Skip to main content
Legal

Source Protection Policy

Clean Nagaland is built around a promise: residents who submit reports anonymously stay anonymous. This page explains how we honor that promise, what we do when outside parties try to breach it, and the limits of what any private platform can guarantee.

This policy applies to every resident who submits a report through Clean Nagaland, whether through the alcohol form, the drug form, or any other reporting mechanism. It also covers individuals who provide information to Nagaland Me through the Contact page in a reporting capacity.

Effective date: April 2026. Last updated: April 2026.

1. What source protection means here

In traditional journalism, source protection is the practice of refusing to reveal the identity of an informant who spoke to a reporter under an understanding of confidentiality. Clean Nagaland applies the same principle to residents who submit reports through the platform.

Source protection on Clean Nagaland covers:

  • Any data that could identify an individual reporter, directly or in combination with other information.
  • The fact that a specific person did or did not submit a specific report.
  • The contents of specific submissions where disclosure would identify the reporter.
  • Communication records between Nagaland Me and reporters, where such communication exists.

It does not cover:

  • Aggregate public data, such as monthly transparency statistics.
  • Map pins themselves, which are already publicly visible.
  • Information the reporter has themselves made public outside the platform.

2. Design principles that make source protection possible

We do not promise source protection as a policy we will try to honor in the face of pressure. We engineer the platform so that, in most cases, we have nothing to reveal. The design is the protection.

2.1 Minimal collection

We do not collect names, addresses, emails, or identity documents on submission forms. We cannot be forced to produce what we do not possess.

2.2 Anonymity at submission

Reporters do not create accounts. There is no login, no sign-up, no email verification. A resident using Clean Nagaland does not tell us who they are at any point.

2.3 Grid-snapped GPS

Alcohol report coordinates are snapped to a 50-meter grid immediately at submission. We never store the exact coordinates that came off your device. Even a subpoena for our database would reveal neighborhood-level location, not doorstep location.

2.4 Daily rotating device fingerprints

Device fingerprints used for spam prevention are hashed with a salt that rotates every day. This means the same device submitting reports on two different days cannot be linked across days in our records.

2.5 Short-lived server logs

IP addresses appearing in standard web server logs rotate out within a short window typical of hosting operations. We do not enrich server logs, cross-reference them with reports, or retain them for extended periods.

2.6 Automatic media deletion

Photos and videos submitted are automatically deleted within 30 days (alcohol) or 90 days (drugs). After that window, there is no image file to produce in response to any request.

2.7 Encrypted phone vault

When a reporter voluntarily shares a phone number on the drug form, the number is encrypted with a passphrase held by a moderator, not a key stored on disk. Without the moderator’s passphrase, even full database access yields no readable phone numbers.

2.8 Short-retention rejected reports

Rejected reports are purged within 24 hours. If a report is rejected, the data associated with it does not persist.

These design choices limit what any outside party can extract from us, whether through legal process, technical compromise, or pressure. The less we have, the less we can be forced to produce.

3. Our commitments to reporters

Within the design above, we commit to the following:

3.1 We will not voluntarily identify reporters

We will never voluntarily provide reporter-identifying information to any government authority, law enforcement agency, political actor, commercial entity, journalist, researcher, or member of the public, whether or not such information exists in our records.

3.2 We will challenge improper requests

If we receive a legal demand for reporter information, we will evaluate its legitimacy carefully. Where a demand appears overbroad, improperly authorized, or inconsistent with applicable law, we will object in writing and, where appropriate, challenge it through available legal procedures before complying.

3.3 We will notify affected reporters where we can

When we receive a request that names a specific tracking code, a specific report, or a specific narrow category that would identify a reporter, and we have a means to communicate with that reporter, we will notify them before complying unless law prohibits notification. Because most reporters submit without giving us contact information, this notification capability is limited to cases where the reporter volunteered a contact channel.

3.4 We will publish transparency about legal demands

We will publish an annual transparency report describing the number of legal demands received, the number complied with, the number challenged, and the number denied. The report will not identify individual demands in ways that would undermine active legal proceedings.

3.5 We will not run honeypots or traps

We will not set up the platform to solicit incriminating submissions, pass information to law enforcement for prosecution, or use submissions as bait. Residents who submit in good faith are not pursued by the platform that received their report.

3.6 We will not share reporter information with partners

Partner organizations handling forwarded drug cases see only the information the reporter explicitly consented to share: description, area, category, media (if attached), and phone (if provided with consent and revealed through the moderator-gated vault). Partners do not receive IP addresses, device fingerprints, raw GPS coordinates (not collected on drug reports), or any technical metadata that could identify a reporter.

4. How we respond to legal demands

We may receive demands for information from:

  • Courts with jurisdiction over Nagaland Me.
  • Law enforcement agencies acting under specific legal authority.
  • Regulatory bodies with statutory powers.
  • Other authorities recognized under applicable Indian law.

Our response process:

4.1 Verification

We verify that the request is authentic, properly authorized, and issued by an authority with jurisdiction. Informal requests, emails without proper authorization, and phone calls are not treated as legal demands. We ask for written orders.

4.2 Scope review

We read the request to understand exactly what is being sought. Demands that are overbroad, vague, or go beyond what the issuing authority has power to compel are challenged.

4.3 Legal review

Where practical, we seek legal counsel before responding to demands that seek reporter-identifying information. Urgent matters are handled as quickly as counsel allows.

4.4 Notification

Where we have a means to notify the affected reporter and where law does not prohibit notification, we notify the reporter before complying. This lets the reporter seek their own counsel.

4.5 Minimum necessary response

If we must comply with a demand, we provide only the information actually demanded. We do not volunteer additional information. We do not interpret requests broadly to hand over related data not specifically compelled.

4.6 Record

We log every demand received, every challenge raised, and every response made. These records support the annual transparency reporting described in section 3.4.

5. What happens when we have nothing to give

In many cases the information sought simply does not exist in our records. When this happens:

  • We state honestly that the requested data is not available.
  • We do not fabricate, reconstruct, or infer information we do not have.
  • We do not retroactively expand data collection in response to a demand.
  • We provide documentation of our retention and collection practices to support our response.

The platform’s design means that, for example, exact GPS coordinates of an alcohol report cannot be produced after submission because they were never stored. Photos older than the retention window cannot be produced because they have been automatically deleted. A reporter’s identity cannot be produced because we never collected it.

6. When we will comply

We do not present ourselves as above the law. Where a properly authorized legal demand is issued, we fall within Indian jurisdiction, the demand is properly scoped, and the underlying matter is legitimate, we comply. Compliance happens after the verification, review, notification, and minimization steps above, and is limited to the minimum necessary to honor the demand.

We cooperate with legitimate investigations into serious harm. We do not treat the platform as a sanctuary for defamation, harassment, or activity outside its intended scope. When submissions reveal criminal harm to third parties (for example, evidence of ongoing violence against a specific person), moderator process may include referral to authorities through appropriate channels, consistent with reporter protection commitments above.

7. What we cannot protect against

Honesty about limits is part of trust.

7.1 Your own device

If someone else has access to your phone, laptop, or browser, they may see that you visited Clean Nagaland and potentially see what you submitted before submission. We cannot protect against compromise of your own device. Use private browsing if your device is shared or surveilled.

7.2 Your network

Your internet service provider and any network operator between you and our server can see that you connected to helpnagaland.com. They cannot see what you submitted because of TLS encryption, but they can see the connection itself. If you are in a context where the fact of visiting Clean Nagaland is risky, consider using a VPN or Tor.

7.3 Your own disclosure

If you tell someone you submitted a report, or if you leave your tracking code where others can find it, your anonymity is compromised by your own action, not by anything the platform did.

7.4 Operational compromise

A skilled attacker who gained persistent access to our infrastructure could potentially observe submissions in real time before they are processed through our protective layers. We invest in defense against this but cannot claim perfect prevention. Our breach-response commitment in the Data and Privacy Overview addresses what happens if an incident is confirmed.

7.5 Coercion of individuals

Individual Nagaland Me staff could in principle be coerced into violating this policy. We mitigate this through technical controls that limit what any single person can do, through logging that makes violations traceable, and through publicly visible policies that make deviation difficult to hide. We cannot rule out all possible pressure on individuals.

7.6 Jurisdictional change

If Indian law changes in ways that require broader compliance with government demands, we will update this policy with the required changes and give users notice before the changes take effect. We cannot override applicable law.

8. Threats to reporters after submission

If you believe you are at risk because of a report you filed or might file on Clean Nagaland:

  • If the risk is immediate and physical, call 112.
  • If the risk relates to a specific pin that may expose you, submit a takedown request through the Takedown and Appeal process. Include your tracking code and describe the safety concern. We treat safety takedowns as highest priority and aim to act within 24 hours.
  • If the risk is ongoing harassment, contact us through the Contact page with the subject line starting “Safety.” We will act on the specific pin, pause the category if needed, and work with you to determine whether further steps are possible.

We do not operate a protection program. We cannot guarantee safety outside the platform. What we can do is remove platform exposure that is making your situation worse.

9. Partner obligations

Partner organizations are bound by written agreements that require them to treat forwarded case data as confidential, use it only for the purposes of helping, and not to share case details with external parties without explicit consent. Breach of these obligations results in removal of the partner and, where appropriate, public notice.

See the For Partner Organizations page for the operational detail of partner expectations.

10. Relationship to Indian law

This policy operates within Indian law. Where specific statutes govern how we must respond to particular types of demands, we follow those statutes. Statutes that create specific protections for sources in certain contexts (for example, journalistic privilege in certain proceedings) apply to the extent they apply under Indian law. We do not claim protections we do not have.

We are not bound by the laws of other jurisdictions. International requests are handled through mutual legal assistance mechanisms or not at all.

11. Changes to this policy

Material changes to this policy are announced publicly for at least 30 days before taking effect, unless law prohibits advance notice of a specific change. Minor clarifications and corrections may be made without notice. The effective date at the top of the page reflects the most recent revision.

12. Contact

For source protection questions, concerns, or to report a specific pressure situation you are encountering, use the Contact page with subject line starting “Source protection.” These messages are read with priority.

For formal legal notices, use the mailing address listed in the Privacy Policy.

Scroll to Top