AI Compliance & Privacy Review · $999 · One Week
We find out what sensitive data is already flowing into ChatGPT, Claude, and other AI tools, map it against the regulations that apply to you, and hand you a written remediation plan. $999 flat, one week from discovery call to readout.
Every AI Compliance & Privacy Review runs the same way: a discovery call, a week of analysis, and a readout with a written remediation plan. No open-ended discovery, no hourly billing.
We map your workflows, current tools, and regulatory exposure — HIPAA, SOC 2, GDPR, the EU AI Act, and others as applicable to your business.
AI usage inventory, risk register, and control-gap analysis, grounded in your actual tool usage, not a generic checklist.
We walk through the findings and the prioritized, written remediation plan.
So there's no ambiguity about what $999 buys.
This is the structure of the deliverable, not a real client document — every section below is filled in with your findings, not a generic template.
The review stands on its own. If the findings justify more, here's what that looks like.
If the findings justify it, we implement the remediation plan for you — from $2,995, scoped after you've seen the findings.
Take the written plan to your own team, counsel, or security function. No obligation — the review stands on its own.
What people usually ask before booking a review.
The $999 covers the full engagement: the 30-minute discovery call, the one-week analysis (AI usage inventory, risk register, control-gap analysis, regulatory mapping), the 30-minute readout call, and the written remediation plan — an executive summary, findings, and a prioritized action plan. Done-for-you remediation is a separate, optional Tier 2 engagement, quoted after you've seen the findings.
Mainly the 30-minute discovery call and the 30-minute readout — about an hour total, plus whatever it takes to grant tool access or point us to the workflows where AI tools are already in use. We do the analysis; we don't need your team in meetings all week.
We start with a structured interview, then, with your permission, review telemetry from the tools you already run (Google Workspace, Microsoft 365, your AI vendors) via standard OAuth and admin scopes, so the inventory reflects what's actually happening. Prefer not to grant access? We work from your team's exports instead. Either way: conversation first, no inbox-trawling.
You get a written remediation plan you can act on with or without us. Some teams hand it to their own engineers, counsel, or security function. Others move into Tier 2 (done-for-you remediation, from $2,995). There's no pressure to buy more; the review stands on its own.
Same shape, different lens. This review looks at what sensitive data is already flowing into AI tools like ChatGPT and Claude, and what regulatory exposure that creates. The AI Opportunity Review looks for where AI can absorb hours of drudge work your team is already doing manually. Not sure which fits? Book the call and we'll help you pick.
Teams that need formal certification or audit attestation — that requires a licensed auditor, not a productized review. Teams that already have a mature GRC program and just need engineering hours to execute — go straight to Services. And teams whose primary concern is productivity rather than data exposure — that's the AI Opportunity Review.
Pick a time below. We'll confirm scope and schedule the one-week analysis window from there.