We exist to protect people from digital harm. That means holding ourselves to the highest standard on how we handle your information — and on the security of the systems that hold it.
Our platform is used by survivors of technology-facilitated abuse. The security of the people who depend on us is not negotiable. Please read this section before attempting any form of security research against our systems.
Penetration testing, vulnerability scanning, fuzzing, automated enumeration, or any form of active security testing against our systems, APIs, or infrastructure requires the express prior written approval of Nansen Digital Forensic Services. This applies regardless of stated intent, claimed methodology, or professional affiliation.
Our platform serves victim-survivors of technology-facilitated abuse — people who are often actively at risk. Unauthorised testing that affects system availability, data integrity, or user confidentiality could cause direct harm to these individuals. We treat any such activity with the utmost seriousness.
To request authorisation for testing where no existing assessment or independent analysis already covers the area of concern, before you begin. We will consider reasonable, well-scoped requests and, where appropriate, agree terms in writing.
We will not make financial payments for vulnerability reports, regardless of claimed severity or impact.
If you have identified a genuine, verifiable security issue and report it to us in good faith through our contact below, we will investigate it, patch it if confirmed, and publish a security notice on this page crediting your contribution (unless you prefer to remain anonymous). That is the extent of what we offer.
Reports accompanied by payment demands, non-disclosure threats, disclosure deadlines, or offers to sell paid security services as a condition of resolving the issue will not be engaged with on their technical merits. We treat demands of this nature as extortion and refer them directly to law enforcement. Attempting to leverage a vulnerability — or the threat of disclosure — for financial gain is a criminal offence in Australia and in all jurisdictions where we operate.
When a genuine, verified security issue is reported to us in good faith and subsequently patched, we publish a notice here. Disclosures include a description of the issue, the remediation applied, and (where requested) credit to the reporting researcher.
The following documents are published by Nansen Digital Forensic Services operating as The Digital Safeguard Centre and the Acorn platform. Documents are being finalised and will be linked here on publication.
What we collect, why, how long we keep it, and your rights across all Centre services and the Acorn platform.
Publishing soonThe terms governing access to and use of the Acorn platform and associated services.
Publishing soonWhat cookies and tracking technologies we use, why, and how to manage your preferences.
Publishing soonHow we handle accounts and data for users who are or may be under 18.
Publishing soonHow we use AI within our products, what models we use, and the human oversight we maintain.
Publishing soonScope, safe harbour conditions, how to report, our response commitments, and coordinated disclosure.
Publishing soonThese principles guide every product decision we make — not just our legal compliance.
We collect only what we genuinely need to deliver the service. We do not collect data for future hypothetical purposes.
Survivors own their records. We offer deletion on request, no questions asked, without penalty or delay.
We do not sell, licence, or share personal information with advertisers or data brokers — ever.
Survivor data stays in Australian jurisdiction. International transfers require explicit consent and a documented lawful basis.
We notify affected individuals within 72 hours of a confirmed breach — ahead of most statutory timeframes.
Our policies are written for the people they protect, not for lawyers. If something is unclear, email us.
We use a small number of external services in the operation of this website. This section discloses each one and explains what data it receives.
Contact messages submitted through our website are delivered via Web3Forms. The content you submit — name, email, and message — is transmitted to their service for delivery to our inbox. Web3Forms does not store form submissions.
Contact form messages are automatically translated to English on our server before delivery so that staff can respond effectively regardless of the language used. This translation is performed server-side by our own infrastructure — your IP address is never shared with the translation service. Only the text of your message is transmitted. You may write in English to bypass this step entirely.
The footer emergency number is personalised to your country. To determine your country, your browser makes a single anonymous request to api.country.is. No cookies or persistent identifiers are used by that service.
We respond within 2–5 business days. All enquiries are handled confidentially.
We'll respond within 2–5 business days. All enquiries are handled confidentially.
Thank you. We'll be in touch within 2–5 business days.
Real-time status of our compliance posture across frameworks and data residency commitments.