Simple pricing. Defensible policies.
One-time purchase model. No subscriptions, no retainers, no committees. Buy the policy you need. Add ongoing monitoring if you want it.
Guardian — AI AUP
Framework-mapped AI Acceptable Use Policy for fintech compliance officers. Authored by a credentialed practitioner. Delivered in five business days.
Complete AI Acceptable Use Policy authored for your fintech operating environment
SOC 2 Type II AI Control Gap Analysis
EU AI Act deployer obligations mapped to your use cases
Regulatory citations: NIST AI RMF, SEC RIA, ISO/IEC 42001, NIST 800-53, CFPB Circular 2022-03, ECOA, Colorado SB 24-205
Authored by CISSP, AAISM, CMMC CCP-credentialed practitioner
SHA-256 document fingerprint for integrity verification
Delivered as editable DOCX in your inbox
Regulation Watch
Ongoing monitoring of regulatory changes affecting your Guardian policy. Add to any Guardian purchase.
Notification when regulatory changes affect your Guardian policy
Continuous monitoring of all frameworks cited in your delivered document
Guidance on whether your policy requires refresh or amendment
Priority access to policy revisions at discounted rates
Annual subscription. Cancel any time.
Requires active Guardian policy on file
Email notifications, no portal login required
Coming Soon
Additional modules in active development. Join the waitlist to be notified when each becomes available.
Compass — AI Governance Assessment
Shield — AI Incident Response
Trust — AI Vendor Risk
Vault — AI Data Protection
SOC 2 Suite — Complete SOC 2 AI Controls
Module-specific intake questionnaires
Same authored review and credential standard as Guardian
Guardian — AI AUP
Framework-mapped AI Acceptable Use Policy for fintech compliance officers. Authored by a credentialed practitioner. Delivered in five business days.
Complete AI Acceptable Use Policy authored for your fintech operating environment
SOC 2 Type II AI Control Gap Analysis
EU AI Act deployer obligations mapped to your use cases
Regulatory citations: NIST AI RMF, SEC RIA, ISO/IEC 42001, NIST 800-53, CFPB Circular 2022-03, ECOA, Colorado SB 24-205
Authored by CISSP, AAISM, CMMC CCP-credentialed practitioner
SHA-256 document fingerprint for integrity verification
Delivered as editable DOCX in your inbox
Regulation Watch
Ongoing monitoring of regulatory changes affecting your Guardian policy. Add to any Guardian purchase.
Notification when regulatory changes affect your Guardian policy
Continuous monitoring of all frameworks cited in your delivered document
Guidance on whether your policy requires refresh or amendment
Priority access to policy revisions at discounted rates
Annual subscription. Cancel any time.
Requires active Guardian policy on file
Email notifications, no portal login required
Coming Soon
Additional modules in active development. Join the waitlist to be notified when each becomes available.
Compass — AI Governance Assessment
Shield — AI Incident Response
Trust — AI Vendor Risk
Vault — AI Data Protection
SOC 2 Suite — Complete SOC 2 AI Controls
Module-specific intake questionnaires
Same authored review and credential standard as Guardian
Guardian — AI AUP
Framework-mapped AI Acceptable Use Policy for fintech compliance officers. Authored by a credentialed practitioner. Delivered in five business days.
Complete AI Acceptable Use Policy authored for your fintech operating environment
SOC 2 Type II AI Control Gap Analysis
EU AI Act deployer obligations mapped to your use cases
Regulatory citations: NIST AI RMF, SEC RIA, ISO/IEC 42001, NIST 800-53, CFPB Circular 2022-03, ECOA, Colorado SB 24-205
Authored by CISSP, AAISM, CMMC CCP-credentialed practitioner
SHA-256 document fingerprint for integrity verification
Delivered as editable DOCX in your inbox
Regulation Watch
Ongoing monitoring of regulatory changes affecting your Guardian policy. Add to any Guardian purchase.
Notification when regulatory changes affect your Guardian policy
Continuous monitoring of all frameworks cited in your delivered document
Guidance on whether your policy requires refresh or amendment
Priority access to policy revisions at discounted rates
Annual subscription. Cancel any time.
Requires active Guardian policy on file
Email notifications, no portal login required
Coming Soon
Additional modules in active development. Join the waitlist to be notified when each becomes available.
Compass — AI Governance Assessment
Shield — AI Incident Response
Trust — AI Vendor Risk
Vault — AI Data Protection
SOC 2 Suite — Complete SOC 2 AI Controls
Module-specific intake questionnaires
Same authored review and credential standard as Guardian
Frequently asked questions
Answers to common questions about getting started and using Vectura day to day.
Not ready to commit?
Review a sample Guardian policy first. The sample shows the structure, framework citations, and document control elements you'll receive — no purchase required.
Have questions? We're available at:
Not ready to commit?
Review a sample Guardian policy first. The sample shows the structure, framework citations, and document control elements you'll receive — no purchase required.
Have questions? We're available at:
You receive an email with a link to the 34-question intake form. The intake takes 10 to 15 minutes and requires no compliance expertise. Once submitted, your policy is drafted, reviewed by a credentialed practitioner, and delivered to your inbox within five business days.
Yes. Every PolicyFoundry document is authored by a CISSP, AAISM, CMMC CCP-credentialed practitioner with 20 years of federal GRC experience. Regulatory citations are mapped to your specific operating environment based on your intake responses. The SHA-256 document fingerprint provides cryptographic proof of integrity.
Minor clarifications and corrections within 7 business days of delivery are included. Material revisions beyond the original scope are handled at discounted rates for prior customers.
Full refund available before intake submission. 50% refund if cancellation requested before intake submission but after payment. No refunds once intake is submitted and drafting begins. Full refund if PolicyFoundry fails to deliver within ten business days of intake submission.
You do. Upon delivery and full payment, you receive a perpetual, non-exclusive license to use, modify, and distribute the policy within your organization. PolicyFoundry retains rights to the underlying methodology.
Each Guardian purchase covers one fintech entity. For multi-entity needs (parent companies with subsidiaries, or fintechs operating multiple regulated lines of business), contact hello@policyfoundry.ai and we'll structure a solution.
PolicyFoundry monitors the specific regulatory frameworks cited in your delivered Guardian policy. When a material regulatory change affects your policy's frameworks, you receive an email notification with guidance on whether your document requires a refresh or amendment. No portal login required.
Yes. Your intake responses are treated as confidential business information and are used solely to author your customized policy. Intake data is retained for 90 days after delivery for quality assurance purposes, then deleted. We do not share intake responses with third parties. See our Privacy Policy for full details.
Guardian maps to NIST AI RMF, SOC 2 Type II AI Control Gap Analysis, SEC RIA obligations, ISO/IEC 42001, NIST 800-53, EU AI Act 2024/1689, CFPB Circular 2022-03, ECOA, and state AI laws including Colorado SB 24-205. Each citation is tied to your specific intake responses, not applied generically.
Great question! Three things make Guardian regulator-defensible. First, the document is authored by a credentialed practitioner with verifiable credentials (CISSP, AAISM, CMMC CCP) and 20 years of federal GRC experience — not generated anonymously. Second, every regulatory citation is mapped to a specific framework an examiner can reference. Third, each delivered document carries a SHA-256 cryptographic fingerprint that proves the document has not been altered since delivery. Together these establish the authorship, framework alignment, and integrity that examiners look for.
Your Guardian policy is delivered as a snapshot of the regulatory environment at the time of authoring. New guidance published after delivery does not automatically update your policy. Regulation Watch ($249/year) provides ongoing monitoring of the frameworks cited in your delivered Guardian policy and notifies you when material regulatory changes affect your document. Without Regulation Watch, you would purchase an updated policy when material changes occur.
PolicyFoundry's About page (policyfoundry.ai/about) describes the credentials, federal GRC background, and methodology behind every delivered policy. For specific authorship or credential verification questions, email hello@policyfoundry.ai.
Yes. A sample policy is available at policyfoundry.ai/ai-sample-policy. The sample shows the structure, framework mappings, document control elements, and depth of analysis you can expect from your delivered policy.
PolicyFoundry uses Anthropic's Claude API as part of the drafting workflow. Your intake responses are transmitted to Anthropic for processing under Anthropic's commercial API terms, which prohibit use of API inputs for training. All AI-drafted content is reviewed and revised by a credentialed human practitioner before delivery — AI is the drafting instrument, not the author.
No. PolicyFoundry produces policy documentation; we do not provide legal, regulatory, or compliance advice. The delivered Policy is not a substitute for counsel from qualified attorneys familiar with your specific situation. Buyers should review the delivered Policy with their internal legal counsel or external compliance advisors before adoption.
You receive an email with a link to the 34-question intake form. The intake takes 10 to 15 minutes and requires no compliance expertise. Once submitted, your policy is drafted, reviewed by a credentialed practitioner, and delivered to your inbox within five business days.
Yes. Every PolicyFoundry document is authored by a CISSP, AAISM, CMMC CCP-credentialed practitioner with 20 years of federal GRC experience. Regulatory citations are mapped to your specific operating environment based on your intake responses. The SHA-256 document fingerprint provides cryptographic proof of integrity.
Minor clarifications and corrections within 7 business days of delivery are included. Material revisions beyond the original scope are handled at discounted rates for prior customers.
Full refund available before intake submission. 50% refund if cancellation requested before intake submission but after payment. No refunds once intake is submitted and drafting begins. Full refund if PolicyFoundry fails to deliver within ten business days of intake submission.
You do. Upon delivery and full payment, you receive a perpetual, non-exclusive license to use, modify, and distribute the policy within your organization. PolicyFoundry retains rights to the underlying methodology.
Each Guardian purchase covers one fintech entity. For multi-entity needs (parent companies with subsidiaries, or fintechs operating multiple regulated lines of business), contact hello@policyfoundry.ai and we'll structure a solution.
PolicyFoundry monitors the specific regulatory frameworks cited in your delivered Guardian policy. When a material regulatory change affects your policy's frameworks, you receive an email notification with guidance on whether your document requires a refresh or amendment. No portal login required.
Yes. Your intake responses are treated as confidential business information and are used solely to author your customized policy. Intake data is retained for 90 days after delivery for quality assurance purposes, then deleted. We do not share intake responses with third parties. See our Privacy Policy for full details.
Guardian maps to NIST AI RMF, SOC 2 Type II AI Control Gap Analysis, SEC RIA obligations, ISO/IEC 42001, NIST 800-53, EU AI Act 2024/1689, CFPB Circular 2022-03, ECOA, and state AI laws including Colorado SB 24-205. Each citation is tied to your specific intake responses, not applied generically.
Great question! Three things make Guardian regulator-defensible. First, the document is authored by a credentialed practitioner with verifiable credentials (CISSP, AAISM, CMMC CCP) and 20 years of federal GRC experience — not generated anonymously. Second, every regulatory citation is mapped to a specific framework an examiner can reference. Third, each delivered document carries a SHA-256 cryptographic fingerprint that proves the document has not been altered since delivery. Together these establish the authorship, framework alignment, and integrity that examiners look for.
Your Guardian policy is delivered as a snapshot of the regulatory environment at the time of authoring. New guidance published after delivery does not automatically update your policy. Regulation Watch ($249/year) provides ongoing monitoring of the frameworks cited in your delivered Guardian policy and notifies you when material regulatory changes affect your document. Without Regulation Watch, you would purchase an updated policy when material changes occur.
PolicyFoundry's About page (policyfoundry.ai/about) describes the credentials, federal GRC background, and methodology behind every delivered policy. For specific authorship or credential verification questions, email hello@policyfoundry.ai.
Yes. A sample policy is available at policyfoundry.ai/ai-sample-policy. The sample shows the structure, framework mappings, document control elements, and depth of analysis you can expect from your delivered policy.
PolicyFoundry uses Anthropic's Claude API as part of the drafting workflow. Your intake responses are transmitted to Anthropic for processing under Anthropic's commercial API terms, which prohibit use of API inputs for training. All AI-drafted content is reviewed and revised by a credentialed human practitioner before delivery — AI is the drafting instrument, not the author.
No. PolicyFoundry produces policy documentation; we do not provide legal, regulatory, or compliance advice. The delivered Policy is not a substitute for counsel from qualified attorneys familiar with your specific situation. Buyers should review the delivered Policy with their internal legal counsel or external compliance advisors before adoption.
You receive an email with a link to the 34-question intake form. The intake takes 10 to 15 minutes and requires no compliance expertise. Once submitted, your policy is drafted, reviewed by a credentialed practitioner, and delivered to your inbox within five business days.
Yes. Every PolicyFoundry document is authored by a CISSP, AAISM, CMMC CCP-credentialed practitioner with 20 years of federal GRC experience. Regulatory citations are mapped to your specific operating environment based on your intake responses. The SHA-256 document fingerprint provides cryptographic proof of integrity.
Minor clarifications and corrections within 7 business days of delivery are included. Material revisions beyond the original scope are handled at discounted rates for prior customers.
Full refund available before intake submission. 50% refund if cancellation requested before intake submission but after payment. No refunds once intake is submitted and drafting begins. Full refund if PolicyFoundry fails to deliver within ten business days of intake submission.
You do. Upon delivery and full payment, you receive a perpetual, non-exclusive license to use, modify, and distribute the policy within your organization. PolicyFoundry retains rights to the underlying methodology.
Each Guardian purchase covers one fintech entity. For multi-entity needs (parent companies with subsidiaries, or fintechs operating multiple regulated lines of business), contact hello@policyfoundry.ai and we'll structure a solution.
PolicyFoundry monitors the specific regulatory frameworks cited in your delivered Guardian policy. When a material regulatory change affects your policy's frameworks, you receive an email notification with guidance on whether your document requires a refresh or amendment. No portal login required.
Yes. Your intake responses are treated as confidential business information and are used solely to author your customized policy. Intake data is retained for 90 days after delivery for quality assurance purposes, then deleted. We do not share intake responses with third parties. See our Privacy Policy for full details.
Guardian maps to NIST AI RMF, SOC 2 Type II AI Control Gap Analysis, SEC RIA obligations, ISO/IEC 42001, NIST 800-53, EU AI Act 2024/1689, CFPB Circular 2022-03, ECOA, and state AI laws including Colorado SB 24-205. Each citation is tied to your specific intake responses, not applied generically.
Great question! Three things make Guardian regulator-defensible. First, the document is authored by a credentialed practitioner with verifiable credentials (CISSP, AAISM, CMMC CCP) and 20 years of federal GRC experience — not generated anonymously. Second, every regulatory citation is mapped to a specific framework an examiner can reference. Third, each delivered document carries a SHA-256 cryptographic fingerprint that proves the document has not been altered since delivery. Together these establish the authorship, framework alignment, and integrity that examiners look for.
Your Guardian policy is delivered as a snapshot of the regulatory environment at the time of authoring. New guidance published after delivery does not automatically update your policy. Regulation Watch ($249/year) provides ongoing monitoring of the frameworks cited in your delivered Guardian policy and notifies you when material regulatory changes affect your document. Without Regulation Watch, you would purchase an updated policy when material changes occur.
PolicyFoundry's About page (policyfoundry.ai/about) describes the credentials, federal GRC background, and methodology behind every delivered policy. For specific authorship or credential verification questions, email hello@policyfoundry.ai.
Yes. A sample policy is available at policyfoundry.ai/ai-sample-policy. The sample shows the structure, framework mappings, document control elements, and depth of analysis you can expect from your delivered policy.
PolicyFoundry uses Anthropic's Claude API as part of the drafting workflow. Your intake responses are transmitted to Anthropic for processing under Anthropic's commercial API terms, which prohibit use of API inputs for training. All AI-drafted content is reviewed and revised by a credentialed human practitioner before delivery — AI is the drafting instrument, not the author.
No. PolicyFoundry produces policy documentation; we do not provide legal, regulatory, or compliance advice. The delivered Policy is not a substitute for counsel from qualified attorneys familiar with your specific situation. Buyers should review the delivered Policy with their internal legal counsel or external compliance advisors before adoption.