Policy

How we handle confidentiality.

Senior practitioners work with sensitive systems for a living. The disciplines below are what we treat as table stakes — not extras. Every engagement starts from this floor; we tighten it from there based on your scope.

What you can expect

Five things, on every engagement.

01
NDA-first

Every engagement starts under one. Yours or ours, whichever is faster.

02
Single named owner

Same person from intake through operate. No handoffs, no “account team” rotation.

03
Segregated storage

Your data lives in its own encrypted scope, not a shared notebook.

04
Documented retention

We hold what we need to do the work, only as long as we need it — on a written schedule.

05
Quiet by default

No client names, logos, or anecdotes shared without explicit, written permission.

NDA flow

Mutual non-disclosure, on day one.

We work under your NDA or ours, whichever is faster. Our standard NDA is a two-page mutual non-disclosure suitable for commercial-grade engagements.

For DoD-adjacent, federal, state, or family-office work, we execute your form — including agreements requiring CUI or FCI handling, retention restrictions, and named-individual designations.

We do not subcontract sensitive engineering or security work to third parties.

Data retention

What we keep, and for how long.

  • DuringArtifacts encrypted at rest (AES-256), in transit (TLS 1.3). Access scoped to the named owner; least-privilege defaults.
  • AfterArtifacts retained 90 days for handoff and reference, then deleted on a documented schedule. Earlier deletion on request.
  • SecretsProduction credentials, API keys, and tokens are rotated at engagement end. We do not retain them.
Secure channels

How to reach us, securely.

  • EMAILinfo@llabtechnologies.com — default channel.
  • SIGNALAvailable on request after first contact. Not published publicly.
  • PGPPublic key available on request. Encrypted email accepted.
  • WIREEncrypted Wire / Element room stood up where end-to-end encrypted messaging is required.
  • PHYSSigned documents and hardware shipped with tracked chain-of-custody.
Lines we don’t cross

What we won’t do with your information.

The hardest part of a confidentiality posture isn’t the encryption — it’s the discipline. These are the lines we don’t cross, ever.

We don’t share client names, logos, or case summaries without written permission — including in pitches, on this site, and in conversations with prospects.
We don’t subcontract sensitive engineering or security work to third parties. The senior practitioner you meet is the senior practitioner who does the work.
We don’t use proprietary client code or data to train models, write blog posts, or seed product features.
We don’t accept engagements that conflict with active client work. We screen for it at intake and disclose anything material before signing.
We don’t retain production credentials after the engagement ends. Rotation is part of close-out.

Ready when you are.

Every engagement begins with a confidential conversation under NDA. Response within one business day.

Request confidential intake → See services