Watchdog Manifest

We believe that responsible data collection and computation can illuminate truth, drive better decisions, and accelerate positive change — but only when it is coupled with transparency, proportionality, and respect for individual rights. This document sets out the principles that guide every project, partnership, and line of code we author.

This Manifest applies to all team members, contractors, and partners who handle data under the Watchdog umbrella, across every geography and legal regime in which we operate.

We leverage industry-grade, security-hardened platforms that meet or exceed ISO 27001, ISO 42001 requirements. Tool selection is reviewed quarterly against the following checklist:

• Encryption-in-Transit & at-Rest (AES-256 or better)
• Role-Based Access Control (RBAC) with MFA

We do not employ shadow-IT, freeware lacking security attestation, or closed black-box models whose risk cannot be quantified.

All personnel agree to the following behavioural charter:

• Integrity First — No data manipulation aimed at misleading stakeholders.
• Speak Up Duty — Flag anomalies, biases, or security gaps immediately.
• Conflict-of-Interest Disclosure — Financial, personal, or ideological ties must be declared.
• Zero Retaliation — Whistle-blowers are protected and celebrated.
• Continuous Learning — Minimum 8 hours of ethics & security training per year.

Breaches trigger a graded response: from mandatory retraining to contract termination and regulatory notification.

Access to datasets and compute resources is granted solely on the basis of operational necessity:

• Least Privilege — Default deny; time-boxed permissions.
• Segmentation — Production, staging, and development environments are isolated.
• Differential Privacy & Anonymisation — Where full data access is not essential, we provide redacted or synthetic subsets.
• Periodic Review — Access rights expire automatically every 90 days unless re-justified.

Before onboarding a project, the responsible lead must file a Self-Declaration of Data Ethics Compliance covering:

• Purpose & Expected Benefit
• Data Categories & Sources (incl. sensitive data flags)
• Legal Basis & Jurisdictional Mapping
• Risk Assessment Summary (privacy, security, societal impact)
• Deletion & Retention Timetable
• Stakeholder Communication Plan

Declarations are stored in our compliance repository and are auditable by regulators and clients upon request.

We practice Data Sunset by Design. Upon project completion or contract termination, an archival decision is made to determine if anonymised aggregates hold long-term value.

Residual data retention beyond this window requires executive approval and documented legal justification.

• Incident Response Drills conducted semi-annually

This Manifest is reviewed every six months and updated to reflect operational experience, regulatory change, and evolving ethical standards.