Privacy & Data Notice
Effective: 27 May 2026 · Last reviewed: 16 June 2026
Each published incident links back to its primary sources. The catalog is a secondary source; nothing here should be read as a judicial finding of guilt. If you are named in an incident and believe the entry is inaccurate, incomplete, out-of-context, or should be removed, see Your rights below or contact us directly at [email protected].
Who is responsible for this site
The data controller for the Authoritarian Interference Tracker is the Institute for Strategic Dialogue (ISD), operating through its US affiliate ISD-US. References to “ISD”, “we”, and “us” on this page mean that organisation. The general ISD privacy notice covering the wider organisation is available at isdglobal.org/privacy-notice/; this page describes processing that is specific to the Tracker.
What this site is
The Tracker is a research and journalism catalog. It does not provide a service to visitors in the consumer sense and does not require an account. The public site has no analytics, no advertising, no marketing cookies, and no third-party trackers. Standard server logs (IP address, requested URL, user-agent, timestamp) are retained briefly for operational and security purposes.
What we process and where it comes from
The Tracker's pipeline collects, classifies, and publishes information from open-source reporting. Source categories are described in our Methodology. The data we process falls into three groups:
- Source articles. Article URLs, titles, publication dates, source domains, languages, extracted body text, and feed metadata. Full text is retained while the article is linked to a published incident.
- Incident records. Title, summary, threat actors, target countries, dates, tactics, techniques and procedures (TTPs), attribution basis, source URLs, and named entities — including organisations, government units, military formations, infrastructure, and, in some cases, identifiable individuals where those individuals appear in the underlying source reporting.
- Operational metadata. Pipeline embeddings, model identifiers, audit trails of editorial state changes, and authentication data for internal review-tool users. The public site is read-only and does not write any personal data about visitors.
Lawful bases for processing
We rely on the following bases under the EU General Data Protection Regulation:
- Legitimate interests (Art. 6(1)(f)). The public interest in documenting and analysing state-sponsored interference against democratic institutions.
- Data manifestly made public by the data subject (Art. 9(2)(e)). Applicable to public-figure subjects (named officials, indicted operatives identified in court documents or government statements, etc.).
- Archiving, research, and journalism (Art. 9(2)(j); Art. 85). Applicable to the catalog's research and journalistic character and to the special-category data that necessarily appears in some incidents (e.g., political opinion, ethnicity or religion of targeted communities).
- Criminal-allegations data (Art. 10). Processed under the journalistic and academic-research exemptions provided by applicable Member State law, with the safeguards listed below.
Automated processing and human review
Articles in the pipeline are scored, deduplicated, summarised, and matched to incident
records by automated systems built on large language models. Specifically: classification,
grafting, and a post-generation deduplication pass use Anthropic's Claude Haiku; the
structured incident records are written by Anthropic's Claude Sonnet; semantic embeddings
are generated by Voyage AI's voyage-4-lite model.
No incident is published without human editorial review. Every candidate incident enters a two-stage human review — an editor triages and a reviewer confirms publication. Editorial state changes are audit-logged. This human-in-the-loop step is the substantive safeguard against errors introduced by automated processing. Automated processing alone does not produce decisions about individuals that have legal or similarly significant effects within the meaning of Article 22.
Subprocessors and recipients
The pipeline relies on the following external services. All transfers to non-EU jurisdictions are made on the basis of the provider's Standard Contractual Clauses (or equivalent transfer mechanism) under Article 46, supplemented by the content-minimisation practices described below.
| Service | Purpose | Data sent outbound | Location |
|---|---|---|---|
| Anthropic | Article classification (Claude Haiku); incident generation (Claude Sonnet); grafting and dedup adjudication (Claude Haiku) | Article titles, summaries, and a body excerpt per call — including named persons where present in source reporting | United States |
| Voyage AI | Semantic embeddings used for clustering and graft search | Article titles and a summary/body excerpt per call | United States |
| Google Cloud (BigQuery) | Queries against the public GDELT Global Knowledge Graph dataset | SQL query text only (entity/theme strings); no personal data outbound | United States |
| GDELT Project (DOC API) | Keyword-based article discovery | Keyword query strings only; no personal data outbound | United States |
| OCCRP Aleph | Searches against OCCRP's investigative-document corpus | Keyword query strings and API credentials; results may contain named persons present in OCCRP's source corpus | OCCRP-hosted (EU and US infrastructure) |
| Publisher websites | Direct retrieval of articles for body-text extraction | ISD's IP address and user-agent are visible to publishers; we retrieve their published content | Globally distributed |
| Microsoft Azure | Hosting (servers, database, backups) | The complete article, incident, and entity dataset | United States (East) |
| GitHub | Source-code hosting | Code only; no production data and no secrets | United States |
No training on AIT data. We have configured our accounts with the model providers above so that AIT pipeline data is not used to train their models, consistent with each provider's published API data-use policy. We do not consent to AIT data being used for model training by these providers or by any future subprocessor, and we will reflect this in our contractual relationships with them.
How long we keep data
- Articles classified irrelevant are deleted automatically 90 days after ingestion. The 90-day window is reviewed periodically and may be shortened as the pipeline matures.
- Articles classified relevant are retained for as long as they are linked to a published incident, plus a buffer for editorial review. The catalog's research function depends on the continued availability of these sources.
- Duplicate and near-duplicate articles are merged into a single incident's source list during pipeline deduplication; surplus duplicates are not retained as separate records.
- Incident records are retained subject to ongoing editorial review. Editors periodically re-check published incidents for continuing accuracy, and we will rectify, restrict, or remove entries where the underlying public reporting has been superseded, retracted, or shown to be inaccurate. Standing erasure and rectification rights are described below.
- Inputs retained by AI subprocessors for trust-and-safety or abuse monitoring are governed by each subprocessor's published retention schedule and the contractual terms we have with them; we do not direct subprocessors to retain copies of pipeline inputs beyond what their service requires, and we have configured their accounts to opt out of any model-training use of our data (see below).
- Pipeline embeddings and editorial audit logs are retained for the operational lifetime of the catalog.
- Internal review-tool sessions use cookie-based sessions that expire when the browser closes. Internal user accounts persist for the duration of the editor's involvement with the project.
Your rights
Where the GDPR, the UK GDPR, US state privacy laws, or other applicable law gives you rights as a data subject, you can exercise them by contacting ISD's Data Protection Officer using the details below. We will acknowledge receipt and respond within the timeframe required by the law of your jurisdiction (in most cases, one month), in accordance with ISD's internal data-subject-request policy. We may need to verify your identity before disclosing personal data.
Email: [email protected] (subject line: “AIT data subject request”)
Post: ISD-US, Suite 285, 1032 15th St. NW, Washington, DC 20005, United States
Please describe what right you are exercising (access, rectification, erasure, restriction, objection, portability) and identify the incident, entity, or record your request concerns.
Available rights include:
- Access — a copy of the personal data we process about you.
- Rectification — correction of inaccurate or incomplete information. Where an incident's underlying public reporting is itself inaccurate, we will annotate or update the incident record and, where appropriate, note the correction.
- Erasure — removal of an entry. Because the catalog is processed for journalistic and research purposes, the right to erasure may be limited by Article 17(3) and applicable Member State law. We will explain in writing where an erasure request is declined and why.
- Restriction of processing while a request is being assessed.
- Objection to processing based on legitimate interests.
- Lodge a complaint with a competent supervisory authority. In the United Kingdom this is the Information Commissioner's Office (ico.org.uk); in the European Union it is the supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.
A note on direct notification
We do not notify each named individual whose name appears in the source reporting we catalog. The sources we draw on are open-source publications and government statements that are themselves public, and direct notification of every named individual would require a disproportionate effort within the meaning of Article 14(5)(b) GDPR. We rely on this exception in combination with the publication of this notice.
Safeguards we apply
- Every published incident is linked to the primary sources that support its attribution; the catalog is presented as a secondary source pointing to those sources.
- Every published incident passes through two-stage human editorial review, with a documented state machine and an audit log of state changes.
- Incidents include a confidence assessment reflecting the strength of the underlying attribution evidence.
- Operational secrets (API keys, database credentials) are held outside the public source repository.
- Access to production hosts and to the editorial tool is restricted to named ISD staff with role-based access controls.
Changes to this notice
We will update this notice as the pipeline, subprocessor chain, or scope of the Tracker changes. The “Last reviewed” date at the top of the page reflects the most recent material change. We will not weaken the protections described here without giving prior notice on this page.
Contact
Data-protection matters and data-subject requests: [email protected], or by post to ISD-US, Suite 285, 1032 15th St. NW, Washington, DC 20005, United States.
Editorial corrections to a specific incident (e.g., factual error in a published entry): [email protected].
← Back to the tracker