Frequently Asked Questions

BESTcyberIQ is a NIST CSF 2.0 self-assessment platform built for small and mid-size businesses. It helps you measure your cybersecurity maturity, identify gaps, and get prioritized recommendations — without needing a dedicated security team or hiring a consultant.

Most users complete the full assessment in 20-30 minutes. The assessment covers 98 questions across six NIST CSF 2.0 security domains. You can save your progress and return to it later.

Yes. The assessment is built directly on the NIST Cybersecurity Framework 2.0, covering all six functions: Govern (GV), Identify (ID), Protect (PR), Detect (DE), Respond (RS), and Recover (RC). Our 5-level maturity model measures not just whether a control exists, but how consistently it is implemented, documented, and verified — which is what auditors and insurers look for.

BESTcyberIQ assessments are informational and are designed to help you understand and improve your security posture. While the results can support compliance conversations and help prepare for cyber insurance applications, BESTcyberIQ does not issue compliance certifications. Always consult a qualified professional for formal compliance requirements.

The Free plan includes one assessment, your overall maturity score, and your top 3 priority recommendations. The Pro plan includes unlimited assessments, all 98 gap-based recommendations, a full white-labeled PDF report, compliance gap analysis, cyber insurance readiness score, trend tracking across assessments, and a recommendations PDF export. See our pricing page for full details.

Yes. Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure, encrypted at rest and in transit using TLS 1.2 or higher. Access is restricted by Row Level Security policies — you can only access your own data. We do not share your assessment data with third parties or advertisers.

No. Your assessment responses, scores, and recommendations are private to your account. We do not sell your data, share it with advertisers, or provide it to third parties. See our Privacy Policy for full details.

We collect your email address, company name, and your assessment responses. Payment information is processed directly by Stripe — we never store or access your card details. See our Privacy Policy for the full list.

No. The Free plan requires no credit card. The 14-day Pro trial also requires no credit card — just sign up and start. A credit card is only required when you upgrade to a paid Pro subscription.

You can cancel at any time from your Profile page under the License section. Click "Manage Subscription" to access the Stripe Customer Portal where you can cancel, update your payment method, or view invoices. Cancellation takes effect at the end of your current billing period.

We do not offer refunds for partial billing periods. If you have an issue with your subscription, contact us at william@bestcyberiq.com and we will do our best to help.

Your account and assessment history remain accessible until your subscription ends. If you delete your account, we retain your data for 30 days in case you change your mind — after that it is permanently deleted. See our Privacy Policy for details.

Currently BESTcyberIQ supports one user account per organization. Multi-user organization access is on our roadmap and coming soon.

Yes. Pro users can take unlimited assessments. Each assessment is saved separately so you can track your improvement over time. Free users are limited to one assessment.

After completing an assessment, go to the assessment detail page and click "Get Your Full Report." The PDF is generated on demand and includes your scores, maturity ratings, responses, and prioritized recommendations. PDF reports are a Pro feature.

Email us at william@bestcyberiq.com — we respond to all inquiries, typically within one business day.