ByStander
BSS v1.0 · Adopted 13 May 2026

The ByStander Safety Standard.

BSS is the written, auditable operating standard for governed personal-safety response. It defines how advocates are trained, how incidents are escalated, how evidence is handled, and how municipalities, campuses, and survivor-services networks can trust the ByStander platform to operate inside their walls.

Request the full Standard → Read the principles
Document at a Glance
Identifier
BSS-MASTER-1.0
Status
ADOPTED
Issued
13 May 2026
Owner
Office of the CEO
Next Review
12 months · or on Critical Incident
Family
1 Master + 14 subordinate docs
What BSS is

The trust layer
for a safety platform.

ByStander handles live location, audio, video, biometric, and incident data from people in their worst moments. These are not features. They are fiduciary obligations to vulnerable people.

BSS is what makes those obligations enforceable. Every advocate is trained against it. Every incident is logged against it. Every municipal, campus, and clinical partner agrees to it in writing.

It is what permits ByStander to be deployed at scale into the contexts that matter — cities, campuses, congregations, workplaces, and survivor-services networks — without those institutions taking on unmanaged risk.

Section 5

Seven principles
that govern every decision.

Where the Standard is silent on a question, the principle most directly applicable controls. They are normative. They are not aspirations.

01
🛡

User Safety First

Every operational decision prioritizes the immediate physical and psychological safety of the User. Business interests, partner preferences, and operational efficiency never override this.

02
🤝

Non-Interference

Advocates do not physically intervene, confront aggressors, direct civilians, or obstruct police or EMS. The role is to observe, document, communicate, and call for help.

03
📝

Governed Human Response

Human advocacy is the most powerful component of the system and the most dangerous if ungoverned. All advocate action occurs within trained, documented, supervised, and auditable protocols.

04
🔒

Privacy by Design

Sensitive data is collected only for the stated safety purpose, protected by technical and organizational controls, retained for the minimum period, and disclosed only under protocol.

05

Evidence Integrity

Records that may have probative value are captured with verifiable timestamping, stored under access controls, and maintained under chain-of-custody from creation through lawful disposition.

06
🚫

No Vigilantism

The platform is never used to identify, locate, harass, or retaliate against any individual — regardless of suspicion. Civilian responders are never mobilized for confrontation.

07
🔍

Accountability

Every significant Safety Event generates an Incident Record. Critical Incidents are reviewed by a Supervisor and, where applicable, independent counsel. Failures are remediated and disclosed where appropriate.

Scope

What BSS governs.

From onboarding through post-incident review — the entire lifecycle of every Safety Event, every advocate action, and every institutional deployment.

7

User Safety Requirements

Onboarding, vulnerable-user screening, cancel-PIN identity gates, post-event resources, and transparent access logs.

8

Advocate Eligibility & Code of Conduct

Background checks, 40-hour training, biennial recertification, and an enforceable code of permitted and prohibited conduct.

9

Event Classification & Escalation

Five escalation levels (Monitoring through Critical Incident), 19 event categories, and explicit decision criteria for every step.

11

Law Enforcement Interaction

When to call, what to say, what not to say, and how the advocate role shifts to observer when officers are on scene.

12

Domestic Violence-Sensitive Protocol

Survivor agency, safe-configuration options, aggressor-resistant account recovery, and trusted-contact risk controls — aligned with NNEDV Safety Net principles.

13

Human Trafficking-Sensitive Protocol

Indicator awareness, no-confrontation rules, survivor consent, and partner-routed response — aligned with the Polaris Project framework.

14

Police Encounter Mode

Evidence preservation, two-party-consent jurisdictional warnings, and explicit prohibitions on instructing users to resist lawful commands.

15

Data Security

TLS 1.2+, AES-256 at rest, MFA, role-based access, 3-year access logs, and 72-hour breach notification. Baselined against NIST CSF and SP 800-53.

16

Evidence Management

What constitutes evidence, tier-based retention floors, chain-of-custody, user access, and deletion rules with legal-hold carve-outs.

17

Trusted Contact Privacy

Affirmative opt-in, granular visibility, silent removal for DV-status users, and no marketing use of contact data — ever.

18

Sentinel Beacon Governance

Consent requirements, tamper-alert handling, prohibited uses (no employer surveillance, no partner tracking), and medical-safety standards.

19

LifeSupport Governance

Detection thresholds, user-confirmation windows, caregiver permissions for elder users, and HIPAA business-associate requirements where applicable.

20

Municipal Deployments

Data-access boundaries, civil-rights protections, FOIA exposure, immigration-enforcement prohibitions, and a community complaints procedure.

21

Campus Deployments

FERPA boundaries, Title IX-sensitive event handling, behavioral-health response integration, and student-privacy protections.

Section 9

Five escalation levels.

Every Safety Event is classified, and its level may increase or decrease over its lifecycle as facts change. Each level carries explicit decision criteria.

0

Monitoring

Passive state. User is sharing location, has an active timer, or has registered a CheckPoint. No indicators of danger.

1

Concern

Timer approaching expiration, mild risk indicator, missed first prompt, or biometric reading approaching threshold without confirmed anomaly.

2

Active Safety Event

User-triggered SOS, covert SOS, expired countdown, missed CheckPoint, confirmed biometric anomaly, or fall event with no user response. An advocate joins.

3

Emergency Escalation

Advocate or trusted contact has called 911, campus police, or equivalent. Live emergency response is inbound.

4

Critical Incident

Confirmed or apparent imminent harm, ongoing violence, medical emergency, or abduction concern. A Supervisor is present on the event; independent post-event review follows within 30 days.

Section 22

Certification framework.

BSS credentials attest to compliance with the Standard. Individual advocates, supervisors, and institutional deployments each carry their own credential level — with annual independent audit at the institutional levels.

BSS-A

Certified Advocate

Background check, 40-hour training, 10-hour supervised mock-event practicum, written + scenario exam, supervisor observation, 8-hour annual CE, biennial recertification.

BSS-S

Certified Supervisor

BSS-A in good standing for 12+ months, additional 20-hour Supervisor curriculum, Incident Review Committee observation, biennial recertification.

BSS-O

Certified Organization

For non-municipal, non-campus entities. Written agreement, designated liaison, staff training, documented policies, annual compliance attestation.

BSS-M

Certified Municipal Deployment

Written Municipal Deployment Agreement, civil-rights review, community-notice process, annual independent audit.

BSS-C

Certified Campus Deployment

Written Campus Deployment Agreement, FERPA review, Title IX integration plan, behavioral-health integration plan, annual independent audit.

BSS-H

Certified Health / LifeSupport Deployment

Section 19 conformance, Business Associate Agreement where applicable, clinical advisor on file, annual independent audit.

Annex C

The document family.

The Master Standard sits at the top of a family of operational manuals, scripts, and training curricula. The Master Standard prevails where a subordinate document conflicts with it.

BSS-MASTER-1.0
Master Standard (the document this page describes)
✓ Adopted
BSS-TRAIN-A-1.0
Advocate Training Manual and Curriculum
v1.0 Planned
BSS-COC-A-1.0
Advocate Code of Conduct (expanded from Section 8)
v1.0 Planned
BSS-ESCAL-1.0
Emergency Escalation Playbook
v1.0 Planned
BSS-MDA-1.0
Municipal Deployment Guide & template MDA
v1.0 Planned
BSS-CDA-1.0
Campus Deployment Guide & template CDA
v1.0 Planned
BSS-SBSP-1.0
Sentinel Beacon Safety Policy
v1.0 Planned
BSS-LSHA-1.0
LifeSupport Health Alert Policy
v1.0 Planned
BSS-SEC-1.0
Data Security Policy (operationalizes Section 15)
v1.0 Planned
BSS-EVID-1.0
Evidence Retention & Chain of Custody Policy
v1.0 Planned
BSS-IRP-1.0
Incident Review Policy
v1.0 Planned
BSS-CERT-1.0
Certification Handbook
v1.0 Planned
BSS-PART-1.0
Partner Agreement Requirements
v1.0 Planned
BSS-USG-1.0
User Safety Guide
v1.0 Planned
BSS-PCF-1.0
Privacy & Consent Framework
v1.0 Planned
BSS-DV-1.0
Domestic Violence-Sensitive Operations Manual
Future
BSS-HT-1.0
Human Trafficking-Sensitive Operations Manual
Future
✓ Adopted 13 May 2026

Independently governed.
Built to be held accountable.

Substantive revisions to the Standard require approval by the BSS Governance Board — an independent advisory body whose members sit outside ByStander operations.

The Board includes a privacy and security advisor, credentialed domestic-violence and human-trafficking advocates, a law-enforcement liaison, a campus-safety advisor, a medical or EMS advisor, independent counsel, a civil-rights advisor, and a survivor advocate.

Critical Incidents are reviewed within 30 days. Quarterly aggregate reports go to the Board. Audit findings at the institutional certification levels feed back into Standard revisions.

Privacy & Security DV Advocate Trafficking Advocate Law Enforcement Liaison Campus Safety Medical / EMS Independent Counsel Civil Rights Survivor Advocate

Request the full Standard.

Auditors, partners, journalists, municipal counsel, and survivor-services agencies can request the full BSS v1.0 Master Standard PDF. Tell us who you are and we'll send it.

We don't sell or share this list. You'll get one email with the PDF and a follow-up only if you ask for one.