Solanasis Docs

README

2 min read

Solanasis — Client Legal Documents

Document Set

#DocumentPurposeWhen to Use
01Mutual NDAProtect confidential information before substantive discussionsBefore first real conversation about client infrastructure
02ORB Engagement AgreementFull engagement terms — scope, fees, liability, IP, everythingBefore starting the Resilience Checkup
03Change Order TemplateModify scope, fees, or timeline of an active engagementDuring engagement if complexity uplifts or scope changes arise
04Friendly Services Hold HarmlessIndemnification for informal, goodwill tech work (friends, favors)Before doing any informal IT/tech work — e.g., setting up OpenCLAW, configuring systems

Signing Order

  1. NDA first — Share and sign before discussing any client infrastructure details
  2. Engagement Agreement — Sign when the client is ready to proceed. Collect 50% upfront payment.
  3. Change Orders — Only if needed during the engagement (e.g., Day 2 complexity discovery)

Usage Notes

  • Fill in all [bracketed] fields before sending to a client
  • Replace [ADDRESS PLACEHOLDER] with Solanasis’s registered business address once available
  • These documents are designed for e-signature platforms (DocuSign, PandaDoc, HelloSign, etc.)
  • Get attorney review before first use — these are well-researched templates but have not been reviewed by licensed counsel
  • Colorado law governs all documents
  • Reference the ORB Pack (playbooks/solanasis_orb_pack_v2/) for the Access Checklist and Intake Form mentioned as exhibits
  • The Engagement Agreement (02) supersedes the older SOW template in the ORB Pack (14_SOW_Template.md). Use the Engagement Agreement for all new client engagements — it includes the SOW scope plus full legal protections (liability cap, IP, dispute resolution, insurance, etc.) that the older template lacked

Design Decisions

  • Combined engagement agreement (not separate MSA + SOW) for speed and SMB-friendliness
  • Dual-layer plain language — each section has a “In plain terms” summary + precise legal terms
  • Colorado-specific: no non-compete clauses, Colorado Privacy Act awareness, Boulder County venue
  • Cybersecurity-specific: active breach discovery protocol, no-guarantee disclaimer, access controls
  • Liability cap: 1x fees paid, with carve-outs for confidentiality breach, gross negligence, and willful misconduct

Future Documents (Not Yet Created)

DocumentWhen Needed
Business Associate Agreement (BAA)HIPAA-covered clients (healing centers, healthcare)
Data Processing Addendum (DPA)When processing personal data under Colorado Privacy Act
Rules of Engagement (ROE)If adding active penetration testing to scope
Retainer Agreement / MSAConverting ORB clients to ongoing fractional Resilience Partner

Key Sources

  • oneNDA — Gold standard mutual NDA (CC BY 4.0)
  • Cure53 Contracts — Open-source security assessment contracts
  • Basecamp Policies — Model for plain-language legal writing
  • Colorado Revised Statutes: C.R.S. §8-2-113 (non-compete), C.R.S. §6-1-716 (breach notification)
  • Colorado Privacy Act (C.R.S. §6-1-1301 et seq.)

Graph View