When it happens,
you'll be ready.

Klaxon turns "we think something happened" into "we ran the playbook, met every reporting deadline, and sent the right letters to the right regulators." It computes your 50-state + HIPAA / GDPR / DFARS / SEC / CIRCIA obligation clocks from the incident timeline, cascades reminders before you miss them, and seals the timeline so it holds up after the fact — at SMB price, local-first.

Open the console See your deadlines
DFARS 72-HOUR RAPID REPORT · clock from discovery
--:--:--
A real incident starts a clock you can't pause. Klaxon runs it for every obligation.
52 US jurisdictions + 7 frameworks
T-48/24/4h reminder cascade
hash-chained tamper-evident timeline
$0 local-first free tier
Local-first · data never leaves the building HIPAA / GDPR / DFARS / SEC / CIRCIA clocks CA SB 446 · OK SB 626 (in force) Business-day + federal-holiday deadline math Tamper-evident hash-chained timeline 50 states + DC/PR · GDPR · PIPEDA · Québec

Pick your affected states. See your obligations.

Toggle states (assume 600+ residents each, PHI involved). The engine computes who you must notify and by when — deterministically, from law, no guessing.

Select a state above.

One screen. The whole incident.

The append-only timeline on the left, the live legal deadline clocks on the right — the actual Klaxon war-room. Open the console →

Obligation clocks

50 states + DC/PR and HIPAA, GDPR, DFARS, PIPEDA, Québec, SEC, and CIRCIA — each on a live countdown from the legally-correct trigger, with current law (CA SB 446, OK SB 626) encoded and proposed rules (CIRCIA, HIPAA 72h) clearly labeled proposed.

Reminder cascade

T-48 / 24 / 4h / overdue stages computed locally from the timeline, with business-day and federal-holiday-aware deadline math. Opt in to push a secret-free reminder to email / Slack / Teams when the browser is closed.

Tamper-evident timeline

An append-only forensic timeline sealed with a SHA-256 hash chain — any edit to a past event shows as TAMPERED — plus roles, tasks, and chain-of-custody evidence hashes. The defensibility artifact auditors and carriers ask for.

Per-jurisdiction letters

Nine jurisdiction-correct templates that prefill from the incident and flag missing statutory fields. The legal scaffolding is engine-computed; only the narrative is yours. Plus the playbook library and a scored tabletop runner.

The lane nobody in our price band owns

incident.io / PagerDutyRadarFirst / BreachRxKlaxon
Slack war-room / on-callwar-room ✓
52-jurisdiction + 7-framework law engine✓ incl. SEC/CIRCIA
Reminder cascade (T-48/24/4h/overdue)
Tamper-evident hash-chained timeline
Tabletop as software
Local-first (data stays in-house)
SMB self-serve price5–6 figuresfree / $239

Built for the orgs that get the call at 2am

"The deadline clock is the thing. We knew we had a breach; we didn't know we owed three AGs and HHS by different dates. Klaxon laid it all out in a minute."

— Compliance lead, multi-state clinic group

"We run tabletops for a book of 20 clients. Bulk scheduling plus a scored AAR we can white-label is exactly what the consultants charge $15k a pop for."

— vCISO, managed-security provider

"Local-first sealed it. A live incident is the last thing we want sitting in someone else's cloud. The letters generate on-device."

— IT director, DIB subcontractor

Representative use cases · named-customer quotes to be added at launch

Run the playbook before you need it.

Free, local-first, no signup. Your incident data stays in your browser.

Open the console

Guides

Incident response plan software Breach notification requirements Incident response playbooks Breach letter generator Klaxon vs incident.io How obligation clocks work