The Centre operates as the public-purpose programme of Nansen Digital Forensics. Independence, transparency, and survivor-led governance are non-negotiable. This page exists so that funders, regulators, partners and journalists can confirm that for themselves.
The Digital Safeguard Centre is a trading name of Nansen Digital Forensic Services Pty Ltd (ABN 15 634 461 957), registered in Australia. The Centre operates as the international research, advocacy, and frontline-tooling programme of Nansen Digital Forensic Services — a purpose-driven social enterprise, not a charity and not registered with the ACNC.
Our ABN and trading-name registration are publicly verifiable through the Australian Business Register. Annual financial statements are available to funders and regulators on request.
The Centre's value to survivors, agencies, regulators and corporate partners depends on its independence. We commit publicly to the following, and review compliance annually:
All research conducted by or with the Centre is reviewed and approved by the University of Canberra Human Research Ethics Committee (UC HREC). Operationally, every digital safety audit is governed by a documented trauma-informed practice standard, written privacy policy, and survivor consent protocol.
UC HREC approval — research with human participants is reviewed and approved by the University of Canberra Human Research Ethics Committee prior to commencement.
Trauma-informed practice standard — all client-facing staff are trained to a documented trauma-informed standard, refreshed annually.
Data minimisation & retention — we collect the minimum information necessary, retain for the minimum legally required period, and offer survivor-controlled deletion of audit records.
Mandatory reporting — we comply with all Australian mandatory reporting obligations regarding child safety and imminent risk of harm.
Conflict of interest register — staff and contractor conflicts are declared in writing and reviewed annually.
The data flowing through a digital safety audit — device images, account histories, evidence of compromise — is among the most sensitive any organisation handles. Our security posture is documented, externally testable, and survivor-centred.
Data residency — data is stored encrypted as close as possible to the client's jurisdiction and never in a country without a strong rule of law. Our approach is informed by EU privacy principles: jurisdiction matters, and so does the legal environment governing the infrastructure that holds it.
Encryption — all data is encrypted at rest and in motion, without exception. Access logs are retained, role-based access is enforced, and sensitive operations require two-person review.
Privacy framework — compliance with the Australian Privacy Principles and the notifiable data breach scheme. International engagements are additionally aligned to GDPR principles.
External assurance — ISO 27001 and ISO 42001 certifications are in progress. External audit against both standards is on our near-term roadmap.
Incident transparency — material incidents are reported to affected parties within 72 hours, in addition to statutory obligations.
Funders, regulators, journalists and prospective advisors are welcome to contact us with governance, independence, or compliance questions.