Legal

Cyber Craft Solutions, LLC is committed to operating with full legal integrity, ethical standards, and transparency. This page provides a high-level overview of the legal framework that governs our cybersecurity consulting services. We are based in Lancaster, PA and provides cybersecurity services under full legal and ethical compliance with U.S. regulations and Pennsylvania law.

Complete legal terms, including Master Service Agreements (MSAs), are provided prior to engagement.

Client Agreements & Confidentiality

Before any work begins, we require a signed agreement that outlines:

  • ✅ Scope of work, deliverables, and timelines
  • ✅ Authorization for any security testing or vulnerability scanning
  • ✅ Strict confidentiality provisions to protect sensitive data

We maintain strong non-disclosure practices to ensure client information is never shared or misused.

Compliance Responsibilities

We support clients in meeting various regulatory frameworks, including:

  • PCI DSS – Payment card and transaction security
  • HIPAA – Healthcare and patient data protection
  • PII/Data Privacy – Protection of personal and customer data

We help assess compliance gaps and provide recommendations, but compliance implementation and ongoing adherence remain the client’s responsibility.

Risk & Liability Disclaimer

Cybersecurity is about managing—not eliminating—risk. While our services significantly reduce exposure, no system can be guaranteed 100% secure.

  • We are not liable for any incidents before, during, or after our engagement
  • Clients are responsible for implementing the recommendations we provide
  • Liability is limited to the scope and duration of our agreed-upon services

Ethical Hacking & Testing Authorization

We only perform penetration testing and assessments with explicit written consent.

  • 🚫 No unauthorized testing—ever
  • 🔐 Responsible disclosure: All findings are shared only with the client
  • 📜 All engagements comply with applicable laws, including the Computer Fraud and Abuse Act (CFAA)

We strictly follow ethical hacking standards and document all testing procedures.

Data Privacy & Professional Ethics

  • No client data is shared with third parties without explicit permission
  • All reports and assessments are confidential and protected under NDA
  • We uphold the highest standards of professionalism, privacy, and integrity in all engagements

📩 Questions?

If you have any questions about our legal policies, engagement structure, or security ethics, don’t hesitate to contact us. We’re always happy to provide clarity.