Will you tell my regulator, insurer, or the press?

No. Nothing leaves this channel without your explicit consent. We don't notify regulators, file insurance claims, or speak to media on your behalf.

Are you law enforcement?

No. We are a private incident-response practice. We don't share details with law enforcement unless you instruct us to.

How much does this cost?

Triage is free. After we understand the situation, we quote a fixed scope. Most engagements are completed for a single defined fee, paid on completion.

What should I do right now, before opening the channel?

Don't power off affected machines, don't wipe or reinstall, don't reply to the attacker, don't change passwords company-wide yet. Open the channel first; we'll guide the next 30 minutes.

How fast do you respond?

Median first response is under 5 minutes during active hours. If we're momentarily offline, an alert reaches a responder's phone immediately.

Legal · 06

Engagement Agreement

Last updated · 30 May 2026

This Engagement Agreement (the "Agreement") is a short, client-facing document signed before paid incident response work begins. It is supplemented by, and read together with, the Terms of Service, Confidentiality Policy, Acceptable Use Policy, and Privacy Policy. Where there is conflict, this Agreement prevails for the specific engagement to which it applies.

1. Parties

This Agreement is between:

Hackastra: Hackastra Infosec FZ-LLC, a free-zone limited liability company registered in the United Arab Emirates ("Hackastra").
Client: [Full legal name], [Registration number, if any], [Registered address] (the "Client").

Each a "Party", together the "Parties".

2. Engagement scope

Hackastra will provide the following services to the Client (the "Services"):

Incident type: [e.g. ransomware response / data leak triage / impersonation take-down].
In-scope systems / assets: [list].
Key activities: [triage, containment, forensic analysis, take-down, remediation guidance, etc.].
Deliverables: [e.g. findings report, indicators of compromise, remediation plan].
Out of scope: [anything the Parties want to exclude].
Estimated timeline: [start date / target completion].

Changes to scope are made in writing (email is sufficient) and may be subject to a revised fee.

3. Fees & payment

Engagement fee: [AED / USD amount] for the scope above, fixed unless changes are agreed.
Retainer / deposit: [percentage or amount], payable on signing; work begins on receipt.
Balance: due within fourteen (14) days of issue of the final invoice.
Out-of-pocket costs: reasonable pre-approved costs (for example, specialist vendor fees) are billed at cost.
Taxes: fees exclude any applicable VAT or withholding tax.

4. Confidentiality

Each Party shall keep confidential the existence and contents of this Agreement and any information of the other Party received in connection with the Services. Hackastra's additional confidentiality commitments are set out in its Confidentiality Policy, which forms part of this Agreement. These obligations survive termination indefinitely.

5. Client cooperation

The Client will:

Provide reasonable access, information, and authorisations needed to perform the Services.
Designate a primary point of contact authorised to give instructions and approve scope changes.
Comply with the Acceptable Use Policy.
Confirm that the Client owns or is authorised to engage Hackastra in respect of the in-scope systems.

6. No guarantee of outcomes

The Services are performed on a best-efforts basis. Hackastra does not guarantee recovery of data, restoration of systems, removal of any threat actor, identification of attackers, or prevention of future incidents.

7. Limitation of liability

To the maximum extent permitted by UAE law, Hackastra's aggregate liability under or in connection with this Agreement — whether in contract, tort (including negligence), statute, or otherwise — shall not exceed the engagement fee actually paid by the Client to Hackastra under this Agreement. Hackastra is not liable for indirect, incidental, consequential, special, exemplary, or punitive damages, lost profits, lost data, loss of business, or reputational harm.

8. Term & termination

This Agreement starts on the date signed by both Parties and continues until the Services are complete, or until terminated. Either Party may terminate this Agreement at any time by written notice. Fees for work properly performed up to termination remain due. Confidentiality, limitation of liability, and any other clauses intended to survive termination shall do so.

9. Governing law & jurisdiction

This Agreement is governed by the laws of the United Arab Emirates as applicable in the free zone in which Hackastra is registered. The courts of the United Arab Emirates have exclusive jurisdiction over any dispute arising out of or in connection with this Agreement, save that either Party may seek injunctive or interim relief in any court of competent jurisdiction to protect its confidential information or intellectual property.

10. Entire agreement

This Agreement, together with the documents it incorporates by reference, constitutes the entire agreement between the Parties in relation to the Services and supersedes all prior discussions and proposals. Amendments are only effective if made in writing and signed by both Parties.

11. Signatures

Signed for and on behalf of the Parties:

Hackastra

Name: ___________________________

Title: ___________________________

Date: ___________________________

Signature: ______________________

Client

Name: ___________________________

Title: ___________________________

Date: ___________________________

Signature: ______________________

12. Contact

Questions about this Agreement: legal@hackastra.com.