Rigorous, reproducible standards for data acquisition, harm quantification, and ethical assessment. All frameworks are version-controlled and publicly auditable.
1. Data Acquisition Protocols
All research and framework inputs are derived through three validated channels. We never use scraped PII or non-consensual data sources.
Official APIs: Primary source for platform transparency reports, government open data portals, and regulatory filings. All API access complies with provider terms of service.
Structured Web Collection: Used only for publicly available, non-personal aggregate data (e.g., proxy pricing pages, public court records). Automated collection respects robots.txt and implements rate limiting to prevent service disruption.
Direct Mission Submissions: Anonymized case data provided by diplomatic partners under bilateral data sharing agreements. All submissions are encrypted in transit and at rest.
Validation: Every dataset undergoes cross-source verification before inclusion in any framework or report. Single-source claims are explicitly flagged as preliminary.
2. Harm Quantification Matrix
The Global Harm Framework uses a six-tier severity scale applied across eight impact domains. Scores are derived from documented evidence, not subjective assessment.
Evidence Threshold: Minimum of two independent corroborating sources required for any harm classification above Level 2.
Cross-Border Weighting: Harms affecting individuals outside their country of citizenship receive a 1.5x multiplier when jurisdictional gaps prevent domestic remedy.
Status Neutrality: As of v2.1, all visa and residency statuses are weighted equally. Previous versions differentiated between citizen and non-citizen impacts; this was removed following Round One diplomatic consultations.
3. Ethical Sourcing Assessment Criteria
Used to audit proxy network supply chains. Compliance requires meeting all five mandatory criteria:
Informed Consent: End users must actively opt-in with clear, non-deceptive language. Pre-checked boxes and bundled consent are automatic failures.
Compensation Transparency: Users must receive fair value exchange (monetary or service-based) proportional to bandwidth contributed.
Traffic Restrictions: Networks must block known fraud, abuse, and illegal content categories at the infrastructure level.
Audit Trail: Providers must maintain immutable logs of consent timestamps and user withdrawal events for minimum 24 months.
Third-Party Verification: Annual independent audit report published within 90 days of fiscal year-end.
4. Data Governance & Privacy Policy
Transparency-X operates under a strict minimization principle. We do not collect, store, or process personally identifiable information except where explicitly required for authenticated diplomatic services.
Diplomatic Portal Access: Mission codes are hashed using bcrypt. Session tokens are HTTP-only, secure-flagged, and expire after 8 hours of inactivity.
Contact Form Submissions: Retained for 90 days for response tracking, then permanently deleted. Never used for marketing or shared with third parties.
Analytics: Cloudflare Web Analytics collects only anonymized, aggregated metrics. No cookies, no fingerprinting, no cross-site tracking.
Data Residency: All infrastructure hosted on Cloudflare’s EU region unless otherwise specified in bilateral agreements.