← Back to NOUR

Privacy Policy

Public reporting service · Version 1.0 · Effective 1 June 2026

NOUR is a civilian-safety platform that lets anyone report strikes, shelling, flooding, fires, and other hazards from any phone — with no app and no account — so that incidents can be verified and shown on a live public map. This policy explains what data the public reporting service collects, why, and the rights you have. We designed the service to need as little personal data as possible.

Aid organisations that use NOUR’s separate, sign-in-only dashboard to manage their own teams are covered by a dedicated policy provided within that dashboard.

1. Introduction

This policy applies to the public parts of NOUR available at noursystems.org: the hazard report form, the public live map, and related public information pages. By using these services you acknowledge the practices described here.

2. Who is responsible for your data

The data controller for the NOUR platform is Forrest Labs (“we”, “us”). You can contact us using the details in Section 15.

3. What we collect when you report

When you submit a hazard report, we process:

When you view the public map, we process only the limited technical data needed to serve the page securely.

4. What we do not collect

5. Why we use it and our legal bases

We use this data only to operate the safety service: to cluster and verify reports, cross-reference public news and official sources, show verified incidents on the public map, and keep the service secure against abuse. Our lawful bases under applicable data-protection law — principally Lebanon’s Law No. 81 of 10 October 2018 (Electronic Transactions and Personal Data), with the EU/UK General Data Protection Regulation applied as our baseline standard — are the protection of the vital interests of people in danger, the performance of a task in the public interest, your consent in submitting a report, and our legitimate interests in keeping the service accurate and secure.

6. Automated processing and AI

NOUR uses automated processing, including a large-language-model service (Anthropic’s Claude API), to help cluster and verify incoming reports and cross-reference public sources. These tools assist human-overseen verification; we do not use your data to make decisions producing legal or similarly significant effects about you. Only the data needed for the task is sent to this provider (Section 7).

7. Who we share data with

We do not sell personal data. We use a small number of trusted service providers (sub-processors) to run the service, each bound to process data only on our behalf:

SupabaseDatabase and file-storage hosting for reports and media.
VercelApplication hosting and content delivery.
Anthropic (Claude API)AI assistance for verification (Section 6).
RailwayThe face-blurring service that obscures faces in submitted media before storage.
MapboxMap display in your browser.
ntfyDelivery of public hazard/all-clear notifications where applicable.

Verified incident information (such as a hazard type and an approximate location) is shown publicly on the live map by design — this is the purpose of the service. Media is shown only after faces are blurred and review. We may also disclose data where required by law or to protect the vital interests of any person.

8. International data transfers

Our service providers may process data in countries outside the one in which you are located. Where data is transferred internationally, we rely on appropriate safeguards recognised under applicable law to protect it. You can request more information using the contact details in Section 15.

9. How long we keep data

10. How we protect your data

No system is perfectly secure; Section 16 is honest about what these measures do and do not protect against.

11. Your rights

Subject to applicable law, you have rights to access, correct, erase, restrict, or object to the processing of your personal data, to data portability, to withdraw consent, and to complain to a supervisory authority. Because reports are submitted without an account and IP addresses are stored only as an irreversible hash, we usually cannot identify you or link a particular report back to you — which means we may be unable to locate “your” data to action some requests. Where you can give us enough detail to identify specific data (for example a report you submitted), we will act on your request as the law requires. Contact us using Section 15.

12. Cookies and on-device storage

The public service uses only strictly necessary storage — for example to remember your language choice or to let the report form work on a poor connection. We do not use advertising or cross-site tracking cookies.

13. Children

NOUR is intended for use by adults. It is not directed at children, and we do not knowingly collect children’s personal data. If you believe a child’s data has been provided to us, contact us and we will take appropriate steps.

14. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the version and effective date shown above. Your continued use of the service after a change takes effect constitutes acknowledgement of the updated policy.

15. Contact and complaints

For privacy questions or to exercise your rights, contact Forrest Labs at shadi@forrestlabs.org. We have not appointed a dedicated data protection officer; privacy enquiries are handled by Forrest Labs at that address.

If you are not satisfied with our response, you have the right to lodge a complaint with the competent data-protection supervisory authority in your jurisdiction — in Lebanon, under Law No. 81 of 10 October 2018 (Electronic Transactions and Personal Data), or, where applicable, with the relevant EU/EEA supervisory authority.

16. An honest note on the limits of protection

We believe in being straight with the people who rely on this tool. NOUR’s protections — encrypted connections, no raw-IP storage, face-blurring, and least-data-by-default — are strong against common threats. They are not a guarantee against a determined, well-resourced adversary such as a nation-state. Share only the detail a report genuinely needs, and for sensitive personal communication use a dedicated secure messaging app rather than any single system.

← Back to NOUR · Report a hazard · Live map

Version 1.0 · Effective 1 June 2026