LOI counterparties, first-customer details and enterprise supply-chain pipeline shared on request to respect customer privacy.

06 — TEAM

Built by operators.

Founder · CEO

Richard Orman

A decade shipping secure systems inside defence, enterprise and high-growth fintech. Built and scaled the platforms most teams only try to buy.

Co-founder · Business

Kevin Seo

Leading sales, go-to-market, and commercial strategy. Driving the marketplace integration motion and early customer development while Richard owns product, technical direction and company vision.

Full team bios & advisors are included in the investor deck.

07 — FAQ

Investor FAQ.

What stage are you raising at, and on what instrument?

We are raising a pre-seed round. Final instrument (SAFE / priced) is being finalised with our lead counsel; specifics are shared on a qualified call.

How much is the round, and is there a lead?

Target size, valuation cap, commitments and lead status are shared on an intro call. Reach out via the contact options below and we'll walk you through the current state of the round.

What's the current state of the product?

Plaza is built for the big three clouds — AWS, GCP and Azure — and ships on AWS today.

Codebase. 43,000 LOC · React/TypeScript front end · Supabase back end (149 edge functions, 21 tables).
Security content. 300+ card library of concrete checks and remediations — not abstract policy documents.
AI conversion pipeline. Bedrock-backed — turns Lovable, v0 and Bolt prototypes into production-grade cloud-native Go.
Self-dogfood. Our own 15-account, 6-OU org runs on Plaza-managed infrastructure; Control Tower → Plaza migration in active execution.
Billing. Stripe live across all four tiers.
Multi-cloud roadmap. GCP and Azure designed in; shipping order (AWS → GCP → Azure) driven by beta-customer demand.

Who are the customers?

Startups and scaleups on modern cloud stacks (AWS today, GCP and Azure as the roadmap ships) that need to reach "enterprise-ready" without hiring a dedicated platform or security team.

Primary audience. Teams preparing for SOC 2 / ISO 27001 and early customer security reviews.
Phase 1 (now). Global, English-first — built in Tokyo for the worldwide cloud-native audience from day one.
Phase 2. Japan-native SMEs — a planned anchor once early-client assumptions are validated, with Japanese data residency built in.

How does Plaza go to market?

Marketplace-first — we monetise the integration layer as well as the product.

Revenue-share integrations. Across security (a 400+ vendor ecosystem with heavy overlap), identity and HR tooling. When we bring a customer directly to a partner, we share revenue on that engagement.
Native over neutral. Non-revenue-share vendors are listed as options; native-Plaza integrations are promoted.
SCIM and SSO as leverage. Table-stakes security in Plaza's free tier — and we push every integration partner to support SCIM/SSO across all their tiers, so SME customers get enterprise-grade identity across their whole stack without paying the "enterprise add-on" tax.

How does Plaza make money?

Plaza is a four-tier platform subscription per organisation:

Foundation — free. Security education, cloud account cleanup, IAM hardening.
Project — $30/mo + 20% of combined cloud spend. Infrastructure provisioning, CI/CD, environment management.
Corporate — $500/mo. MDM, policy generator, SOC 2 / ISO 27001 readiness.
Compliance — $2,000/mo. Continuous evidence collection, controls monitoring, auditor portal.

Paid tiers include up to 5 projects each; annual billing is 25% off. Marketplace revenue-share layers on top. Customers pay their cloud provider directly for consumption — we never mark up raw infrastructure.

What's the moat?

Four compounding layers:

AI conversion pipeline. A Bedrock-backed pipeline that turns prototype code into production-grade cloud-native Go — the moment of magic for customers graduating from Lovable, v0 or Bolt.
Secure-by-default cloud architecture. Centralized ingress/egress networking, envelope-encrypted credentials, no public endpoints — months of senior platform work, delivered as a product, per cloud.
300+ card security and compliance library. A content moat that compounds with every customer and every framework we add.
Multi-cloud control plane from day one. Shipping AWS → GCP → Azure via the same cloud-agnostic conversion pipeline — where AWS Control Tower cannot follow.

A Tokyo HQ with Japanese data residency opens a defensible Phase-2 SME vertical underserved by US-centric devtools.

How is this different from AWS Control Tower, an IDP, or a PaaS?

vs AWS Control Tower. AWS-only, rigid, and ends where compliance begins.
vs an internal developer platform. Built by each customer, once — then decays.
vs a PaaS. Takes custody of data and compute.

Plaza is a product running inside the customer's own cloud account: multi-cloud-ready, compliance-native, continuously maintained — a compliance-grade IDP you rent, not build.

What does use of funds look like?

Engineering. Ship GCP and Azure via the cloud-agnostic conversion pipeline, deepen the Compliance tier (evidence collection, auditor portal), expand the AI conversion pipeline beyond Lovable.
Go-to-market. Marketplace-first — revenue-share integrations with third-party security, identity and HR vendors, led by Kevin on the commercial side.
Framework expansion. ISMAP on the Japan track; HIPAA and PCI added with client demand.
Compliance posture. The security and compliance work required to be audit-ready alongside our first cohort of customers.

Detailed allocation is in the deck.

How do I get the deck or arrange a call?

Email investors@nakatomi.dev or use the scheduling link below. We'll share the deck after a short intro call.

Next step

Backing the team bringing enterprise-grade security to startups — built multi-cloud from day one.

We're talking with a small number of pre-seed and angel investors who understand cloud infrastructure, compliance, and the global devtools opportunity — built in Tokyo, Japan-native as it matures. If that's you, let's talk.

Book a call → investors@nakatomi.dev

Investor Relations investors@nakatomi.dev

General Contact Contact page →

Entity Nakatomi Co., Ltd. · Tokyo, JP

Deck Shared after intro call