Open Environmental Sensing and Inference SystemParcel-first sensing and situational intelligence

Governance and privacy

Private by default, shared by choice.

TL;DR

You own your data, sharing outward is always optional, and the system never claims to replace official alerts. The article below spells out ownership, sharing, claims, and publication boundaries.

The same rules that make the system useful and trustworthy at one parcel also shape every later phase.

Schematic of raw parcel data, opt-in shared signals, and public context separated by policy boundaries.
Raw parcel-linked data stays private by default; outward sharing and public release are framed explicitly—not collapsed into one lane.

Ownership

Parcel operators own their raw parcel-linked data. Platform operation does not imply a blanket transfer of ownership. Derived outputs (like parcel state estimates) do not erase the operator's rights in the underlying raw data.

Data classes

The system distinguishes five data classes, each with its own handling rules:

  1. Private parcel data — raw readings and parcel-linked observations, private by default.
  2. Shared data — coarse signals contributed to nearby parcels under explicit opt-in.
  3. Public context — regional weather, smoke, hydrology, and related public feeds.
  4. Derived parcel states — estimates and inferences produced by the system.
  5. Administrative records — governance, consent, and operational metadata.

Sharing

Sharing beyond the parcel is opt-in. The system defines four sharing modes, each a separate opt-in with different rules:

  • Private only — no outward sharing.
  • Network assist — system uses parcel data to improve local inference but does not expose it.
  • Neighborhood aggregate contribution — coarse signals shared with nearby participants.
  • Research / pilot contribution — data shared with research or pilot programs under specific terms.

Control permission (allowing the system to act on your behalf) is separate from sharing permission. A larger network can grow without treating private parcel data as public by default.

What the platform may not do

  • No advertising telemetry or selling raw parcel data.
  • No exposing exact parcel-linked data in public maps.
  • No claiming anonymization without a recognized standard.
  • No silent repurposing of data beyond stated use.
  • No inferring control approval from compatibility.
  • No public parcel-by-parcel hazard map or public list of participating households.

Claims

Parcel-state outputs are estimates, not guarantees. The project does not claim emergency authority or official alerts. Outputs may support household decisions, but they do not replace official alerts, on-scene conditions, or personal judgment.

Rights

Parcel operators have the right to export their data, request deletion, and revoke sharing at any time. Revocation reliably stops future sharing. Retention cleanup has named owners and a defined schedule.

Hard governance boundaries

  • Sharing never switches from opt-in to opt-out.
  • Exact parcel-linked contributed data is never published.
  • Anonymization is never claimed without a recognized standard.
  • Outputs are never marketed as safety guidance.
  • Non-release implementation details are not published.

Release boundary

The public site does not include held-back technical detail, and open release of software or docs does not turn real participant-contributed parcel-linked data into open data.

Continue reading

Read next

HomeReturn to the public overview.Public-safe diagramsSee the system and privacy boundary visually.
Top