← Back to Home

Ethics Code

Last updated: February 2026  ·  Governing all engagements conducted by Privacy Insight Solutions

Contents

  1. Purpose & Scope
  2. Consent & Authorization
  3. Legal Compliance
  4. Data Minimization
  5. Do No Harm Principle
  6. Transparency with Clients
  7. Confidentiality
  8. Conflicts of Interest
  9. Responsible Reporting
  10. Enforcement & Accountability

1. Purpose & Scope

This Ethics Code governs the conduct of Privacy Insight Solutions and all individuals acting on its behalf in the delivery of OSINT (Open Source Intelligence), privacy consulting, digital exposure auditing, and related services.

Our work involves accessing publicly available information and legally obtained data to help clients understand and reduce their digital exposure. This capability carries significant responsibility. This Code exists to ensure that responsibility is exercised with integrity, legality, and respect for human dignity.

This Code applies to every engagement, regardless of client type, service tier, or jurisdiction.

First-Party Consent Model

We operate exclusively on a first-party consent basis. We only conduct investigations on individuals who have provided explicit, written authorization. We do not accept requests to investigate third parties without their knowledge and consent.

Before any engagement begins, clients must:

  • Confirm in writing that they are the subject of the investigation, or that the subject has provided explicit written consent
  • Acknowledge the scope and nature of the services being performed
  • Agree to the terms of engagement, including this Ethics Code

Corporate engagements require individual consent forms signed by each team member whose digital footprint will be assessed. No individual within a corporate engagement is audited without their personal authorization.

We reserve the right to decline or terminate any engagement where we have reasonable grounds to believe consent has not been properly obtained.

All services are conducted in strict compliance with applicable laws, including but not limited to:

  • The Computer Fraud and Abuse Act (CFAA) and equivalent national laws
  • The General Data Protection Regulation (GDPR)
  • The California Consumer Privacy Act (CCPA)
  • The Electronic Communications Privacy Act (ECPA)
  • Applicable anti-stalking and harassment statutes

We do not access private systems, accounts, or communications without authorization. We do not use hacking, social engineering against third parties, or any technique that would constitute unauthorized access under applicable law.

All intelligence is derived from publicly available sources, legally licensed breach databases, and information provided directly by the consenting client.

4. Data Minimization

Collect Only What Is Necessary

We collect and process only the minimum personal data required to deliver the requested service. We do not build profiles beyond the scope of the engagement, and we do not retain data beyond the periods specified in our Data Purge Policy.

Analysts are instructed to:

  • Avoid collecting personal data about individuals not directly relevant to the engagement
  • Exclude sensitive categories of data (health, religion, sexual orientation) unless directly relevant and explicitly authorized
  • Document only findings that are material to the client’s risk assessment
  • Discard incidental data discovered during an investigation that falls outside the authorized scope

5. Do No Harm Principle

Our services are designed to protect individuals, not to enable harm. We will not knowingly provide services that could be used to:

  • Stalk, harass, intimidate, or surveil any individual without their consent
  • Facilitate domestic abuse, stalking, or any form of targeted harassment
  • Enable discrimination based on protected characteristics
  • Support any activity that is illegal in the client’s or subject’s jurisdiction
  • Harm the physical, psychological, financial, or reputational wellbeing of any person

If, during an engagement, we discover information suggesting that our services are being misused or that a third party is at risk of harm, we reserve the right to suspend the engagement and, where legally required, report the matter to appropriate authorities.

6. Transparency with Clients

We commit to being honest and transparent with our clients at all times:

  • We clearly describe what each service tier includes and does not include before engagement
  • We do not make guarantees we cannot keep (e.g., we do not promise 100% data erasure from the entire internet)
  • We report findings accurately, including negative findings (i.e., when little or no exposure is found)
  • We disclose any limitations in our methodology or data sources that may affect the completeness of findings
  • We provide honest timelines and do not overstate the speed or certainty of data removal outcomes

7. Confidentiality

All client information and engagement findings are treated as strictly confidential. We do not:

  • Discuss, share, or reference client engagements with any third party without explicit written consent
  • Use client data as case studies, examples, or marketing material without explicit written consent
  • Retain sensitive findings beyond the 48-hour post-delivery purge window

Confidentiality obligations survive the termination of any engagement and apply indefinitely to sensitive personal information.

8. Conflicts of Interest

We will not accept engagements where a conflict of interest exists or may reasonably be perceived to exist. Specifically:

  • We will not simultaneously represent parties with opposing interests in the same matter
  • We will disclose any prior relationship with a subject of investigation before accepting an engagement
  • We will not accept gifts, payments, or incentives from third parties that could influence our findings

If a conflict of interest arises during an engagement, we will notify the client immediately and, if necessary, withdraw from the engagement with a pro-rated refund.

9. Responsible Reporting

When delivering findings, we adhere to the following standards:

  • Accuracy: All findings are verified to the best of our ability before inclusion in a report. We distinguish between confirmed findings and unverified indicators.
  • Context: We present findings with sufficient context to allow the client to understand their significance and avoid misinterpretation.
  • Proportionality: We do not sensationalize findings. Risk levels are assigned based on objective criteria, not to create alarm.
  • Actionability: Every report includes prioritized, practical remediation steps. We do not deliver findings without guidance on how to address them.
  • Evidentiary limitation: Our findings are derived from open-source intelligence and are provided for informational purposes only. They are not admissible as evidence in legal or court proceedings and do not constitute legal, forensic, or law enforcement output. Clients who require evidence for legal proceedings should engage qualified legal counsel or law enforcement directly. Where our findings may be relevant to a legal matter, we can explain our methodology to a client’s legal team, but we do not provide expert witness testimony or certify findings for court use.

10. Enforcement & Accountability

Adherence to this Ethics Code is a condition of engagement for all clients and a professional obligation for all individuals acting on behalf of Privacy Insight Solutions.

Violations of this Code — whether by a client misusing our services or by an internal failure — will result in immediate suspension of the engagement. We reserve the right to refuse service to any party that has previously violated these principles.

If you believe we have acted in violation of this Ethics Code, please contact us at privacy@privacyinsightsolutions.com. We take all such reports seriously and will investigate promptly.