CSINT Research Workstation
Pro Workspace

Pro terms

KVKK/GDPR, retention and OSINT ethics boundaries.

This is a short pilot safety note. Before a paid public launch, the terms, retention policy and data processing text should be reviewed legally.

Pilot scope

Pro Workspace is a closed pilot workspace for organizing claims, sources, evidence, comments, assignments, audit logs and exports. It is not legal advice, live crisis monitoring, person tracking, doxxing or an auto-publishing system.

Data processed

The pilot may process email address, workspace metadata, claim packets, source/evidence notes, review comments, assignments, audit events and export records. Users are responsible for avoiding unnecessary personal data.

Retention

Pilot records are stored in D1. Persistent R2 file archive is currently off; PDF and file downloads do not promise permanent storage. Deletion, correction and access requests are handled manually during the pilot.

KVKK/GDPR approach

The operating principle is data minimization: keep only what is needed for verification work. Before adding personal, sensitive or private third-party information, users must check lawful purpose, legitimate need and source reliability.

OSINT ethics boundaries

Use lawful open sources only. Person targeting, harassment, unauthorized tracking, leaked-data redistribution, credential collection and harmful automated publishing are out of scope.

Security

Pro sessions use email code, Authenticator/TOTP, HttpOnly session cookies, rate limits, role checks and audit logging. These layers reduce risk; users remain responsible for account and device security.

Paid launch checklist

What must be closed for legal final.

  • Privacy policy, terms of use and data processing text should receive legal review.
  • Access, correction and deletion request handling should be written down before paid launch.
  • Billing, refund, cancellation and support responsibilities should be clear before checkout goes live.
  • Redaction rules for third-party personal data should be explicit for every user.
  • Audit-log and backup retention periods should be tied to a real operational policy.

This text is not legal advice; a professional legal review is still required before a paid public launch.