We collect only what we need to scope and deliver your engagement. Access is limited, storage is logged, and materials are redacted where possible.
Contact details (name, work email, company, role)
Scope inputs (risk questions, cities/sites, timing)
Evidence excerpts needed for sampling and tie-outs (redacted where feasible)
Read-only data rooms when possible
Encrypted storage with access logs during the engagement
Separate workspaces per client and per engagement
A small team assigned to your engagement (need-to-know only)
Senior CPA reviewer for quality control
No subcontractors without your written consent
Working set kept for the life of the engagement
Retention period stated in the proposal; default 180 days after final delivery
Secure deletion and certificate on request
Please prefer redacted documents for scoping
Remove personal identifiers unless essential to the tests
We will re-request only what is necessary to complete procedures
Primary processing in China (UTC+8) for on-site work
Cross-border sharing only when required by your team and agreed in writing
No vendor marketing or data resale, ever
Principle of least privilege; MFA on all admin accounts
Access logs reviewed during fieldwork; role-based permissions
Encrypted storage and transport; no portable media transfers
Mutual NDA on request
Mirror copy of submitted files (read-only)
Named-user access lists for your review at any time
We will notify your designated contact without undue delay
Provide timeline, scope of impact, and actions taken
Pause non-essential work until we align on next steps
See also Independence → /independence.
Questions or DSRs (access/correct/delete)? /contact