Data Governance

Operator

Decision Atlas is operated by Decision Atlas operator details to be inserted before paid launch, registered in England and Wales, Company Number to be inserted before paid launch. ICO Registration Number: to be inserted before paid launch.

Contact: privacy@decisionatlas.co.uk

Non-negotiable safety boundary

Decision Atlas must not be used for crisis, emergency, safeguarding, suicide or self-harm assessment, medical, therapeutic, legal, financial, or diagnostic decision-making of any kind. Reports are practitioner preparation material only.

Where report inputs contain language indicating immediate crisis, suicide or self-harm risk, safeguarding concern, or medical emergency, report generation may be blocked as a precaution. Such blocking is a system safeguard only and does not constitute a clinical or safeguarding assessment.

1. Evidence sources and legal provenance

Decision Atlas uses reviewed decision-outcome signals from legally clean, publicly available, or explicitly consented sources only. Approved source categories include:

• BAILII legal records — published employment tribunal judgments, psychiatric injury cases, and constructive dismissal records. These are public legal documents. Decision Atlas uses them as mechanism evidence only — the decision mechanism, pressure pattern, and documented outcome are the signal. No personal characterisation of named individuals is intended or implied. Any named individuals should appear only where they are already named in a published legal or public record, and Decision Atlas should minimise reproduction of names where they are not necessary for the decision mechanism.
• UK Parliamentary evidence — select committee testimony and Hansard records. Public record. Used as institutional decision evidence.
• Peer-reviewed research — CC BY licensed academic papers from PLOS ONE, PubMed, and PMC. Methodology transparency required for vault admission.
• National Archives and tribunal records — filtered by decision-mechanism relevance (psychiatric injury, UKEAT, employment law outcomes).
• Financial Ombudsman Service and FCA records — financial decision outcomes with documented consequence and timing data.
• DA consented submissions — practitioner or practitioner-client submissions via the secure submission pipeline with explicit consent, pseudonymisation, and GDPR-aligned processing before vault admission.

Permanently blocked sources: Reddit, LinkedIn, Glassdoor, YouTube, Quora, anonymous forums, and any source without verifiable provenance are permanently excluded from the vault. No signals sourced from these platforms are used in report generation.

2. The 4-layer quality gate

Every signal must pass all four layers before vault admission:

• Personal decision mechanism — a real person facing a real decision with a documented outcome. Opinions, theories, and hypotheticals are rejected.
• Verified outcome — the result of the decision must be recorded through legal records, parliamentary evidence, peer-reviewed research, or explicit consented submission.
• Transferable insight — the mechanism (pressure, delay, regret, forced action) must be comparable across clients in the same decision cell.
• Taxonomy fit — the signal must map to a valid decision_type × decision_subtype cell. Signals that do not fit are discarded, not approximate-matched.

3. What a signal contains

• Decision context at the time of decision.
• Action taken or avoided.
• Observed outcome.
• Regret or consequence score where available.
• Source provenance, trust tier, and quality indicators.
• Decision domain and subtype classification.

The vault does not contain AI-generated case evidence. All signals are sourced from the approved categories above. The system is designed to distinguish observed evidence from interpretation and coaching structure.

4. What report matching means

Matching means the submitted client situation resembles a reviewed decision-outcome pattern in the vault. It does not mean the same outcome will happen to the client, and it does not prove causality. Matched signals share decision mechanisms — not identical life situations.

The vault over-samples adverse and high-regret outcomes by design, because those cases reveal preventable mechanisms. This is stated in every report. Outcome distributions are risk signals, not population rates.

5. Outcome distributions and statistical limits

Where a matched cohort is below 30 cases, path shares should be treated as directional only. Where a matched cohort is below 100 cases, percentage distributions remain directional estimates. Stronger statistical stability requires 100+ matched cases. Reports state the matched count and confidence level explicitly.

6. Data minimisation and prohibited input

Decision Atlas is designed to operate without full client identity. The intake form collects decision context, not full names, addresses, phone numbers, emails, medical records, or safeguarding details. Practitioners must not submit directly identifying client information.

7. Anonymised improvement loop

Anonymised report metadata, decision categories, pattern classifications, outcome categories, and follow-up results may be used to improve future matching, report quality, and aggregate decision intelligence. Where improvement data remains personal data, this processing is intended to rely on legitimate interests under UK GDPR. Where data has been properly anonymised, UK GDPR does not apply to that anonymised data.

8. Safety filtering

Decision Atlas applies safety filters to report inputs before generation. Where submitted content appears to contain crisis indicators, suicide or self-harm language, safeguarding concerns, or severe clinical-risk language, report generation may be declined. This is a precautionary safeguard only. It is not a clinical assessment, not a risk stratification, and not a substitute for professional safeguarding judgement.

The hard gate — requiring a minimum of 5 matched signals before a report is generated — prevents thin or unreliable pattern reads from being delivered. Cases below this threshold receive an error response, not a report.

9. Practitioner data processor relationship

When a practitioner submits a client situation to Decision Atlas, the practitioner remains responsible for deciding what information is submitted and for ensuring the submission is appropriately anonymised or pseudonymised before being sent. The exact controller / processor relationship may depend on the account type, contract, and processing context.

A Data Processing Agreement (DPA) is available on request for practitioners who require one under their own data protection obligations. Contact: privacy@decisionatlas.co.uk.

10. Client-safe page boundary

Only pages explicitly marked client-safe within a report are suitable for sharing with a client. Practitioner-only pages may contain signal evidence, risk framing, contraindications, clinical boundary flags, and method notes that require professional interpretation. Sharing practitioner-only pages with a client is the practitioner's responsibility.

11. BAILII and named individual records

BAILII judgments and parliamentary records are published public documents that may contain the names of individuals involved in legal proceedings. Decision Atlas uses these records as mechanism evidence only. The decision mechanism — pressure accumulation, delay, capacity decay, and regret — is the signal. The named individual is not the subject of characterisation or profiling by Decision Atlas.

Where a named individual's situation appears in a report signal, it appears because they are a party to a published public legal judgment. The same information appears in the original BAILII or parliamentary record. Decision Atlas should minimise unnecessary personal detail and should not add characterisation of the individual beyond the documented decision mechanism and outcome in the original public record.

12. Continuous governance

Decision Atlas is reviewed on an ongoing basis for evidence relevance, unsafe outputs, overclaiming, data retention, report wording, and practitioner misuse risk. The pattern library, safety filters, and source quality criteria are updated as the platform develops.

Practitioners who identify a potentially harmful, misleading, or out-of-scope report output are invited to report it to: privacy@decisionatlas.co.uk.

13. Governing law

This governance framework and all related policies are governed by the laws of England and Wales. Data processing is governed by UK GDPR and the Data Protection Act 2018.