Security & data handling

How we handle your information.

The items most often raised in pre-engagement security reviews and vendor assessments, up front. This page describes our standard practice — the terms of each individual contract take precedence.

01 — NDA The NDA can be signed before the first conversation — your template works too.
02 — DATA Retention and destruction rules for your data are written into the contract, not promised verbally.
03 — THIRD PARTIES Work involving information that could identify you is never subcontracted without your prior consent.

Commitments in the contract.

Information handling is fixed as contract clauses, not best effort. Below are our standard terms — a starting point; the individual contract takes precedence.

ItemStandard terms (the individual contract takes precedence)
NDA Standard two-party NDA, available before the first conversation. Client-side NDA templates accepted
Data handling Post-engagement retention and destruction rules stated in the contract. At closeout, data is returned or destroyed — with a destruction report on request
Subcontracting Work involving information that could identify you is never subcontracted without your prior consent
Incident notice If an incident on LV3's side ever involves your information, we notify you promptly
Other clients' information We never disclose other clients' engagement details — figures, names, specifics — even after an NDA. Your information is held to the same standard

For the full contract structure and termination terms, see how we work.

Daily practice.

A remote-first operation, run under these rules.

DEVICES

Devices

Work devices use full-disk encryption, with operating systems and software kept up to date.

ACCOUNTS

Authentication

Multi-factor authentication (MFA) is mandatory on work accounts.

LEAST PRIVILEGE

Least privilege

Access to client environments is limited to the people who need it, for the period they need it.

TRANSFER

Data transfer

We follow the transfer methods and environments you specify — including encrypted channels and access-controlled locations.

ENVIRONMENT

Work environment

Where you provide devices or a designated environment, we work within it. Otherwise, work stays on company-managed devices, kept organized and identifiable per engagement.

PHYSICAL

Physical & screens

We avoid taking paper out, and work where screens and documents are not visible to third parties.

Drafting questionnaire responses.

We respond to your security checksheets and vendor assessments. Just let us know.

This page, as a PDF.

A PDF of this page, ready to attach to your internal security review or approval workflow.

Ask us anything about security.

Checksheet response requests, NDA and contract questions — this form is the place.