Public reporting service · Version 1.0 · Effective 1 June 2026
NOUR is a civilian-safety platform that lets anyone report strikes, shelling, flooding, fires, and other hazards from any phone — with no app and no account — so that incidents can be verified and shown on a live public map. This policy explains what data the public reporting service collects, why, and the rights you have. We designed the service to need as little personal data as possible.
Aid organisations that use NOUR’s separate, sign-in-only dashboard to manage their own teams are covered by a dedicated policy provided within that dashboard.
This policy applies to the public parts of NOUR available at noursystems.org: the hazard report form, the public live map, and related public information pages. By using these services you acknowledge the practices described here.
The data controller for the NOUR platform is Forrest Labs (“we”, “us”). You can contact us using the details in Section 15.
When you submit a hazard report, we process:
When you view the public map, we process only the limited technical data needed to serve the page securely.
We use this data only to operate the safety service: to cluster and verify reports, cross-reference public news and official sources, show verified incidents on the public map, and keep the service secure against abuse. Our lawful bases under applicable data-protection law — principally Lebanon’s Law No. 81 of 10 October 2018 (Electronic Transactions and Personal Data), with the EU/UK General Data Protection Regulation applied as our baseline standard — are the protection of the vital interests of people in danger, the performance of a task in the public interest, your consent in submitting a report, and our legitimate interests in keeping the service accurate and secure.
NOUR uses automated processing, including a large-language-model service (Anthropic’s Claude API), to help cluster and verify incoming reports and cross-reference public sources. These tools assist human-overseen verification; we do not use your data to make decisions producing legal or similarly significant effects about you. Only the data needed for the task is sent to this provider (Section 7).
Our service providers may process data in countries outside the one in which you are located. Where data is transferred internationally, we rely on appropriate safeguards recognised under applicable law to protect it. You can request more information using the contact details in Section 15.
No system is perfectly secure; Section 16 is honest about what these measures do and do not protect against.
Subject to applicable law, you have rights to access, correct, erase, restrict, or object to the processing of your personal data, to data portability, to withdraw consent, and to complain to a supervisory authority. Because reports are submitted without an account and IP addresses are stored only as an irreversible hash, we usually cannot identify you or link a particular report back to you — which means we may be unable to locate “your” data to action some requests. Where you can give us enough detail to identify specific data (for example a report you submitted), we will act on your request as the law requires. Contact us using Section 15.
NOUR is intended for use by adults. It is not directed at children, and we do not knowingly collect children’s personal data. If you believe a child’s data has been provided to us, contact us and we will take appropriate steps.
We may update this policy from time to time. When we make material changes we will update the version and effective date shown above. Your continued use of the service after a change takes effect constitutes acknowledgement of the updated policy.
For privacy questions or to exercise your rights, contact Forrest Labs at shadi@forrestlabs.org. We have not appointed a dedicated data protection officer; privacy enquiries are handled by Forrest Labs at that address.
If you are not satisfied with our response, you have the right to lodge a complaint with the competent data-protection supervisory authority in your jurisdiction — in Lebanon, under Law No. 81 of 10 October 2018 (Electronic Transactions and Personal Data), or, where applicable, with the relevant EU/EEA supervisory authority.
We believe in being straight with the people who rely on this tool. NOUR’s protections — encrypted connections, no raw-IP storage, face-blurring, and least-data-by-default — are strong against common threats. They are not a guarantee against a determined, well-resourced adversary such as a nation-state. Share only the detail a report genuinely needs, and for sensitive personal communication use a dedicated secure messaging app rather than any single system.
Version 1.0 · Effective 1 June 2026