Safety & Security
These Safety and Security guidelines outline the measures and best practices for protecting users and maintaining platform integrity, including safety guidelines, security policies, and incident response procedures.
Table of Contents
1. Safety Guidelines
1.1. Responsible Civic Engagement and Personal Risk Awareness
The Platform facilitates digital civic engagement between Citizens and Representatives, whether Public Representative or Political Participant Representative. Users remain responsible for exercising reasonable judgment when publishing content, sharing personal information, or engaging with other Users.
The Company does not supervise interpersonal conduct beyond the moderation framework described in Platform Rules and Safety and does not guarantee the identity, intentions, or behaviour of other Users.
1.2. Protection of Personal and Sensitive Information
Users are advised to limit disclosure of personal data to what is strictly necessary for civic engagement purposes. Public Cases may be visible to other Users and may be indexed externally as acknowledged under Citizens Terms of Service.
The Platform does not control third-party republication or caching of publicly accessible content. Users remain responsible for ensuring compliance with applicable data protection laws when disclosing third-party information.
2. Security Policy
2.1. Security Governance and Technical Measures
The Company maintains appropriate technical and organisational measures designed to protect the confidentiality, integrity, and availability of Platform data, consistent with relevant laws. Security controls include encryption in transit, encryption at rest for hosted databases, role-based access controls, privileged access logging, and multi-factor authentication for administrative accounts.
2.2. Third-Party Infrastructure and Vendor Safeguard
Where infrastructure or ancillary services are provided by third-party vendors, such providers shall operate written agreements that impose data protection, confidentiality, and information security obligations consistent with applicable law.
3. Incident Response Summary
Constituency maintains procedures for identifying, containing, and assessing suspected security incidents affecting Platform systems and personal data.
Where an incident qualifies as a personal data breach, the Company will determine its role in relation to the affected data and will notify the appropriate supervisory authority or relevant data controller, as applicable, and inform affected individuals where required.
Following identification of a security incident, the Company may implement proportionate containment measures, including credential revocation, access isolation, forensic log preservation, and system remediation, and may conduct a post-incident review to identify root causes and strengthen safeguards.
This section supplements, and does not replace, the more detailed breach notification and data handling provisions set out in the Privacy Policy and Data Protection documentation.