Open Environmental Sensing and Inference SystemParcel-first sensing and situational intelligence

Governance and privacy

Private by default, shared by choice.

TL;DR

You own your data, sharing outward is always optional, and the system never claims to replace official alerts. The article below spells out ownership, sharing, claims, and publication boundaries.

The same rules that make the system useful and trustworthy at one parcel also shape every later phase.

Schematic of raw parcel data, opt-in shared signals, and public context separated by policy boundaries.
Raw parcel-linked data stays private by default; outward sharing and public release are framed explicitly—not collapsed into one lane.

Ownership

Parcel operators own their raw parcel-linked data. Platform operation does not imply a blanket transfer of ownership. Derived outputs (like parcel state estimates) do not erase the operator's rights in the underlying raw data.

Data classes

The system distinguishes five data classes, each with its own handling rules:

  1. Private parcel data — raw readings and parcel-linked observations, private by default.
  2. Shared data — coarse signals contributed to nearby parcels under explicit opt-in.
  3. Public context — regional weather, smoke, hydrology, and related public feeds.
  4. Derived parcel states — estimates and inferences produced by the system.
  5. Administrative records — governance, consent, and operational metadata.

Sharing

Sharing beyond the parcel is opt-in. The system defines four sharing modes, each a separate opt-in with different rules:

  • Private only — no outward sharing.
  • Network assist — system uses parcel data to improve local inference but does not expose it.
  • Neighborhood aggregate contribution — coarse signals shared with nearby participants.
  • Research / pilot contribution — data shared with research or pilot programs under specific terms.

Control permission (allowing the system to act on your behalf) is separate from sharing permission. A larger network can grow without treating private parcel data as public by default.

Claims and limits

Parcel-state outputs are estimates, not guarantees. The project does not claim emergency authority or official alerts. Outputs may support occupant decisions, but they do not replace official alerts, on-scene conditions, or personal judgment.

Rights

Parcel operators have the right to export their data, request deletion, and revoke sharing at any time. Revocation reliably stops future sharing. Retention cleanup has named owners and a defined schedule.

Hard boundaries

These rules do not change as the project grows:

  • Sharing never switches from opt-in to opt-out.
  • Exact parcel-linked contributed data is never published or exposed in public maps.
  • Anonymization is never claimed without a recognized standard.
  • No advertising telemetry or selling raw parcel data.
  • No silent repurposing of data beyond stated use.
  • No inferring control approval from compatibility.
  • No public parcel-by-parcel hazard map or public list of participating sites.
  • Outputs are never marketed as safety guidance.
  • Open release of software or docs does not turn participant-contributed parcel-linked data into open data.

Continue reading

Read next

PilotSee governance in practice during the field pilot.Get involvedFind a participation path and reach the project.How it worksEvidence layers, modes, and how data flows through the system.
Top