Questions small businesses often ask before starting

No. The business is Chico-based and works with organizations in Paradise, Oroville, Durham, Gridley, Orland, Corning, Red Bluff, and surrounding areas, while also supporting remote clients when the work can be handled effectively online.

Yes. Many AI security, policy, vendor review, documentation, and roadmap engagements can be handled remotely with clear scope and secure handoff materials.

Not as a default service. Work is focused on practical cybersecurity, secure AI adoption, documentation, and limited lawful open-source exposure review. Any testing must be explicitly scoped, authorized in writing, and limited to systems the client has authority to assess.

Yes. AI acceptable-use policies can be created as a standalone engagement or as part of an AI assessment, adoption roadmap, or staff training package.

Yes, when the scope is appropriate for a lightweight, maintainable business tool. Projects can include secure workflow prototypes, internal assistants, report generators, dashboards, and automations.

The launch site is designed not to collect or store visitor-submitted data. Contact uses email and phone links. If a protected form is added later, messages should be sent by email and not stored in a website database.

Yes. Tool reviews can look at intended use, data handling, account settings, vendor terms, staff guidance, and practical controls for common AI tools.

A starter engagement usually includes a discovery call, a focused review of the agreed area, a plain-English risk summary, and a prioritized action plan.

Small starter reviews may take one to two weeks after scheduling and access to needed information. Larger roadmaps, policy packages, or tool reviews depend on scope and responsiveness.

Yes. The services are designed for small businesses, solo founders, nonprofits, professional services firms, and local organizations that need practical help without enterprise overhead.

Yes. Work can include MFA, registrar security, DNS hygiene, SPF/DKIM/DMARC guidance, website security headers, and admin access review.

Do not send passwords, secrets, credentials, regulated data, emergency requests, or sensitive internal details through the website. Use email or phone first to establish an appropriate channel.

No. Published pricing is a planning guide. Final quotes depend on scope, urgency, systems involved, documentation needs, implementation depth, and authorization requirements.

Yes. Monthly advisory retainers can provide recurring guidance, vendor/tool review, policy updates, roadmap tracking, and limited async support.