DATA & PRIVACY

Your data. Your rules.

Clear expectations for how client information is handled during scoped engagements, before work begins, not after.

Handling overview

engagement-scope · sample

Sample
Scope
Per engagement agreement
Retention
Agreed upfront
Ownership
Client-owned deliverables

How data moves through an engagement

Data through the engagement

Collect, process, hand over

  1. 01

    Collect

  2. 02

    Process

  3. 03

    Handover

Fixed scopeConfidentialYou own the outputs
01

Collect only what scope needs

URLs, access, SIEM configs, and nothing beyond the engagement.

02

Process in agreed boundaries

Confidential handling throughout. Subprocessors only where we agree them upfront.

03

Hand back, then delete or retain per contract

You own deliverables. Retention terms are written down upfront.

Three commitments

Data minimisation

We only request information required for agreed scope, not a broad data grab.

Confidentiality by default

Reports and evidence are sensitive client material. Expectations agreed before delivery.

You stay in control

Retention, access, and deletion requirements can be agreed before work begins.

What happens to your data?

During an engagement, Noctulux handles information according to the agreed scope and confidentiality expectations. That may include application details, environment access, SIEM configuration, or materials needed to produce your report, roadmap, or handover documentation. Retention, access, and deletion requirements are agreed before delivery.

Handling checklist

  • Data minimisation by default
  • No third-party sharing without disclosure
  • Retention and deletion per engagement terms
  • Processing records available on request

Compliance & frameworks

We design with GDPR in mind, and support customers navigating NIS2 and regional data protection frameworks. Noctulux does not provide legal or compliance certification. Handling terms are agreed per engagement.

Plan a conversation