Data access is scoped and time-limited
We access only the systems and data required for the defined engagement scope. Access is revoked at engagement closeout. No standing access to any client system.
We take data security and client confidentiality seriously. Here is exactly how we handle your data during an engagement.
We access only the systems and data required for the defined engagement scope. Access is revoked at engagement closeout. No standing access to any client system.
All client data collected during an engagement is deleted within 30 days of closeout. We do not retain samples, snapshots, or derived data beyond the retention period.
All intelligence analysis is currently conducted by senior engineers using isolated, non-networked analysis environments where possible. No client data is used to train models or improve automated systems.
All deliverables are treated as confidential client information. We do not publish case studies, reference engagements, or cite specific findings without explicit written approval.
We do not install agents, deploy monitoring, or add telemetry to your systems. All analysis is performed on data you provide through existing exports, access, or documentation.
All engagements commence under a mutual NDA. Data processing, confidentiality, and liability terms are defined in the Statement of Work before any work begins.
Important note
We are not a SOC 2 or ISO 27001 certified organisation. We are a small engineering consultancy. If your procurement requires formal certification, we may not be the right fit. We are transparent about this because trust requires honesty — not compliance badges.
Contact us to discuss your specific security requirements before the engagement.