Ethics & Accountability

Ethics commitments

Last updated 2026-05-27

What this page is

This is the public version of the ethical framework that governs how Guardians of the AV is built and operated. It is written for journalists, county counsel, lived-experience advisors, and partner-organization leadership. It is meant to be quoted back to us. Where a commitment is already enforced by code, schema, or contract, we cite the file or commit. Where a commitment depends on work we have not yet shipped, we name the phase honestly. The companion documents are the privacy policy, the docs/legal/founding_charter.md in the repository, the partner data-processing agreement template, and the data-processing posture brief.

What we won't do, ever

These are non-waivable structural commitments. They cannot be relaxed by an operator, a donor, a partner organization, a board member (when there is a board), or a government request. Several are enforced in schema and row-level security, not just in policy.

We will never become a controller of domestic-violence-survivor case data.

Routing to the domestic-violence agency and the Family Justice Center is referral-only. Their VAWA-comparable database operates at their boundary, not ours. Our schema contains no DV-survivor classification fields and no admin role with the ability to create one (founding charter §3.6).

We will never hold protected health information without a Business Associate Agreement.

Healthcare-adjacent data flows only when there is a signed BAA under HIPAA and the applicable HITECH rules. Until a BAA is executed with a specific covered entity, PHI does not enter the system (founding charter §3.4).

We will never use peer attestation for trust progression.

Only partner-organization staff with role='partner_admin' on a verified partner record can verify completion of an earning event. No self-report. No "rate this person." This rule is enforced at the database boundary via row-level security and at the application boundary in /partner/issue.

We will never sell, license, or share user data with third parties for marketing.

California Privacy Rights Act opt-out is shipped and described in the privacy policy. We hold to a stricter standard than the legal floor: no sale, no licensing, no cross-context behavioral advertising, no "data partnerships" that move user records off our systems.

We will never operate as a surveillance layer for law enforcement.

We do not respond to non-warrant law-enforcement requests for user data. If we are served with a warrant, the impacted user receives notice unless the warrant prohibits it. Reference baseline: the Electronic Frontier Foundation's "Who Has Your Back" criteria.

We will never run experiments on users without disclosure.

A/B tests on trauma-informed surfaces require ethics-board sign-off. The ethics advisory board does not exist yet — it is a Phase 1.5 commitment described below. Until the board is seated, no experiments run on trauma-informed surfaces, full stop.

A note on the difference between operational logs and experiments. Our host (Vercel) records edge request logs to route traffic — URL paths, response times, IP addresses needed to deliver a packet. That is how a content-delivery network works; it is not an experiment and it is not behavioral analytics. What we will not do, and have not done, is install client-side analytics tools that would let us measure user behavior in a way that could fuel A/B tests or experiments. Vercel Web Analytics, Vercel Speed Insights, and Google Analytics are deliberately absent from this site. The full disclosure of what our host sees lives on /privacy under "Hosting and infrastructure." If we ever change that, the change goes through ethics-board review and gets disclosed here first.

Kill-switch as a design principle

This platform is built so it can be turned off. If it ever fails to serve the people it was built to serve — meaningfully and not transiently — the kill-switch is the structural answer rather than a layered rescue. The mechanism lives in the platform itself; what we publish as we operationalize it is the trigger criteria, the operator authority, the data-handling sequence, and the partner-notification protocol. We share this as a design principle so donors, sponsors, and partner agencies know how we think — not as a contract.

The same principle informs three adjacent scenarios, by the same mechanism. A court order that would force us to surface data the platform structurally does not hold (DV-survivor classification, PHI without a BAA, surveillance hand-offs to law enforcement) would be answered with kill-switch activation rather than rule violation. A partner-agency demand to share Tier 3 program-class data with a third party for a non-coordination purpose would be answered the same way. An operator judgment that the platform has drifted from its dignity floor and cannot be corrected in place would, likewise, be answered by turning it off.

What is operational today: the technical kill-switch itself — a single feature-flag in our infrastructure that takes the platform offline within sixty seconds. That part is built and tested.

What is still aspirational: the formal trigger criteria, the partner-notification protocol, the operator-authority definition, the data-destruction sequence, and the appeal mechanism. These have a Phase 1.5 milestone attached and will be reviewed by counsel before any of them is published as a binding commitment. We name this gap explicitly because the difference between a design principle we are holding ourselves to and a promise we may not yet be able to keep is exactly this work.

What partner agencies would see on activation, when the operational protocol is finalized: notice within the window the law permits (immediate when there is no legal seal), the fact of activation but not the legal posture if we are under a sealed order, and a paper fallback (the printable General Assistance wizard PDF lives at the partner site and does not require our backend). Existing meal-credit balances are preserved; no resident data is lost. The partner-continuity protocol at docs/partners/partner_continuity_protocol.md spells out the partner-side operational steps as currently drafted.

What we will do, by default

The dignity floor is opt-out, not opt-in. These behaviors are the default for every user on every surface; a person never has to ask for them, qualify for them, or disclose anything about themselves to receive them.

Trauma-informed default register on every public surface: predictable language, no-blame framing, no forced disclosures (founding charter §3.7, standard set by Anadora Turner, MSW, USC).
Crisis lines visible from every page footer: 988, Mobile Crisis, DV hotline, National DV.
Safety-exit one tap from every page — leaves the site and overwrites the visible history entry. On mobile the tab-switcher snapshot and the device's URL-suggestion cache are outside this site's reach; the residual gap is walked through honestly on /privacy so a person on a monitored device can decide what level of caution they need.
Anonymous Tier 0 — the resource map at /map works with no account, no phone number, no ID.
Auto-deletion of in-flight coordination-packet wizard data after 30 days (Supabase TTL, commit 78743c4).
Audit-trail logging on every admin action via the user_role_grants table.
Public transparency: live counter at /today, redacted Anadora field-interview ledger at /phase-0-ledger.

Abuse vectors we've thought about

A coordination platform that mints credits, accepts donations, and routes vulnerable people creates real attack surfaces. The list below is not exhaustive, but it is honest: each item names the vector, the mitigation we have shipped, and the gap that is still open. Phase labels (1, 1.5, 2, 2+) reflect when we expect to close each gap; they are not aspirational.

Sybil attacks on meal credits. A single person creates five accounts to harvest credits.
Mitigation: partner-attestation requirement for credit issuance (no self-mint), phone-OTP rate-limiting on signup, Stripe-side donation deduplication.
Gap: no behavioral-anomaly detection on signup/redemption patterns (Phase 1.5).
Partner-staff collusion. A partner-admin issues fake attestations to a confederate.
Mitigation: append-only audit log on every issuance event, a 30-day window before credits can be redeemed at scale, future partner-rotation review by Anadora's field-validation pass.
Gap: no automated collusion-detection model that flags issuance/redemption pairs (Phase 2).
Donor-side fraud / chargeback laundering. A bad actor donates with a stolen card, the donation funds credits, the credits are redeemed, the original card is chargebacked.
Mitigation: Stripe handles chargeback processing end-to-end, 7-day hold on credit-issuance from new donors under a velocity threshold.
Gap: no donor-fraud-scoring model that ties payment signals to credit-issuance rate (Phase 2+).
Coordinated harassment via the help-request system. A user is targeted by a bad actor filing false help-requests on their behalf.
Mitigation: phone-OTP gate on help-request creation, partner-staff review queue before any broadcast, no public listing of help requests by name.
Gap: no user-side block list — a target cannot pre-emptively prevent a known harasser from filing requests about them (Phase 1).
Re-identification of confidential resources. Someone tries to derive SafeQuest's street address from quasi-identifiers in resource queries.
Mitigation: confidential=true flag on the resource row, RLS policy strips the address field entirely on read, no geo coordinates exposed for confidential rows in any API surface.
Gap: no rate-limit on metadata queries against confidential rows — a determined adversary could still mine category/hours data (Phase 1.5).
Identity fraud via wizard PDF abuse. Someone fills out a General Assistance wizard using another person's identifying information.
Mitigation: applicant signature pad on the generated PDF, in-person handwriting at the county appointment, Option A skip-and-handwrite SSN path (commit 66aa35c) so the platform never has to hold the SSN.
Gap: no live-identity-proofing step — the wizard does not verify that the typed name matches a real person (Phase 2+).
Partner-DPA breach (PII leaked from partner side). A partner exports user data to their own systems against the data-processing agreement and the data subsequently leaks.
Mitigation: the contract clauses in docs/legal/partner_data_processing_agreement_template.md bind the partner to a 72-hour breach-notification window and a revocation right we can exercise on the platform side.
Gap: no DLP (data-loss-prevention) scanning on partner exports — we trust contract enforcement, not technical egress controls (Phase 2+).

Who watches us

Accountability is layered, and several layers are not yet in place. We name them here so they can be checked against reality.

Lived-experience advisors. Paid honoraria (US$200/month per advisor under the Phase 0 plan), at least two seated by Phase 1. Their role is to flag where the platform feels coercive, surveillance-adjacent, or dignity-eroding — before journalists or county counsel ask the same question.
Anadora Turner, MSW (USC). Clinical co-lead, authority on the dignity floor and the trauma-informed register (founding charter §3.7, §4.1).
Outside counsel. A California nonprofit attorney is engaged for the 501(c)(3) formation. Ongoing privacy review is scoped for Phase 1.
Ethics advisory board. Phase 1.5. Composition: clinicians, lived-experience advisors, and civil-liberties advocates. Sign-off authority over the A/B-testing commitment above and over material changes to this page.

Where to report concerns

General: hello@guardiansofsolano.com
Privacy: privacy@guardiansofsolano.com
Security disclosures: security@guardiansofsolano.com — see the full coordinated-disclosure policy at /security.
Anonymous concerns: a whistleblower channel at /docs/whistleblower is in scope for Phase 1.5. In the interim, written concerns can be addressed to outside counsel via the general inbox with the subject line Confidential — for counsel.

Multilingual search — translation-only, deterministic selection

We have a long-standing commitment that we will not run AI experiments on trauma-informed surfaces. The multilingual resource-search layer on /map and /solano honors that commitment by being constrained, gated, and deterministic-in-selection:

The language model is allowed exactly two jobs — translate the user's search into a structured query, and translate the resulting resource names/descriptions back into the user's language. It is never asked to choose which resources show up.
Selection is done by a small, auditable rule-based search against the same verified resource directory that powers the public map. The same person typing the same input gets the same results.
The model cannot give medical, legal, financial, or safety advice. A localized canonical fallback fires the moment the model identifies a request like that — no search runs, no advice is generated.
The feature is behind an environment-variable feature flag (MULTILINGUAL_SEARCH_ENABLED) and ships off. It is enabled only after manual smoke-testing and is collapsed-by-default in the UI even when on.
This is explicitly not the “AI Guardian assistant” concept referenced elsewhere on the site — that remains deferred and would require a separate ethics review.

See docs/architecture/multilingual_search_ethics_review.md for the full review, and the privacy section for what we log.

How this page changes

Material changes to this page are recorded in git history at apps/web/app/ethics/page.tsx and, once the ethics advisory board is seated (Phase 1.5), require board sign-off. Until then, both founders (Aaron Turner and Anadora Turner) must jointly approve any change that weakens a commitment. New commitments can be added unilaterally; existing commitments cannot be removed or softened without a written record of why.