Frequently Asked Questions

Each toolkit is a bundle of printable PDF documents — runbooks, templates, checklists, worksheets — plus an editable Excel workbook where the toolkit involves tracking (registers, schedules, scoring). Each tier is one zipped download with the deliverables organised by use case.

Page counts vary by toolkit and tier — most Solo Editions are 30–50 pages, SMB Editions are 80–150 pages, Pro / Enterprise Editions are 150+ pages. Exact deliverable lists and page counts are on each product page.

Most deliverables are PDFs designed to be printed or pinned to a wall during an actual incident. Where editable templates are useful (proof-pack documents in TrustReady, the GDPR Records of Processing Activities register, multi-client tracking workbooks), you get editable files alongside the PDF.

If a specific deliverable would be more useful as editable Word for you, email us — we may be able to provide it.

Lemon Squeezy (our payment processor) emails you a download link as soon as your payment confirms. The link is typically active for 24 hours and lets you download all files for your tier. The order-confirmation email also includes the link.

If the link expires before you download — or if you lose the email — reply to the order-confirmation email or contact support@sylvanassurance.com with your order reference and we re-send.

Yes. Every product has a free assessment that returns a tailored free guide (5–10 pages each). The free guide uses the same writing style, structure, and quality bar as the paid editions. If you like the way it reads, you'll like the paid edition.

The free guide is yours to keep regardless of whether you buy the paid edition.

Each product page has a "When the X tier is enough" guide. The general pattern across the line:

• Solo — you are the only operational responder and you face the underlying problem fewer than four times a year.
• SMB / Commander — your team is 5–50 people and faces the problem regularly enough to need team workflow, named roles, and stakeholder communication templates.
• Pro / Enterprise / DPO — you run the workflow across multiple clients (consultants, MSSPs, fractional CISOs) or you operate at a scale where formal audit-ready evidence matters.

If you're unsure, start with Solo and email if you want to upgrade — we'll credit the Solo price toward an SMB or Pro purchase.

Yes. Email support@sylvanassurance.com with your Solo order reference and we'll send a discount code that credits the Solo price toward an SMB or Pro purchase. No time limit on the upgrade.

No formal multi-seat licence. The toolkits are designed for internal team use — you can share the files within your organisation. The Terms of Use prohibit redistribution outside your organisation (selling, posting publicly) but explicitly permit reasonable internal use including putting the runbooks in your team wiki, printing for any number of team members, or referencing the templates in your own internal documentation.

If your organisation requires a formal licence document for legal or procurement reasons, email us — we can provide a short side-letter at no charge.

Every toolkit starts at the same Solo price ($49) and shares the same $99 middle tier. The top tier is where they differ, and it differs by what the tier is for. The calm-day readiness products (GDPR Checklist, SMB Security Assessment, PSIRT Response) top out at $299 because their top tier carries consultant / Data Protection Officer scope — commercial, multi-client use and audit-ready depth. The acute incident products (First 4 Hours, GDPR Breach Response) top out at $199 because their top tier is about depth of response, not multi-client licensing.

It means: once you've bought a tier, the files in that tier are yours. You can use them indefinitely. We do not deactivate, expire, or remotely revoke files. There is no subscription, no annual renewal, no per-seat fee.

While the toolkit is in our catalog, any updates we ship within that edition are free — corrections, clarifications, small regulatory tweaks, added templates. We notify you by email when an update ships.

If we ever publish a major new edition (substantially rewritten or expanded), the prior edition you bought is still yours; the new edition is sold separately. If we ever retire a toolkit, you keep the latest version you had.

When the underlying regulation changes (for example, new European Data Protection Board guidance, a Cyber Resilience Act enforcement update) we aim to ship an update within 30–60 days. For routine improvements — better worked examples, clearer wording, additional templates — every 3–6 months. Updates within an edition are free while the toolkit is in our catalog; a major new edition is sold separately.

The "Recent updates" section on each product page lists the change history.

Email. We keep the email you provided at purchase and use it only for: (a) the order-confirmation flow, (b) lifecycle onboarding (typically 5 emails over 60 days), (c) update notifications when v2+ ships. We never sell, share, or use the email for anything else.

Every paid edition has a 30-day money-back guarantee. If you are not satisfied for any reason within 30 days of purchase, email support@sylvanassurance.com with your order reference and we refund in full. No questions asked. No "tell us why" form to fill in.

Full terms in our Refund Policy.

At purchase. The 30 days run from the timestamp on your Lemon Squeezy order. We don't track whether you actually downloaded or opened the files.

Outside the 30-day window, refunds are at our discretion. We grant them more often than not in genuine-error cases (you bought the wrong product, you didn't realise we sold a similar product at a lower tier). Email us; we'll discuss.

No. Every free assessment runs entirely in your browser. We never receive your assessment answers. They are never transmitted to us or to any third party.

This is enforced architecturally — the Content-Security-Policy on our assessment pages prohibits the script sources that would make telemetry possible. You can verify by viewing the source of any assessment page.

The minimum: an email address if you opt in to receive a free guide, and purchase information (name, email, billing country, order reference) if you buy. We use Cloudflare's server-side traffic analytics (page views, country) which involves no JavaScript injection and no cookies.

Full detail in our Privacy Policy.

No. None of those, and none of their substitutes. The brand promise is privacy-first by architecture, and behavioural analytics would break it.

Email support@sylvanassurance.com. Include your order reference if your question is about a specific purchase, and the toolkit name if your question is about a specific product (for example "TrustReady — Solo Edition").

One business day. A real person reads every email. We are based in Vermont, United States — Eastern time. Emails received outside business hours are answered the next business day morning.

Not at this stage. Email-only support keeps the cost structure compatible with one-time pricing. If your question is best answered live, we'll suggest a 15-minute call when appropriate.

Not at this stage. If a toolkit gets you 80% of the way there and you need help with the last 20%, email us — we can refer you to consultants we trust in the relevant area.

Lemon Squeezy acts as Merchant of Record. They calculate, collect, and remit US sales tax, European Union and United Kingdom VAT, and Australian and Canadian GST automatically based on your billing address. No action needed from you on the tax side.

Your purchase invoice is issued by Lemon Squeezy and shows the tax breakdown for your jurisdiction.

The Lemon Squeezy invoice contains the standard fields most procurement systems require (legal entity, address, tax breakdown, order reference). If you need a custom field (purchase-order reference, cost-centre code, custom legal entity name), email us with the order reference and the required addition.

Yes — email support@sylvanassurance.com if you require a W-9 for US tax reporting or equivalent documentation for non-US tax purposes.