Privacy & Safeguards Statement

Our Commitment

Civility Bureau is building infrastructure for transparent and auditable online moderation. From the outset, our principle is clear: we do not and will not collect or expose personal user data.

Moderation events are recorded against pseudonymous identifiers that are derived from a Bureau‑controlled master key and scoped uniquely to each platform. These pseudonyms are non‑reversible without platform‑held data, ensuring that Civility Bureau cannot identify individuals.

This design makes attestations independently verifiable and auditable, while preserving privacy and preventing cross‑platform linkage unless explicitly authorised under governance.

Addressing Privacy & Surveillance Concerns

We recognise the importance of civil society concerns about surveillance risks. Safeguards are built into our design:

  • Pseudonymous, not personal: Attestations are tied only to pseudonyms (e.g. Platform_123abc). Civility Bureau never receives or stores underlying identities.
  • Non‑reversible: Without access to platform data, pseudonyms cannot be mapped back to real individuals.
  • Independent oversight: Schema and governance are open to scrutiny by regulators, researchers, and civil society.

Scope and Future Extensions

Our attestation schema is deliberately minimal: Platform | Key | Category | Severity | Date/Time

This ensures proportionality and privacy by design. Future extensions (e.g. an under‑18 flag for child protection, or device country for electoral integrity) will only be introduced if:

  • Legally required by regulators,

  • Agreed through multi‑stakeholder governance, and

  • Minimal, purpose‑bound, and auditable.

Auditability Without Centralized Identity

Pseudonyms remain in the ledger once a moderation event is recorded. This ensures accountability over time without creating a central registry of personal identities. The ledger is about events and decisions, not people.

Guarding Against Surveillance Misuse

We acknowledge that governments could, in theory, request lists of certain violation categories (e.g. "terrorism" or "voting fraud"). On their own, our attestations cannot identify individuals. Any attempt to deanonymise would require combining Bureau data with platform‑held records.

To safeguard against misuse, we commit to:

  • Transparency reporting of any government requests.

  • Open scrutiny of schema and governance by civil society.

  • Minimal disclosure by design — only the data necessary for auditability is included.

Balancing Industry and Accountability

Our system is not about taking power away from platforms, it is about creating a shared language of transparency.

  • For platforms: Standardised attestations reduce compliance friction, demonstrate good faith to regulators, and build public trust.

  • For regulators and researchers: Attestations provide a verifiable, comparable basis for oversight.

  • For smaller platforms: The standard lowers the barrier to credible reporting.

In short: clarity improves for all, and accountability becomes a shared responsibility.

Our Position

Civility Bureau is not a surveillance tool. It is trust infrastructure: making moderation decisions auditable while protecting user privacy. We acknowledge the risks of surveillance creep and actively design against them. By engaging openly with critics and publishing our safeguards, we aim to ensure this infrastructure strengthens democratic oversight and industry accountability alike.