Tribunal OS
Back to Home

Privacy Policy

Effective Date: January 1, 2026 | Last Updated: April 20, 2026

1. Scope of This Policy

This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by Tribunal OS ("Platform," "we," "us," or "our"), an AI-powered war crimes investigation and prosecution support platform accessible at tribunaliq.org. This Policy applies to all individuals who access or use the Platform, including investigators, prosecutors, researchers, legal professionals, institutional partners, and general visitors (collectively, "Users" or "you").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must discontinue use of the Platform immediately.

2. Definitions

For the purposes of this Policy:

  • "Personal Data" means any information that identifies or can reasonably be used to identify a natural person, including name, email address, IP address, device identifiers, and professional credentials.
  • "Sensitive Data" means personal data that relates to war crimes investigations, including but not limited to witness testimony, victim information, evidence metadata, and case documentation.
  • "Processing" means any operation performed on Personal Data, including collection, storage, analysis, transmission, modification, and deletion.
  • "AI Services" means the machine learning and artificial intelligence tools provided through the Platform, including evidentiary forensics, narrative analytics, legal data mining, predictive analytics, compliance auditing, and deep analysis services.
  • "Service Execution" means the processing of user-submitted data through one or more AI Services to generate analytical outputs.

3. Information We Collect

3.1 Account and Authentication Data

When you create an account or authenticate via our OAuth-based single sign-on system, we collect:

  • Full name and display name
  • Email address
  • Unique user identifier (OpenID)
  • Authentication tokens and session identifiers
  • Account role designation (user or administrator)

We do not store passwords. Authentication is handled through our OAuth provider, and session state is maintained via encrypted, HTTP-only cookies signed with a server-side secret.

3.2 Case and Investigation Data

When you create and manage cases on the Platform, we collect and store:

  • Case metadata (title, description, status, priority, jurisdiction, conflict type)
  • Evidence files uploaded to our secure cloud storage infrastructure, along with associated metadata (file name, MIME type, file size, upload timestamp)
  • Case notes, annotations, and timeline entries
  • Service execution records, including input parameters, AI-generated outputs, confidence scores, and processing timestamps
  • Batch execution configurations and results
  • Workflow configurations and template selections

3.3 Deep Analysis Data

When you use the Deep Analysis feature (MPPT integration), we collect:

  • Text queries and analysis parameters submitted through the analysis composer
  • Files uploaded for analysis processing
  • Session identifiers linking analysis jobs to your account
  • Decision Agent conversation history within active sessions
  • Analysis results, branch narratives, quantum rankings, and decision outputs

3.4 Technical and Usage Data

We automatically collect technical data necessary for Platform operation and security:

  • IP address (anonymized after 30 days)
  • Browser type, version, and language preferences
  • Device type and operating system
  • Pages visited, features accessed, and interaction timestamps
  • Error reports and diagnostic information
  • Referring URLs and exit pages

3.5 Contact and Inquiry Data

When you submit inquiries through our contact form, we collect the information you voluntarily provide, including your name, email address, organization, inquiry type, and message content. Contact form submissions are transmitted to our backend processing system for response handling.

4. How We Use Your Information

We process your Personal Data for the following specific purposes:

4.1 Service Delivery

  • Authenticating your identity and maintaining secure session state
  • Providing access to AI-powered investigation and analysis services
  • Processing evidence and case data through our AI service execution pipeline
  • Generating analytical reports, confidence assessments, and prosecution support outputs
  • Storing and retrieving evidence files from our cloud storage infrastructure
  • Facilitating Deep Analysis jobs, decision agent interactions, and quantum ranking computations

4.2 Platform Operations

  • Maintaining audit trails and activity logs for case integrity
  • Managing user accounts, roles, and access permissions
  • Processing contact form submissions and responding to inquiries
  • Sending service-related notifications regarding account activity, security events, or Platform changes

4.3 Security and Compliance

  • Detecting, preventing, and responding to unauthorized access, fraud, or abuse
  • Maintaining chain-of-custody integrity for evidentiary materials
  • Complying with applicable legal obligations, court orders, and regulatory requirements
  • Enforcing our Terms of Service and other Platform policies

4.4 Platform Improvement

  • Analyzing anonymized and aggregated usage patterns to improve Platform features and performance
  • Diagnosing technical issues and optimizing system reliability
  • Developing and refining AI models and analytical capabilities (using only anonymized, aggregated data)

5. Legal Basis for Processing

We process Personal Data on the following legal grounds:

  • Performance of Contract: Processing necessary to provide the services you have requested, including account management, case processing, and AI service execution.
  • Legitimate Interest: Processing necessary for Platform security, fraud prevention, service improvement, and analytics, where such interests are not overridden by your fundamental rights.
  • Legal Obligation: Processing required to comply with applicable laws, regulations, court orders, or binding governmental requests.
  • Consent: Where required by applicable law, we obtain your explicit consent before processing, particularly for optional communications and non-essential analytics. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your Personal Data to third parties for marketing or advertising purposes. We disclose Personal Data only in the following limited circumstances:

  • Service Providers: We engage trusted third-party vendors to assist with Platform operations, including cloud hosting, data storage, AI processing infrastructure, and analytics. All service providers are bound by data processing agreements that impose confidentiality obligations and restrict data use to the purposes specified by us.
  • AI Processing Partners: When you use AI Services or Deep Analysis features, your input data is transmitted to our AI processing infrastructure for analysis. This processing is governed by strict data handling protocols and the outputs are returned exclusively to your account.
  • Legal Authorities: We disclose Personal Data when required by law, subpoena, court order, or governmental request, or when disclosure is necessary to protect the rights, property, or safety of the Platform, our Users, or the public.
  • Organizational Administrators: If your account is provisioned under an institutional license, designated administrators within your organization may have access to account-level information as defined by the institutional agreement.

We implement appropriate safeguards for all data transfers, including encryption in transit and contractual protections requiring recipients to maintain equivalent data protection standards.

7. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy:

  • Account Data: Retained for the duration of your active account plus seven (7) years following account closure, to comply with legal and regulatory retention requirements.
  • Case and Evidence Data: Retained as specified by the case owner, subject to applicable legal retention obligations. Users may request deletion of case data at any time, subject to ongoing legal holds or regulatory requirements.
  • Service Execution Records: Retained for the duration of the associated case plus two (2) years for audit and quality assurance purposes.
  • Deep Analysis Data: Session data and analysis results are retained for the duration of the associated user account. Users may request deletion of specific analysis records.
  • Technical Logs: IP addresses are anonymized after thirty (30) days. Aggregated usage data is retained for up to two (2) years.
  • Contact Submissions: Retained for two (2) years following resolution of the inquiry.

Upon expiration of the applicable retention period, Personal Data is securely deleted or irreversibly anonymized. We employ industry-standard data destruction methods to ensure that deleted data cannot be recovered.

8. Your Rights

Depending on your jurisdiction, you have the following rights with respect to your Personal Data:

  • Right of Access: You may request a copy of the Personal Data we hold about you, including the categories of data collected, the purposes of processing, and the recipients of your data.
  • Right to Rectification: You may request correction of inaccurate or incomplete Personal Data.
  • Right to Erasure: You may request deletion of your Personal Data, subject to applicable legal retention requirements and ongoing legal obligations.
  • Right to Restrict Processing: You may request that we limit the processing of your Personal Data under certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability: You may request to receive your Personal Data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
  • Right to Non-Discrimination: We do not discriminate against Users who exercise their privacy rights.
  • Right to Opt Out of Sale: We do not sell Personal Data. If this practice changes, we will provide a clear opt-out mechanism.

To exercise any of these rights, submit a request through our Contact page. We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law. We may request additional information to verify your identity before processing your request.

9. Data Security

We implement administrative, technical, and organizational safeguards designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data at rest and in transit using industry-standard protocols
  • Secure, HTTP-only, signed session cookies for authentication state management
  • Role-based access controls restricting data access to authorized personnel
  • Secure cloud storage infrastructure with access logging and monitoring
  • Regular security assessments and vulnerability testing
  • Incident response procedures for timely detection and remediation of security events

No method of electronic transmission or storage is completely secure. While we implement reasonable security measures consistent with industry standards, we cannot guarantee absolute security. In the event of a data breach affecting your Personal Data, we will notify you and applicable regulatory authorities as required by law.

10. International Data Transfers

The Platform operates globally, and your Personal Data may be transferred to and processed in jurisdictions other than your country of residence. When we transfer Personal Data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by relevant regulatory authorities
  • Data processing agreements with all third-party recipients
  • Technical measures ensuring data protection during transit and at rest

You may request information about the specific safeguards applied to international transfers of your data by contacting us through our Contact page.

11. Children's Privacy

The Platform is not directed at individuals under the age of sixteen (16). We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child under 16, we will take immediate steps to delete such data. If you believe a child has provided us with Personal Data, please contact us immediately through our Contact page.

12. Third-Party Services and Links

The Platform may contain links to third-party websites, services, or resources that are not operated or controlled by us. This Policy does not apply to third-party services. We are not responsible for the privacy practices, content, or security of any third-party service. We encourage you to review the privacy policies of any third-party service before providing your Personal Data.

13. Limitation of Liability

To the maximum extent permitted by applicable law, our total liability arising from or related to privacy matters under this Policy shall not exceed the amount you have paid to us for use of the Platform in the twelve (12) months preceding the event giving rise to the claim, or one hundred dollars ($100), whichever is greater. We shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from data processing activities conducted in accordance with this Policy.

14. Updates to This Policy

We reserve the right to modify this Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by applicable law, provide notice through the Platform or via email. Your continued use of the Platform following the posting of changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

15. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with applicable data protection laws. Any disputes arising under or in connection with this Policy shall be resolved through the dispute resolution mechanisms specified in our Terms of Service. You retain the right to lodge a complaint with your local data protection authority.

16. Contact Information

For privacy-related inquiries, data protection requests, or to exercise any of your rights under this Policy, please contact us through our Contact page.

We are committed to resolving privacy concerns promptly. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.