Doxreporter / forcestopper.org
Operated by Capguard Protocol Consulting
Effective Date: March 14, 2026
Capguard Protocol Consulting operates Doxreporter, a cyber incident reporting platform accessible at forcestopper.org (the "Service"). This Privacy Policy explains how the Service collects, uses, protects, and handles personal information, including data accessed through third-party integrations such as Google Contacts. By using the Service, you agree to the practices described herein. Doxreporter is designed as a privacy-first tool. We collect only what is necessary to deliver the Service, and we apply multiple layers of technical and organizational safeguards to protect all user-generated data.
When you choose to enable the Google Contacts integration, the Service requests read access to the email addresses stored in your Google Contacts. No other Google account data, contact names beyond those you select, contact metadata, or additional profile information is requested or accessed.
Email addresses from your Google Contacts are accessed solely to pre-populate the recipient fields in your cyber incident reports. This feature allows you to conveniently select intended report recipients without manually entering email addresses. The integration is an optional convenience feature and is not required to use the core reporting functionality of Doxreporter.
Access to your Google Contacts is obtained only with your explicit authorization through Google's standard OAuth 2.0 consent flow. You will be presented with a clear permission prompt before any Contacts data is accessed. You may decline authorization without affecting your ability to use other features of the Service.
Google Contacts data is used exclusively within your active session. The Service does not store, log, transmit, index, or share your Google Contacts data in any persistent form. Contact information accessed during a session is held only in temporary memory for the duration of that session and is permanently wiped when the session ends. No Google Contacts data is written to any database, file system, or cloud storage operated by the Service.
Your Google Contacts data is never sold, rented, disclosed, or shared with any third party. It is not used for advertising, analytics, profiling, or any purpose beyond the pre-population of report recipient fields within your current session.
You may revoke the Service's access to your Google Contacts at any time by navigating to your Google Account at myaccount.google.com, selecting the Security tab, locating "Doxreporter" or "forcestopper.org" under Third-party apps with account access, and selecting "Remove Access". Revoking access prevents any future session from accessing your Google Contacts data. Because no Contacts data is stored by the Service, there is nothing to delete from our systems upon revocation.
3.1 User-Generated Report Data: When you submit a report, the Service collects information you provide including incident descriptions, timestamps, recipient email addresses, and supporting documentation or evidence you attach.
3.2 Account and Authentication Data: For accounts, we collect your email address and a securely hashed password credential. We do not store plaintext passwords. Account sessions are managed through secure, expiring tokens.
3.3 Usage and Technical Data: The Service may collect non-identifying technical data such as browser type, device type, and IP address, used solely for platform security, fraud prevention, and operational monitoring.
3.4 Payment Data: Payment transactions are processed through PayPal. The Service does not receive, store, or have access to your full payment card details. PayPal's privacy policy governs the handling of all payment information.
4.1 Cloud Storage and Backend: Submitted reports and associated media are stored in Google Cloud Storage with uniform bucket-level access controls enforced. The backend database is hosted on Neon PostgreSQL with encrypted connections (TLS 1.2+) required for all data in transit.
4.2 Immutable Reports and IPFS: Finalized reports are anchored to Pinata IPFS, creating a tamper-evident, immutable record. Before any report is committed to IPFS, private and sensitive personal identifiers are redacted. Once anchored, IPFS content cannot be altered. Report hashes are recorded on the blockchain for independent verification.
The Service's infrastructure providers operate under internationally recognized security certifications, including:
Session data is accessible only to the individual user associated with that session. No employee, contractor, or administrator of the Service has routine access to user session contents. Administrative access to infrastructure is strictly limited, logged, and subject to multi-factor authentication requirements.
5.1 Active Account Retention: Data associated with active accounts is retained for the duration of the account's active status in order to provide continuity of service.
5.2 Inactive Data and Monthly Purge: The Service performs a monthly backend purge cycle to delete all inactive data. A maximum retention window of two (2) years applies from the date of last activity, after which data is permanently deleted regardless of account status, unless the account remains actively in use.
5.3 Session Data: Temporary session information, including any Google Contacts data loaded during a session, is wiped immediately upon session termination and is never carried over to subsequent sessions or stored in any persistent medium.
5.4 IPFS-Anchored Reports: Due to the immutable nature of IPFS, content that has been anchored cannot be deleted from the distributed network. Users should review reports carefully before final submission. Private and sensitive identifiers are redacted from reports prior to IPFS anchoring, as described in Section 4.2.
The Service does not sell, trade, or rent user information to third parties. Information may be disclosed only in the following limited circumstances:
Depending on your jurisdiction, you may have the following rights with respect to your personal information: access, correction, deletion (subject to IPFS immutability constraints described in Section 5.4), portability, objection to certain types of processing, and withdrawal of consent including revocation of Google Contacts access as described in Section 2.6. To exercise any of these rights, contact us at the address provided in Section 9.
The Service uses minimal, essential cookies required to maintain authenticated sessions. The Service does not use third-party advertising cookies, behavioral tracking pixels, or cross-site tracking technologies. Session cookies are deleted when your browser session ends.
Capguard Protocol Consulting
Operating Platform: Doxreporter at forcestopper.org
Privacy inquiries: info@roen.solutions
The Service reserves the right to update this Privacy Policy at any time. Material changes will be communicated to users via notice on the platform or by email to registered account holders. The effective date at the top of this document will be updated upon each revision. Continued use of the Service following notification of changes constitutes acceptance of the revised policy.