Last Updated: April 2026
1. Our Commitment
GPRFO collects minimal data to verify attacks. We never sell data. Victim names are redacted by default.
Our commitment is to protect sources while providing verified data to protect lives.
2. What We Collect
- Incident location data (LGA/district level only, never exact coordinates of victims)
- Incident type, date, and verified casualty figures
- Evidence files (with faces blurred by default)
- Reporter contact information (optional, encrypted at rest)
3. What We Never Do
- Sell or monetize personal data
- Publish source names or identifying information
- Share exact GPS coordinates of vulnerable communities
- Provide raw data to governments without anonymization
4. Data Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Source information is stored separately
from incident data. Access is restricted to verified analysts with background checks.
5. Data Retention
Incident data is retained permanently for historical analysis. Source contact information is deleted
after 90 days unless the source opts in for follow-up.
6. Your Rights
- Request deletion of your contact information at any time
- Request what data we hold about you
- Opt out of communications
7. Contact
For privacy concerns: privacy@gprfo.org