KWANZA SONORA EDWARDS

DATA FLOW INVESTIGATOR

Tech Stack Investigation Tracking & Surveillance AI Integration Audit Data Fingerprinting
reserve consultation

What I Investigate

Who is tracking your visitors without consent?

"Your consent banner is misleading. I can prove it."

Social pixels, ad trackers, analytics that share with parent companies, they load without asking. Most consent banners do not block them.

Fingerprinting: Canvas, WebGL, and audio fingerprints create an invisible, un-deletable device ID. No consent. No disclosure. No way to opt out.

What data is leaking to third parties?

"I found passwords in plain text. If I can see them, who else can?"

Emails. Phone numbers. Health information. What people type into forms before they click submit. I found passwords unencrypted, login credentials in a govt URL;
If I can see them, who else can?

Can the data be exploited?

"One integration just gave away the keys to your entire system."

A vulnerability in a trusted integration. A breach in a shared CRM. One adversary, one exploit, hundreds of organizations fall at once.

Is there a single point of failure?

"You built a pipeline you never approved."

Your CRM talks to your email tool. Your email tool shares with ad networks. Your apps talk to each other. When one falls, they all fall. I map the connections. I show you where to cut the line.

Services

ATTORNEYS

You handle the law. I follow the data. Here is how I help.

Digital Assets /
Crypto / NFT

Attorneys: Protecting crypto / NFTs
Client risk: Platform leaks credentials
I found passwords unencrypted. Your client's assets are only as safe as the architecture protecting them.

Data Privacy / Breach

Attorneys: Proving data mishandling
Client risk: Data went somewhere unknown
You prove the violation. I follow the data to show where it went.

Business / Corporate

Attorneys: Avoiding client liability
Client risk: Their own website leaks data
I show you where your client's website is failing before opposing counsel does.

Civil Rights

Attorneys: Fighting surveillance & discrimination
Client risk: Client was tracked without consent
The infrastructure enables surveillance. I find it. You fight it.

General Litigation

Attorneys: Case Assessment
Client risk: Evidence is hidden in data
The evidence is in the data. I find it. You admit it.

NGOs

Protecting people, protecting their data.
  • Protect donor privacy: Identify tracking pixels leaking donor data to Facebook, Google, Adobe, ad networks and other third parties.
  • Secure intake forms: Document what happens to sensitive information (health, legal, personal) entered into forms.
  • Comply with grant requirements: Map data flows to show funders you are protecting beneficiary data.
  • Prevent surveillance: Detect fingerprinting and session recorders on donation and contact pages.
Start Your Review →

POLITICAL CAMPAIGNS

Donor PII should not be a data point for ad networks and profiling.
  • Protect donor lists: Identify if donor PII is being sent to third-party trackers
  • Secure voter data: Map how voter information flows through your tech stack
  • Prevent opposition research leaks: Detect if analytics tools are sharing campaign site visitor behavior
  • Ensure volunteer privacy: Document what data volunteer sign-up forms are exposing
Start Your Review →

INVESTIGATIVE JOURNALIST

You expose abuse of power.
I expose their data infrastructure.
Together, we find what they are hiding.
  • AI is eating our lunch, is data aggregation feeding the beast?: Tracing user inputs from websites to OpenAI, Anthropic and other AI providers
  • False tracking claims: Capturing network traffic that shows tracking pixels, fingerprinting and data aggregation, contradicting company statements
  • Data aggregation networks: Mapping how data flows from websites to data brokers, ad networks and analytics platforms
  • Whistleblower evidence: Documenting the technical trail, who collected what, when and where it went
  • Surveillance infrastructure: Revealing the invisible architecture of pixels, trackers and fingerprinting that powers the data economy
Start Your Review →

Prices

Pre-Launch Review
$2,500
/ For small businesses, non-profit
  • Architecture review of planned integrations
  • AI and chatbot data flow evaluation
  • Staging environment audit
  • Remediation guidance (fix before launch)
  • 2-hour consultation with dev team
Essential Review
$3,500
/ For small businesses, non-profits
  • Third-party integration inventory:
    I list every external service, script and domain your website communicates with, from analytics and ads, to chatbots and AI providers. Providing you a report on who receives user data.
  • Basic compliance gap identification:
    I compare what the privacy policy and cookie banner states, against what the website actually does.
  • Subdomain discovery (shared, not audited)
  • Executive summary
Enterprise Review
$12,500
/ +2 Subdomains
  • Everything in Essential Review +
  • Tracking inventory (pixels, analytics, session recorders)
  • Fingerprinting detection (canvas, WebGL, audio)
  • Legal violation mapping (GDPR, CCPA, Wiretap Act)
  • Session recorder deep dive (Hotjar, FullStory):
    Session recorders capture mouse movements, clicks and form inputs; Including what users type before they hit submit. I test whether they are leaking PII without consent.
  • Cross-site tracking map (pixels, GTM, dataLayer)
  • Discovery recommendations (subpoena targets)
  • Forensic PCAP + screenshots with metadata
  • PII detection (email, name, health data, phone)
  • Data flow map (visual diagram)
  • Remediation roadmap
  • 2-hour walkthrough call
📌 Subdomain audit available for any tier: +$500 per subdomain. You approve scope before work starts.

Pro Bono for Mission-Driven Organizations

Each quarter, I provide two complete Essential Reviews to organizations serving marginalized communities or protecting democracy.

Contact

All engagements begin with a complimentary 15-minute consultation to Cover Your Assets.

Contact for Consultation

Inquiry Template