About Sylvan Assurance
A Vermont LLC publishing plain-English compliance and security toolkits for small product teams, fractional CISOs, MSSPs, and incident-response operators. Built deliberately small to stay close to the work.
What we believe. That the gap between "I read the regulation" and "I have a written playbook for what to do at 3am" is large; that closing it is real work most small teams cannot afford to do in-house; and that consultants typically don't productise that work because it doesn't scale at agency margins. So we productised it. Six toolkits to start.
Mission
To make the operator-grade compliance and security playbook — the kind a senior consultant would email a Word document for — available as a one-time-purchase printable toolkit at a price a small team can actually approve.
The format is opinionated on purpose. Every acronym is expanded on first use. Every claim cites the underlying standard. The disclaimer in every document distinguishes operational guidance from legal advice without hiding behind boilerplate. The page count is whatever the work needs — not stretched to look impressive, not compressed to ship faster.
What makes Sylvan different
Privacy-first by architecture, not by promise
Every free assessment we publish runs entirely in your browser. We never receive your assessment answers. No analytics, no cookies, no telemetry. The Content-Security-Policy on our assessment pages prohibits the script sources that would make tracking possible. That is the architectural enforcement of the brand promise; you can verify it by viewing the source of any assessment page.
The only data we collect, and only when you give it to us explicitly: email address (free-guide opt-in), purchase information (handled by Lemon Squeezy as Merchant of Record), and support correspondence. Aggregate Cloudflare server-side traffic counts — page views and country, no individual identification — round out our analytics footprint. Details in our Privacy Policy.
One-time purchases
Every toolkit is a one-time purchase. Files you own forever. Thirty-day money-back guarantee, no questions asked. The model is closer to a well-edited book than to a software subscription. Pricing tops out at $199 for any single product.
No sales calls
There is no sales call. The toolkits are self-serve through Lemon Squeezy. If you want to know whether a toolkit fits before buying, take the free assessment for that product or read the table of contents on the product page. If a real-person question would still help, email support@sylvanassurance.com. A real person reads every email.
The six toolkits
| Toolkit | For | Tiers |
|---|---|---|
| GDPR Checklist | General Data Protection Regulation readiness | Solo $49 · SMB $129 · Pro & DPO $299 |
| SMB Security Assessment | Security baseline for small product teams | Solo $49 · SMB $99 · Pro Consultant $299 |
| PSIRT Response | Product-security incident response | Solo $49 · SMB $99 · Enterprise $299 |
| First 4 Hours | Minute-by-minute first-hour playbooks | Solo $49 · Commander $99 · PSIRT CRA-Ready $199 |
| GDPR Breach Response | The Article 33 72-hour clock toolkit | Solo $49 · SMB $99 · Enterprise $199 |
| TrustReady | Security-questionnaire response kit | Solo $49 · SMB $99 · Pro $199 |
Company facts
| Legal entity | Sylvan Assurance, LLC |
|---|---|
| Headquarters | Vermont, United States |
| Website | sylvanassurance.com |
| Contact | support@sylvanassurance.com |
| Payment processor | Lemon Squeezy (Merchant of Record — handles US sales tax, EU/UK VAT, AU/CA GST) |
| Hosting | Cloudflare Pages (static) |
Press kit
For journalists, podcasters, conference organisers, or partners. Email support@sylvanassurance.com with the subject "Press — <outlet name>" for high-resolution assets, founder availability, or interview requests.
Boilerplate (one-sentence)
Sylvan Assurance is a Vermont LLC publishing plain-English compliance and security toolkits for small product teams, fractional CISOs, MSSPs, and incident-response operators — privacy-first by architecture, files you own forever.
Boilerplate (paragraph)
Sylvan Assurance, LLC is a Vermont limited liability company that publishes operator-grade compliance and security toolkits as one-time-purchase printable documents. Six toolkits cover General Data Protection Regulation readiness, small-business security baselines, product-security incident response, the first hour of any incident, the Article 33 72-hour breach-notification clock, and security-questionnaire response. Every free assessment runs entirely in the visitor's browser; Sylvan never receives the answers.
Brand colour palette
Navy #1F3864, sage #4A7C59, cream #FAF7F2, paper #FFFFFF. Full brand kit available on request.
Downloadable assets (available on request)
Logo pack
SVG + PNG (1x / 2x / 3x); light + dark backgrounds.
Brand-mark only
The "SA" rounded-square mark, navy on cream.
OG share images
1200×630 PNG for each product page.
Founder headshot
Square format, neutral background.
Brand-kit reference
Voice, tone, typography, do/don't list.
Product one-pagers
PDF one-pager per toolkit summarising tiers and contents.
Talking-point sheet — the questions journalists ask
"Why downloadable PDFs instead of SaaS?"
Because the work the toolkits do — answer a security questionnaire, run the first hour of an incident, draft the Article 33 notification — is bursty rather than continuous. A SaaS subscription is the wrong shape for a need that arrives twice a year. A one-time-purchase printable playbook the customer owns is the right shape. The format also keeps Sylvan small and focused, which is itself part of the strategy.
"How can you stay in business without selling annual subscriptions?"
By keeping costs low and shipping useful work. We carry no payroll. Hosting is Cloudflare's free tier. Payment processing is Merchant-of-Record (Lemon Squeezy) so we never touch tax filings. The unit economics work at much lower volume than a SaaS would need. The product line stays profitable from the first hundred sales.
"What's the brand stance on 'AI'?"
Skeptical of the buzzword; selective in practice. We use AI tools to speed up our own work where they're useful. We do not market the toolkits as AI-generated, AI-powered, or AI-anything. The product is a human-edited written playbook; that's what people are buying.
"What's next?"
Stabilise the first six toolkits. Add a seventh when the line proves itself. Long-form blog content (the "First hour of an incident" and "The 72-hour clock" pieces are the first two) shipping monthly. A book is in separate development; details on that when it's closer.
Contact
For any question, email support@sylvanassurance.com. Mention the topic in the subject line ("Press —", "Partner —", "Support — <product>", etc.) for fastest routing.
About page version 1.0. Last reviewed 30 May 2026.