CIIAA
The CIIAA (Confidentiality, Invention, and Intellectual Property Assignment Agreement) is a legal agreement you must sign before starting work on any project.What Is a CIIAA?
The CIIAA is a comprehensive agreement that covers:- Confidentiality: Protecting client information
- Invention Assignment: Ownership of work products
- Intellectual Property: Rights to created materials
- Non-Disclosure: Keeping project details private
Why Is It Required?
Protects Clients
Ensures their confidential information stays private
Protects You
Clarifies your obligations and limits liability
Enables Trust
Allows clients to share sensitive access and data
Legal Clarity
Establishes clear terms before work begins
Key Sections
Confidentiality
What you agree to keep confidential:- Client’s proprietary information
- Technical details about their systems
- Business information and strategies
- Security findings and vulnerabilities
- Any information marked confidential
Intellectual Property Assignment
Work products you create belong to the client:- Reports and documentation
- Scripts and tools created for the project
- Findings and recommendations
- Any deliverables specified in scope
Non-Solicitation
Restrictions on:- Soliciting client’s employees
- Directly approaching client outside the platform
- Competing services during the engagement
Non-Disclosure
You agree not to:- Publicly disclose the engagement
- Share findings without permission
- Use client’s name without approval
- Discuss project details with third parties
Signing the CIIAA
1
Selection Notification
You receive notification that you’ve been selected for a project
2
CIIAA Generated
A CIIAA is prepared with project-specific details
3
Review
Read the agreement carefully before signing
4
E-Sign
Sign electronically using your legal name
5
Confirmation
You receive a signed copy via email
How to Sign
- Navigate to the CIIAA from your notification or project page
- Read each section thoroughly
- Scroll to the signature section
- Type your full legal name as your signature
- Click “Sign Agreement”
- Download a copy for your records
Understanding Your Obligations
What You Can Do
Use your general expertise and knowledge
Apply common security methodologies
Use your own pre-existing tools
List the engagement on your resume (if permitted)
What You Cannot Do
After the Project
Data Retention
When the project ends:- Delete all local copies of confidential data
- Remove stored credentials
- Clear browser caches with client data
- Securely destroy any physical notes
Ongoing Obligations
Some obligations continue after project completion:- Confidentiality (typically 2-5 years)
- Non-disclosure of findings
- Non-solicitation period
Common Questions
Can I negotiate the CIIAA terms?
Can I negotiate the CIIAA terms?
CIIAAs are standardized for consistency. Significant modifications are rare but can be discussed with platform ops for enterprise projects.
What if I already have a similar agreement with the client?
What if I already have a similar agreement with the client?
FlexDuty’s CIIAA is specific to work done through the platform. Existing agreements may run parallel.
Can I use findings in my portfolio?
Can I use findings in my portfolio?
Only with explicit written permission from the client and proper anonymization. The default answer is no.
What happens if I violate the CIIAA?
What happens if I violate the CIIAA?
Violations can result in account termination, legal action, and financial liability. Take obligations seriously.
Who enforces the CIIAA?
Who enforces the CIIAA?
The CIIAA is a contract between you and the client, with FlexDuty as facilitator. Enforcement is a legal matter.
Viewing Signed CIIAAs
Access your signed agreements:- Go to Profile > Documents
- Or navigate to flexduty.com/sellers/ciiaa
- View and download any signed CIIAA