GDPR Compliant

Privacy Policy

Your privacy is fundamental to our mission. This policy explains how Tribunal OS collects, uses, and protects your personal information.

Effective Date: January 1, 2026 | Last Updated: January 10, 2026

Our Privacy Commitment

Tribunal OS ("we," "us," or "our") operates a platform designed to support war crimes investigations and international justice efforts. Given the sensitive nature of this work, we are deeply committed to protecting the privacy and security of all users and the data they entrust to us.

This Privacy Policy applies to all users of the Tribunal OS platform, including investigators, prosecutors, researchers, and institutional partners. It describes our practices regarding:

  • What information we collect and why
  • How we use and protect your information
  • Your rights and choices regarding your data
  • How we comply with international privacy regulations

Special Note for Sensitive Data: We understand that our platform may process information related to war crimes investigations, which may include sensitive personal data about victims, witnesses, and alleged perpetrators. We implement enhanced protections for such data as detailed in this policy.

Information We Collect

We collect different types of information depending on how you interact with our platform.

Duration of account + 7 years
Account Information
Information you provide when creating an account
  • Name and professional title
  • Email address
  • Organization/Institution affiliation
  • Professional credentials
  • Account preferences and settings

Legal Basis: Contract performance, Legitimate interest

As specified by user + legal requirements
Case Data
Information related to investigations and cases
  • Case files and documentation
  • Evidence uploads and metadata
  • Analysis results and reports
  • Notes and annotations
  • Workflow configurations

Legal Basis: Contract performance, Legal obligation

2 years (anonymized indefinitely)
Usage Data
Information collected automatically during platform use
  • Service usage patterns
  • Feature interaction logs
  • Search queries (anonymized)
  • Error reports and diagnostics
  • Performance metrics

Legal Basis: Legitimate interest

30 days (logs), 2 years (aggregated)
Technical Data
Technical information for platform operation
  • IP addresses (anonymized after 30 days)
  • Browser type and version
  • Device information
  • Operating system
  • Session identifiers

Legal Basis: Legitimate interest, Security

How We Use Your Information

We use collected information for specific, legitimate purposes related to providing and improving our services.

Data Sharing & Disclosure

We do not sell your personal data. We only share information in limited circumstances.

We May Share With
  • Service Providers:Trusted vendors who assist in platform operations (under strict data processing agreements)
  • Legal Authorities:When required by law, court order, or to protect rights and safety
  • Your Organization:Institutional administrators for accounts under organizational licenses
We Never Share
  • • Personal data with advertisers or marketing companies
  • • Case data or evidence with unauthorized parties
  • • User information for purposes unrelated to our services
  • • Data with governments without proper legal process
  • • Information that could compromise ongoing investigations

Your Privacy Rights

Under GDPR and other privacy regulations, you have specific rights regarding your personal data.

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data (subject to legal retention requirements)

Right to Restrict Processing

Request limitation of how we process your personal data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

To exercise any of these rights, please contact our Data Protection Officer.

Contact Us

Data Security

We implement industry-leading security measures to protect your data.

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Multi-factor authentication (MFA)
Role-based access control (RBAC)
Regular security audits and penetration testing
SOC 2 Type II certified infrastructure
ISO 27001 compliant processes
24/7 security monitoring and incident response

International Data Transfers

As a global platform, we may transfer data across borders with appropriate safeguards.

Tribunal OS operates globally and may transfer your personal data to countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Data Privacy Framework: For international data transfers
  • Standard Contractual Clauses: Approved contract terms for international transfers
  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Binding Corporate Rules: For transfers within our corporate group

Our data centers are secured with enterprise-grade protections and are subject to applicable data protection regulations. Users may request information about where their data is stored.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us.

Privacy Inquiries

For privacy-related inquiries, data protection requests, or to exercise your rights, please reach out through our contact page.

Contact Us

You also have the right to lodge a complaint with your local data protection authority.