Evidence handling
Evidence Policy
Sentinelle Watch treats scam evidence as sensitive operational data. The workflow is built around preservation, minimization, consent, redaction, and human-reviewed provider dispatch.
Evidence and abuse desk contact: Abuseops@sentinelle-watch.org
Custody Requirements
- Capture source URL, rendered screenshot, DOM snapshot, network log, console log, final URL, and page title when browser capture is available.
- Hash generated artifacts before storage and attach EvidenceFile and EvidenceCustodyEvent records.
- Keep dispatch packets factual and evidence-backed with source links, indicators, harm context, and requested provider action.
- Apply redaction and consent review before external sharing with providers, partners, or customers.
- Preserve provider confirmations, ticket references, bounces, rejections, and verification results in the case timeline.
Prohibited Uses
- Credential harvesting, malware analysis that executes attacker code outside an isolated capture context, or exploit attempts.
- Doxxing, harassment, retaliation, or public accusation without evidence review.
- Automated provider submissions that bypass human approval or provider anti-abuse controls.
- Sharing victim PII when it is not necessary for provider review.
Provider Sharing
Provider packets should include the smallest evidence set that lets the provider verify policy abuse: source URL, active indicators, screenshots or hashes, brand impersonation context, and requested review action. External sharing is blocked when evidence quality, compliance, or consent checks fail.
Abuse desk identity