Collect only what scope needs
URLs, access, SIEM configs, and nothing beyond the engagement.
DATA & PRIVACY
Clear expectations for how client information is handled during scoped engagements, before work begins, not after.
Handling overview
engagement-scope · sample
Data through the engagement
Collect, process, hand over
Collect
Process
Handover
URLs, access, SIEM configs, and nothing beyond the engagement.
Confidential handling throughout. Subprocessors only where we agree them upfront.
You own deliverables. Retention terms are written down upfront.
Three commitments
We only request information required for agreed scope, not a broad data grab.
Reports and evidence are sensitive client material. Expectations agreed before delivery.
Retention, access, and deletion requirements can be agreed before work begins.
What happens to your data?
During an engagement, Noctulux handles information according to the agreed scope and confidentiality expectations. That may include application details, environment access, SIEM configuration, or materials needed to produce your report, roadmap, or handover documentation. Retention, access, and deletion requirements are agreed before delivery.
Handling checklist
We design with GDPR in mind, and support customers navigating NIS2 and regional data protection frameworks. Noctulux does not provide legal or compliance certification. Handling terms are agreed per engagement.
Plan a conversationOther topics
Privacy
Data & privacy
Data handling per assignment. Clear agreements upfront. You own the outputs.
Scope-first
How we work
Clear assignments with fixed outputs. Boundaries agreed before work starts.
ReadOps discipline
How we operate securely
Secure by design, transparent by default. Operational discipline for client data and findings.
Read