Skip to Content

Wiki source code of Transparency Policy

Last modified by Robert Schaub on 2026/02/08 08:29
Show last authors
1 = Transparency Policy =
2
3 == 1. Purpose and Scope ==
4
5 This Transparency Policy defines FactHarbor's commitment to openness in all aspects of operations, governance, and finances. It establishes what information is public by default, what may be kept private, and the processes for requesting information.
6 **This policy applies to:**
7
8 * FactHarbor Organisation (legal entity)
9 * All FactHarbor projects and services
10 * Governing Team, staff, and contractors
11 * All decision-making processes
12
13 == 2. Core Principle: Default to Public ==
14
15 **Default Rule:** All organisational information is public unless it meets a specific exception.
16 This principle reflects FactHarbor's mission: a project claiming to support well-grounded, manipulation-resistant judgments must itself be transparent and accountable.
17
18 == 3. What Must Be Public ==
19
20 === 3.1 Financial Information ===
21
22 Published annually (within 6 months of fiscal year end):
23
24 * **Complete financial statements** (audited where possible)
25 * **Tax filings** (Swiss tax filings per cantonal requirements)
26 * **Income statement** showing:
27 * Grants and donations (aggregate)
28 * Sponsorships and contracts (aggregate)
29 * Other revenue sources
30 * **Expense statement** showing:
31 * Program expenses by category
32 * Administrative costs
33 * Fundraising costs
34 * **Compensation ranges** by role (not individual salaries)
35 * **Major funding relationships** (>$50,000 per year or >10% of budget)
36
37 === 3.2 Governance Information ===
38
39 Published continuously (promptly of changes):
40
41 * **Governance documents**:
42 * Verein statutes (bylaws)
43 * Operating procedures
44 * Decision-making authority matrix
45 * Conflict of interest policy
46 * **Governing Team information**:
47 * Current board composition
48 * Governing Team member bios and affiliations
49 * Meeting schedules
50 * Governing Team meeting minutes (with limited exceptions - see section 4)
51 * Governing Team decisions and resolutions
52 * **Policy changes**:
53 * All policy updates with rationale
54 * Effective dates
55 * Community input periods
56 * **Organisational structure**:
57 * Reporting relationships
58 * Key staff roles (not individual names unless they choose)
59 * Advisory bodies and committees
60
61 === 3.3 Operational Information ===
62
63 Published regularly:
64
65 * **Transparency Reports** (twice yearly):
66 * Government requests for user data
67 * Content moderation statistics
68 * Takedown requests (DMCA, legal)
69 * Policy violation reports
70 * Security incident disclosures (after resolution)
71 * **Technical Performance**:
72 * AKEL performance metrics
73 * Quality gate pass rates
74 * Risk tier distribution statistics
75 * System uptime and availability
76 * **Content Statistics**:
77 * Number of claims, scenarios, verdicts
78 * Publication mode distribution
79 * Review and audit rates
80 * **Partnership Information**:
81 * Major partnerships and collaborations
82 * Funding relationships
83 * Technical dependencies
84
85 === 3.4 Source Code and Technical Specifications ===
86
87 Published continuously:
88
89 * All source code per open source licenses (MIT, AGPL, CC BY-SA)
90 * Technical architecture documentation
91 * Protocol and data model specifications
92 * API documentation
93 * Quality gate algorithms and parameters
94 * Risk tier assignment criteria
95
96 == 4. What May Be Private ==
97
98 Information may be withheld ONLY when disclosure would:
99
100 === 4.1 Individual Privacy (Highest Priority) ===
101
102 Private:
103
104 * User personal data (emails, IP addresses, phone numbers)
105 * Contributor real names (if pseudonymous)
106 * Personnel files and reviews
107 * Individual salaries (publish ranges only)
108 * Medical or family information
109 * Background checks
110
111 === 4.2 Security ===
112
113 Temporarily private (with time limits):
114
115 * Unpatched security vulnerabilities (public after patch + 30-90 days)
116 * Active security incidents (public after resolution)
117 * Penetration test results (sanitized version public after fixes)
118 * Authentication credentials and API keys
119 * Infrastructure-specific security configurations
120
121 === 4.3 Legal ===
122
123 Private while active:
124
125 * Ongoing litigation details (summary public, details after resolution)
126 * Attorney-client privileged communications
127 * Settlement negotiations
128 * Subpoenas with gag orders (challenge orders exceeding 1 year)
129 * Whistleblower identity (protected permanently unless they consent)
130
131 === 4.4 Operational ===
132
133 Private with conditions:
134
135 * Donor information (unless donor consents to publication)
136 * Abuse investigation details (protect victims)
137 * Governing Team discussions on personnel matters (outcomes public)
138 * Strategic plans that would create competitive disadvantage (time-limited: public after 12 months or execution)
139
140 == 5. Time Limits on Privacy ==
141
142 All private information has an expiration date:
143
144 * **Security vulnerabilities**: Public 30-90 days after patch
145 * **Security incidents**: Public immediately after resolution (sanitized)
146 * **Governing Team personnel discussions**: Outcomes public, process private for 1 year then reviewed
147 * **Strategic plans**: Public after execution or 12 months, whichever comes first
148 * **Legal matters**: Public after resolution
149 * **Donor information**: May be withheld permanently only with donor objection
150 **Annual Review:** All information marked "private" is reviewed annually. If exception no longer applies, information becomes public.
151
152 == 6. Transparency Reports ==
153
154 Published **twice yearly** (January and July):
155
156 === 6.1 Government Requests ===
157
158 * Number of requests for user data (by type)
159 * Number of requests complied with
160 * Number of requests challenged
161 * Number of users affected
162 * Types of data requested
163
164 === 6.2 Content Moderation ===
165
166 * Total moderation actions by category
167 * Publication mode changes (Mode 1 → 2, etc.)
168 * Quality gate failures by gate
169 * Community flags and expert reviews
170 * Takedown requests and responses
171
172 === 6.3 Security ===
173
174 * Security incidents (after resolution)
175 * Vulnerability reports received
176 * Bounties paid
177 * Patches deployed
178 * Audit findings (sanitized)
179
180 === 6.4 Performance ===
181
182 * AKEL performance metrics
183 * User growth and engagement
184 * Content growth
185 * Community contributions
186 * System availability
187
188 == 7. Information Request Process ==
189
190 === 7.1 Submitting a Request ===
191
192 Anyone may request organisational information:
193
194 1. **Email**: [Transparency contact to be established]
195 2. **Include**:
196
197 * Specific information requested
198 * Rationale for request
199 * Preferred format (if applicable)
200 3. **Expect**: Initial response within 14 business days
201
202 === 7.2 Request Evaluation ===
203
204 Requests are evaluated against:
205
206 * Is information already public? (link provided)
207 * Does exception in Section 4 apply?
208 * Can information be disclosed with redactions?
209 * Is time limit on privacy expired?
210
211 === 7.3 Response Types ===
212
213 * **Granted**: Information provided promptly
214 * **Partially Granted**: Information with redactions provided, explanation of redactions
215 * **Denied**: Written explanation of which exception applies
216 * **Deferred**: If time-limited exception, date when information will become public
217
218 == 8. Appeals Process ==
219
220 If request is denied:
221
222 === 8.1 First Appeal ===
223
224 1. Submit appeal to **Transparency Committee** (if established) or Governing Team
225 2. Include:
226
227 * Original request
228 * Denial reason
229 * Additional context or rationale
230 3. Decision promptly
231
232 === 8.2 Final Appeal ===
233
234 1. Appeal to **Full Governing Team** of Leads
235 2. Governing Team reviews at next scheduled meeting
236 3. Governing Team decision is final
237 4. Rationale published (unless it would disclose the private information)
238
239 == 9. Community Input ==
240
241 === 9.1 Policy Changes ===
242
243 Before making material changes to transparency commitments:
244
245 1. **Proposal published** with rationale
246 2. **Public comment period** (minimum 30 days)
247 3. **Community input** considered
248 4. **Decision rationale** published with final policy
249
250 === 9.2 Ongoing Input ===
251
252 Community may:
253
254 * Request additional transparency commitments
255 * Suggest improvements to reporting
256 * Identify information that should be public
257 * Challenge exceptions
258 Submit suggestions to: [Transparency contact to be established]
259
260 == 10. Compliance and Oversight ==
261
262 === 10.1 Internal Oversight ===
263
264 * **Transparency Officer** (staff or board designee):
265 * Reviews all privacy classifications
266 * Manages information requests
267 * Prepares transparency reports
268 * **Annual Transparency Audit**:
269 * Reviews all "private" classifications
270 * Checks compliance with publication schedules
271 * Assesses process effectiveness
272
273 === 10.2 Public Reporting ===
274
275 Annual transparency compliance report includes:
276
277 * Number of information requests received
278 * Request grant/deny statistics
279 * Exception usage (how often each applied)
280 * Privacy expiration reviews
281 * Improvements made to process
282
283 === 10.3 Independent Audit ===
284
285 When feasible (budget permitting):
286
287 * Independent third-party transparency audit
288 * Results published
289 * Recommendations implemented or explanations provided
290
291 == 11. Enforcement ==
292
293 === 11.1 Violations ===
294
295 Violation of this policy includes:
296
297 * Withholding information that should be public
298 * Failing to publish required reports on schedule
299 * Misclassifying public information as private
300 * Extending privacy beyond time limits without review
301
302 === 11.2 Consequences ===
303
304 * Internal violations: Performance review, retraining, or disciplinary action
305 * Governing Team violations: Governing Team review, potential removal
306 * Persistent violations: Independent investigation
307
308 === 11.3 Whistleblower Protection ===
309
310 Anyone may report transparency violations to:
311
312 * [Transparency contact to be established]
313 * Any board member directly
314 * External parties (regulators, media)
315 Whistleblowers are protected from retaliation. Reports may be anonymous.
316
317 == 12. Updates to This Policy ==
318
319 Changes to this Transparency Policy:
320
321 * Require Governing Team approval
322 * Must include 30-day public comment period
323 * Are published with rationale
324 * Take effect 30 days after final publication
325 **Version History:**
326 * 0.9.28 (2025-12-17): Initial policy based on best practices from Wikimedia Foundation and Mozilla Foundation
327
328 == 13. Contact ==
329
330 **Transparency Requests**: [Transparency contact to be established]
331 **Appeals**: [Governing Team contact to be established]
332 **Whistleblower Reports**: [To be established - secure channel]
333
334 == 14. Related Policies ==
335
336 * [[Open Source Model and Licensing>>FactHarbor.Organisation.Open Source Model and Licensing]]
337 * [[Privacy Policy>>FactHarbor.Organisation.How-We-Work-Together.Privacy-Policy]]
338 * [[Governance>>Archive.FactHarbor 2026\.02\.08.Organisation.Governance.WebHome]]
339 * [[Finance & Compliance>>FactHarbor.Organisation.Finance-Compliance]]