Rules of Engagement

NDA before any technical discussion.

No scoping call, system prompt review, architecture conversation, or sample data exchange takes place before a mutual NDA is signed. This applies to all engagement types including evaluations and pre-sales conversations.

Written authorization before any test.

Every system, endpoint, and asset to be tested is listed in writing in the Statement of Work. We do not test based on verbal scope. We do not extend scope mid-engagement without a written amendment.

Third-party authorization where required.

If your engagement involves testing systems owned by a third party (vendor APIs, hosted services, customer data), we require evidence of authorization from that party before testing begins. We will pause an engagement to obtain this if it surfaces mid-work.

Named test windows.

Production testing occurs only during pre-agreed windows documented in the SOW. We do not test outside these windows even if convenient or if we discover a finding that ‘just needs one more check.’

Scope is defined by inclusion, not exclusion.

The Statement of Work names every asset, endpoint, and system class included in testing. Anything not named is out of scope by default — there is no ‘we’ll assume it’s fine to test.’ Out-of-scope discoveries are reported, not exploited.

Engagement type determines depth.

Pre-launch audits, continuous red-team retainers, and incident response engagements have different depths of testing. Each is documented separately in the SOW with explicit techniques and intensity allowed.

Scope changes require written amendment.

If something we discover suggests broader testing is warranted, we stop, document the finding, and request a scope amendment. We do not act on ‘we should probably also check…’ impulses without paperwork.

Time-box, not scope-box.

Engagements have fixed time windows. If scope expands inside the time-box, we negotiate either an extension or a deferral — never silent overrun.

Encryption in transit and at rest.

All engagement materials (sample data, system prompts, configurations, findings) are transmitted via encrypted channels and stored encrypted at rest on infrastructure under our direct control. No client data crosses our systems unencrypted.

Access on a need-to-have basis.

Engagement materials are accessible only to the named practitioners assigned to your engagement. We do not pool data across engagements. We do not use client data to improve internal tooling without explicit written consent.

30-day retention default.

All engagement materials are deleted 30 days after engagement close, by default. Extended retention is available on written request and documented in the SOW. Retention applies to source materials, findings drafts, and working data — final reports may be retained at the client’s direction.

No client data in our AI tooling.

Client data, system prompts, and engagement materials are never submitted to third-party LLM providers. Where AI tooling is used during engagements, it runs on infrastructure under our control with explicit client consent documented in the SOW. We do not train models on client data.

Access revocation on close.

Credentials, VPN access, system accounts, and any other access provisioned for the engagement is revoked within 4 hours of engagement close. We provide a written confirmation of revocation as part of engagement closure.

Daily async updates during active engagements.

Each engagement day produces a written async update by 18:00 in the client’s timezone: work performed, findings discovered, next-day plan. No silent days.

Findings communicated as discovered, not held.

Findings of severity HIGH or above are communicated within 24 hours of discovery, regardless of where we are in the engagement. We do not hold critical findings for the final report. For CRITICAL findings, within 4 hours.

Out-of-band channel for critical issues.

Every engagement designates an out-of-band communication channel (Signal, encrypted email, or equivalent) for findings that cannot wait for normal channels. This channel is verified during engagement setup, not improvised during a crisis.

Named primary contact, named backup.

Every engagement has a named primary client contact and a named backup. We do not route findings through general inboxes or shared aliases. Changes to contact assignment require written notice.

Engagement findings stay confidential.

Findings from a paid engagement are confidential to that client and remain so indefinitely unless the client explicitly consents to publication.

Sanitized publication only with consent.

Where we wish to publish anonymized case studies from real engagements, we strip all client identifiers, modify non-essential technical details, and obtain written client approval before publication. No finding is published without explicit consent.

Third-party vulnerabilities trigger coordinated disclosure.

If during an engagement we discover a vulnerability in a third-party product (vendor, library, framework) that affects more than just our client, we initiate coordinated disclosure with that vendor — never sold, never leveraged, never weaponized. Default window is 120 days. See /legal for the full disclosure policy.

We do not sell or leverage findings.

Findings discovered on paid engagements are not used as leverage in business development, marketing collateral, or sales conversations with other prospects. They do not appear in pitch decks. They are not ‘aged out’ into reusable content.

Active competitor conflicts.

We do not run concurrent engagements for direct competitors in the same product category. If we are engaged with one party, we will not accept an engagement from their direct competitor for the duration of the engagement plus 90 days.

Vendor conflicts.

If we have any financial relationship with a vendor whose product is in scope for an engagement, we disclose it in writing before the SOW is signed. Material conflicts (equity, paid advisorship) disqualify us from testing that vendor.

Personal conflicts.

Investigators with personal relationships to client staff (family, current or former romantic partners, close personal friends) recuse from those engagements. Recusal does not affect the firm’s ability to take the engagement with different staff.

Ongoing disclosure.

Conflicts that surface mid-engagement are disclosed in writing within 24 hours of becoming known. The client decides whether the engagement continues.