Legal
Plain-English overview of how we work—agreements, authorizations, and boundaries. This page is informational, not legal advice.
Client agreements & confidentiality
- Signed scope of work with deliverables and timelines
- Written authorization for any testing or scanning
- NDA and strict confidentiality for all artifacts
Ethical testing & authorization
- No unauthorized testing—ever
- Findings shared only with the client (responsible disclosure)
- All work complies with applicable laws (incl. CFAA)
Compliance responsibilities
We assess against PCI DSS, HIPAA, CMMC L2, NIST CSF, and CIS Controls, and provide practical remediation steps. Implementation and ongoing adherence stay with the client.
Risk & liability
- Security reduces risk; it cannot guarantee prevention
- Client is responsible for implementing recommendations
- Liability is limited to the agreed scope and term
Data privacy & professional ethics
- No client data is shared with third parties without explicit permission
- All reports and evidence remain confidential under NDA
- We apply least-privilege access and secure handling of artifacts
Jurisdiction: We operate from Lancaster, Pennsylvania, under U.S. and PA law. Formal terms (MSA/SOW/NDA) are provided prior to engagement. This page is informational and not a substitute for legal counsel.