NDA and IP
Every engagement starts with mutual confidentiality. IP goes to the client without exception.
NDA-by-default at first contact. We sign the lab's standard NDA if available; otherwise we provide a clean mutual NDA within 24 hours.
Full IP assignment to the client on every engagement. No carve-outs, no retained licenses.
Confidentiality obligations survive the contract. Engineer-level NDAs mirror the engagement term and extend beyond it.
Sub-processor list provided up front. No surprises in the vendor review - every third-party tool disclosed before work begins.
Security posture
SOC 2-aligned operations across access control, change management, and incident response.
SOC 2-aligned operating procedures across access control, change management, vendor management, and incident response.
Engineer onboarding includes signed confidentiality, security training, and access provisioning per principle of least privilege.
Endpoint controls: managed devices, full-disk encryption, MDM, automatic patching.
Secrets management via standard enterprise tools.
All work happens in isolated project environments - no cross-client data co-mingling.
Data Handling
Delivery, residency, and lifecycle controls structured around your requirements, not ours.
Default delivery via the client's preferred system - S3, Snowflake, internal API, signed-URL download, or equivalent.
Data residency options for engagements that require geographic or jurisdictional constraints.
Deletion certificates issued on project close or on request. Written confirmation that data has been purged from all systems.
Audit logs maintained for the engagement lifecycle. Available to the client on request within the retention window.
Background
checks
Standard background checks for every engineer working on the engagement. Enhanced screening available for engagements with elevated security requirements - including criminal history, employment verification, and education checks across relevant jurisdictions.
Structures We Sign
We work within whatever contracting framework your procurement team requires.
Master Services Agreement + Statements of Work (preferred).
Per-project fixed-fee contracts.
Per-task pricing with throughput SLAs.
Hourly engagements for evaluation and consulting work.
