I run a low 7 figures SaaS as well. This is the blurb I answer with when asked about SOC2 (yes, yes, AI generated):

"While we follow industry best practices that align closely with the requirements of SOC2 and similar frameworks, we have chosen not to pursue formal certification at this time. Maintaining multiple certifications and undergoing recurring audits across the various regions in which we operate would significantly increase our operational costs and, consequently, the price of our service."