🔬Beta

We're in beta — products are not yet available for purchase.

OSINT, Responsibly

OSINT tools are powerful. With power comes responsibility.

Nodus is designed for lawful, consent-aware use. Here's how we enforce that.

Clear Boundaries

Most OSINT platforms oversell power and underplay responsibility. We don't.

Lawful Use Cases

  • Security research and vulnerability disclosure
  • Investigating your own digital footprint
  • Journalism and public interest investigations
  • Corporate due diligence and threat intelligence
  • Academic research with ethical review
  • Authorized penetration testing engagements

What We Don't Support

  • ×Mass surveillance or dragnet data collection
  • ×Harassment, stalking, or intimidation campaigns
  • ×Non-consensual tracking for commercial gain
  • ×Doxxing or public exposure without consent
  • ×Bypassing platform terms of service at scale
  • ×Building shadow profiles for resale

Design Constraints for Ethical Use

These aren't just policies—they're technical constraints built into Nodus.

Logging & Reversibility

All OSINT queries are logged locally for audit. You can review what you searched, when, and why. Local logs can't be tampered with remotely.

Local Processing

Research happens on your device. We don't build shadow profiles on our servers. No aggregation of "all users who searched X."

No Enrichment Resale

We don't aggregate research data for resale to data brokers. Your investigations don't feed someone else's surveillance platform.

Rate Limiting by Design

Built-in rate limits prevent aggressive scraping at scale. Designed for focused investigations, not dragnet operations.

Transparent Queries

Every search shows exactly what data sources are being queried and what information is returned. No hidden enrichment.

No Mass Operations

Tools are designed for targeted research, not bulk lookups. Batch operations require explicit confirmation for each subset.

Legal Framework

Understanding the legal boundaries of OSINT work.

GDPR Compliance (Europe)

Under GDPR Article 6, lawful bases for processing personal data include:

  • Legitimate interests (security research, fraud prevention)
  • Public interest (journalism, academic research)
  • Legal obligation (compliance investigations)

Nodus's local-first architecture means you control data processing, not us.

Responsible Disclosure

If your OSINT research uncovers security vulnerabilities:

  • Report to the organization privately before public disclosure
  • Allow reasonable time for patching (typically 90 days)
  • Don't access systems beyond what's necessary to demonstrate the issue

Responsible disclosure protects both researchers and organizations.

Why We Take This Stance

OSINT capabilities have democratized access to investigative tools. That's powerful. But power without boundaries becomes surveillance.

We believe OSINT can be a force for accountability, security research, and informed decision-making—without enabling abuse. By building constraints into the design, we make responsible use the default, not an afterthought.

Explore OSINT Features