Data Mapping

I don't sell security testing.
I provide privacy risk reduction and regulatory compliance.

MY OFFER:
Third-party tracking audit – Legal risk identification (GDPR, CCPA, HIPAA)
Data flow mapping – Visibility into where customer data actually goes
Privacy compliance assessment – Avoid fines, class actions, reputation damage
Remediation guidance – Practical steps to remove unnecessary tracking
Expert witness – Technical evidence for litigation

For Campaigns & Organizing Efforts

Campaign technology assessment Evaluating data handling

For Social Services

Ensure client dignity, protect vulnerable populations, honor community trust

Begin Sovereignty Mapping Pro Bono for Qualifying Orgs

The Data Harvesting Problem

Your business tools:
the CRM, email, cloud storage, communication platforms, aren't just utilities;
They're surveillance endpoints, Data extraction points & Vendor lock-in mechanisms.

What I Find in Tech Stacks

  • Customer data flowing to third-party trackers
  • Unused SaaS subscriptions bleeding revenue
  • Critical vulnerabilities in "trusted" platforms
  • Compliance gaps that could trigger fines

The Sovereignty Audit Difference

  • No fear-mongering, only evidence
  • Vendor-agnostic recommendations
  • Clear migration paths to sovereign alternatives
  • Implementation roadmaps, not just reports

My Methodology: Data Mapping Rigor for Your Business

Manual, Not Automated

I don't just run scanners. I think like an attacker, finding logic flaws that automated tools miss.

Proof, Not Speculation

When I find vulnerabilities, I demonstrate impact safely. Like my government site account takeover discovery.

Business Context

I explain risks in terms of business impact: lost revenue, reputation damage, legal liability.

Recent Finding Example

FINDING: Authentication Tokens in Browser History
                LOCATION: Government benefits portal
                IMPACT: Complete account takeover
                PROOF: Captured token from history →
                Accessed account → Changed password
                CVSS: 9.1 (Critical)

This is the level of rigor I bring to every assessment.

Where Does Your Data Go?

Every digital interaction in your business creates data flows. Customer information, visitor behavior, internal communications,
much of it flows to platforms you don't control, serving interests that may not align with yours.

The Problem:
Invisible Data Leakage

  • Customer data flowing to third-party trackers
  • Vendor dependencies creating lock-in and risk
  • Tools that surveil rather than serve your mission
  • Compliance gaps from international data transfers

The Solution:
Clarity and Control

  • Data Flow Examination I trace where information actually travels
  • Vendor Relationship Mapping I chart your external dependencies
  • Control Assessment I evaluate your actual data sovereignty
  • Independence Roadmap I chart a path to reclaim control

Integrity-First Mapping Examples

Campaign Protection

CLIENT: Statewide Political Campaign

ISSUE: Volunteer verification process

MAPPING DISCOVERY: Sensitive documents shared via unencrypted channels, downloadable by multiple staff members

CONTROL ASSESSMENT: Volunteer PII 95% exposed,
no retention policies, no access logs

SOLUTION: Encrypted portal + role-based access + automatic document expiration

RESULT: Volunteer trust protected, campaign integrity secured, legal liability eliminated

Advocacy Organization Sovereignty

CLIENT: Racial Justice Advocacy Group

ISSUE: Donor/activist data protection

MAPPING DISCOVERY: Activist contact lists on US surveillance platforms, donor data in 3rd-party CRMs

CONTROL ASSESSMENT: Activist data 80% vendor- controlled, opposition research risk: HIGH

SOLUTION: Sovereign CRM migration, encrypted communications, data minimization implementation

RESULT: Activist safety ensured, donor confidence increased, opposition vulnerability closed

I specialize in protecting mission-driven organizations where data sovereignty isn't just about compliance, but about protecting people and democracy.

Data Flow Audit

Four levels of clarity, plus ongoing monitoring to catch what changes.

Essential Audit

For small businesses, non-profits, and Masjids

$1,500

Includes:

  • Third-party script inventory
  • Basic compliance check (GDPR/CCPA)
  • 1-page executive summary
  • Email support

Best for: Sites under 25 pages, non-profits, community organizations

Professional Audit

For growing businesses and e-commerce

$3,500

Includes:

  • Full third-party script inventory
  • PII detection (email, name, health data, phone)
  • Data flow map (visual diagram)
  • Detailed compliance assessment (GDPR/CCPA/HIPAA)
  • Remediation roadmap
  • 1-hour walkthrough call

Best for: Sites under 100 pages, e-commerce, lead generation

Enterprise Audit

For large organizations, healthcare, finance

$7,500

Includes:

  • Everything in Professional Audit
  • Executive briefing (30-min presentation)
  • Legal memo for counsel
  • Scaled for project size (100-500+ pages)
  • 2-hour walkthrough call

Best for: Healthcare portals, financial services, government sites

Pre-Launch Audit

For sites in development

$2,500

Includes:

  • Architecture review (planned third parties)
  • Staging environment audit
  • Privacy-ready checklist
  • Remediation guidance (fix before launch)
  • 1-hour consultation with dev team

Why pre-launch? 10x cheaper to fix tracking before launch than after. No data leaked yet. No compliance violations yet.

Quarterly Monitoring

Add-on for any package

$1,500/month

What I do (monthly background checks):

  • Automated scans for new third-party scripts
  • Change detection (compare to baseline)
  • Risk assessment of new trackers
  • Emergency notification for critical findings (24 hours)

What you get (quarterly):

  • Change detection report
  • Compliance status update
  • 30-min review call

12-month term. Billing options: monthly ($1,500), quarterly ($4,200, 7% discount), annual upfront ($15,300, 15% discount).

Available with any base package: Essential, Professional, Enterprise, or Pre-Launch.

Mission-Driven
Organizations
Need Sovereignty

The Stakes Are Different

For mission-driven organizations,
data sovereignty isn't about compliance, it's about:

  • Protecting vulnerable people from digital harm
  • Preserving campaign integrity against opposition exploitation
  • Honoring community trust that fuels your mission
  • Ensuring tools serve people, not surveil them

Real Impact
Real Protection

  • Preventing volunteer/donor data from being Iaponized
  • Ensuring client dignity in social service systems
  • Meeting grantor data protection requirements
  • Building community trust through transparent data practices
  • Creating sustainable, ethical technology foundations

Pro Bono for Mission-Driven Organizations

Each quarter, I provide two complete Digital Sovereignty Mappings to organizations serving marginalized communities or protecting democracy.

Priority Given To:

  • Organizations serving marginalized communities
  • Voting rights and democracy protection groups
  • Domestic violence shelters & crisis services
  • Racial justice advocacy organizations
  • Under-resourced community organizing efforts

Pro Bono Includes

  • Complete digital ecosystem mapping
  • Specialized Integrity-First or Dignity-First assessment
  • Sovereignty migration options assessment
  • Team sovereignty training workshop
  • 6-month implementation support
Apply for Pro Bono Sovereignty Mapping

Protect Your Data

All engagements begin with a
complimentary 15-minute consultation.

Signal Messenger

End-to-end encrypted. No metadata retention. This is how to reach me.

Signal QR code

Signal QR Code

Download Signal

1. Install Signal | 2. Scan QR or add username | 3. Send encrypted message

Mission-Specific Templates

Founded by a Veteran & Community Organizer,
turned Sovereignty Protector.

I understand mission-driven work because I've done it.
Your protection is my purpose.

Subscribe & Follow

Substack: Articles, investigations, and live demo announcements.

GitHub: Open-source tools, scripts, and findings.