For your legal team

Everything your GC needs, in one place.

I operate as an independent contractor under English common law. Below is the full posture, engagement model, NDA, DPA, and references. Printable to PDF for internal review.

Entity

Independent contractor. Fredrick Gichuki, Nairobi, Kenya.

Governing law

English common law. Arbitration via NCIA, Nairobi. Alternative governing law negotiable in the SOW.

Insurance

Professional indemnity insurance maintained.

Data residency

I work within your existing tool stack. Your data never lives in my infrastructure.

Mutual Non-Disclosure Agreement

I sign a mutual NDA before the first brief. The summary terms:

  • Effective date: the date of the first brief, or the date signed, whichever is earlier.
  • Confidential information: inbox contents, calendar entries, contact lists, financial data, strategic plans, and any material marked confidential by either party.
  • Permitted use: solely for performing the scoped engagement. No secondary use, no training of third parties, no transfer.
  • Term: obligations survive termination of the engagement indefinitely.
  • Return/destruction: within 7 days of termination, at your direction.
  • Remedies: equitable relief (injunction) available in addition to damages, under English common law.

I can sign your standard NDA in place of mine where your legal team requires it.

Data Processing Agreement

I comply with the Kenya Data Protection Act, 2019 and the EU General Data Protection Regulation (GDPR) where applicable. Summary terms:

  • Roles: you are the data controller; I am the data processor.
  • Storage: I do not store your data in my infrastructure. I work within your existing tool stack (Google Workspace, Outlook, Notion, etc.).
  • Access: least-privilege. I take only the tool access required for the scoped work. Audited quarterly.
  • Transmission: all session traffic encrypted in transit (TLS 1.2+).
  • Sub-processors: none. I do not engage sub-processors without your prior written consent.
  • International transfers: governed by the Kenya DPA 2019 and applicable GDPR mechanisms (SCCs where required).
  • Breach notification: within 72 hours of discovery.
  • Regulated industries: SOC 2-aligned controls, HIPAA-aligned handling for healthcare, and separate admin credentials for finance-sector work on request.
  • Deletion: on termination, all confidential information returned or destroyed at your direction within 7 days.

Full Terms of Service

The complete Terms, engagement model, fees, trial and scaling, termination, liability, IP, and dispute resolution, are on the Terms page.

Read the full Terms

References

Verifiable references from prior principals are available on request after our first call, under mutual NDA. I do not publish client names publicly, the engagements are confidential by design.

Questions for your legal team?

Email me directly, I reply within one business day.

fredrickgichuki160@gmail.com

For legal notices, mark the subject line “Legal Notice.”