Minimum-Disclosure Travel Risk Compliance

Third Rail SystemsSovereign · Stateless · EU-Native
Resolving the Duty-of-Care Data Trap

Travel risk systems that account for real people, not generic averages.

Third Rail Systems enables enterprise security teams to fulfil ISO 31030 travel risk mandates for marginalised employees, without triggering GDPR special-category data liabilities.

The same minimum-disclosure architecture serves civil-society organisations, IGOs, and human rights institutions that protect activists, defenders, and field staff in higher-risk environments. Different scale, identical operational tension between duty-of-care and identity protection.

ISO 31030GDPR Article 9EU AI Act · Annex IV
Dossier / DSF-0342
Destination
Kuala Lumpur, MY
Threat Tier
Elevated
Data Class
On-device
Mitigations
  • Avoid Jalan Alor 23:00–04:00
  • Verified lodging cluster: KLCC / Bangsar
  • Local counsel hotline attached
GDPR Art. 9No special-category data logged

Illustrative operator view · sanitised dossier

01The Core Conflict

The ISO 31030 vs. GDPR Catch-22

Two compliance regimes pulling in opposite directions. Most programmes pick one risk and inherit the other.

01

The Duty-of-Care Mandate

Enterprises must demonstrate reasonable steps to provide localised mitigations for marginalised employees (LGBTQ+, disabled, neurodivergent).

02

The Privacy Liability

Centrally collecting demographic identities creates a toxic, regulated data lake, exposing the enterprise to structural GDPR Article 9 violations.

03

The "Shadow HR" Risk

Well-intentioned teams track vulnerable travellers on informal spreadsheets, creating an un-audited legal nightmare for Data Protection Officers.

The Shadow HR Liability · 8-min read
What H&M's €35.3 million fine looks like when it happens to your organisation.

Why every multinational with a diverse workforce is exposed to the same regulatory pattern, and the architectural alternative that resolves it. Read the brief.

Read the brief
Insights · the Exposure series
Three essays on dependency, accumulation, and who holds the leverage.

Long-form pieces from the founder. Read in order, or pick the lens that matches your concern: data, platform, or human.

Open the reading room
02Platform

Minimum-Disclosure Architecture

We materially decouple risk intelligence from human identity.

Data-flow contract
Identity inputsdevice-local
Synthesis layerstateless
Output to enterprisesanitised dossier
Feature 01

On-Device Processing

The traveller's profile is encrypted locally. Special-category data never enters your HRIS.

Feature 02

Stateless Threat Synthesis

The system cross-references the destination against local penal codes without centrally logging demographic inputs.

Feature 03

The Safety Dossier

Your Global Travel Risk team receives a sanitised, actionable mitigation plan. You get the audit trail; your DPO avoids the data.

03ISI Architecture

Three layers. One zero-retention boundary.

The Intersectional Safety Intelligence (ISI) flow: context grounded, statelessly analysed, and synthesised into a sanitised dossier. Special-category inputs are purged from transient memory before output.

L1
Layer 1

Context & Intelligence Grounding

Layer 1
  • Encrypted client ingestion
  • EU-sovereign reference data
  • Federated live telemetry
Special-category input · transient
L2
Layer 2

Stateless Synthesis Enclave

Layer 2
  • TRS-01 Grandin · Sensory and Neuro-Safety
  • TRS-02 Heumann · Physical Accessibility
  • TRS-03 Crenshaw · Intersectional Identity
Multi-agent deliberation across heterogeneous model families · transient memory · adversarial review
L3
Layer 3

Output Synthesis & Regulatory Alignment

Layer 3
  • Sanitised dossier · audit trail
  • Enterprise and traveller outputs
  • Global compliance mapping
Zero retention · special-category inputs purged
Zero-retention boundary

All special-category demographic inputs are permanently deleted from transient memory enclaves between Layer 2 and Layer 3. The synthesised dossier emerges without an upstream identity record to attach it to.

GDPR Article 9

Safety intelligence without centralised storage of special-category data.

EU AI Act · Annex IV

Human-in-the-loop oversight with logged data provenance.

ISO 31030

Auditable proof of localised intersectional threat assessment prior to travel.

Original schematic · Third Rail Systems OÜ, internal architecture brief.
Download full schematic (PDF)
04Solutions by persona

Bridging Security, Privacy, and Inclusion

Three mandates. One architecture. Each function keeps its own remit intact.

For CSOs
01
  • Eliminate "Shadow HR" tracking.
  • Generate auditable Safety Dossiers.
  • Procure securely with flat Total Travel Volume (TTV) pricing.
Outcome
For DPOs
02
  • Enforce absolute data decentralization for special-category traits.
  • Utilise a pre-audited AI architecture built to EU AI Act high-risk obligations.
  • Maintain full EU-sovereign data flows.
Outcome
For ERGs
03
  • Provide enterprise-grade protection for underrepresented cohorts.
  • Partner strategically with Security to unlock safe global mobility.
Outcome
For Civil Society
04
  • Protect human rights defenders, activists, and field staff without creating internal demographic registers.
  • Deploy intersectional safety assessments aligned with donor compliance frameworks (USAID 2 CFR 200, EU AI Act, GDPR).
  • Pilot pricing for design partners; pro-bono deployment available for qualifying mission-aligned organisations.

Outcome · Mission-aligned safety infrastructure that withstands donor audit and protects the people you serve.

Next step
05Governance

Engineered for the Modern Regulatory Landscape

Every architectural decision maps to a defensible compliance artefact.

GDPR

We do not centralise "special-category data." The enterprise remains the Controller of standard itineraries; Third Rail acts as a Processor.

EU AI Act

Built to meet EU AI Act high-risk obligations, with mandatory human-in-the-loop oversight and immutable vector logging. Final classification under review with counsel.

ISO 31030

Verifiable, date-stamped evidence that the organisation assessed intersectional threats prior to deployment.

06Independent validation

KTH Innovation Readiness Level (IRL) · Evidence Report

Third Rail Systems OÜ has been evidenced under KTH Royal Institute of Technology's Deeptech Startup Network IRL framework: six structured dimensions of readiness, scored against the international standard.

KTH IRL Evidence Report
Deeptech Startup Network · six-dimension assessment
  • TRL
    Technology
    L5

    System validated in relevant environment with integrated components operating end-to-end.

  • CRL
    Customer
    L4

    Customer segmentation with initial basic customer profiles in place.

  • BRL
    Business
    L5

    Validated calculations of main costs and revenues; pricing model and unit economics documented.

  • IPRL
    IP
    L4

    Confirmed possibilities for protection of key IPR through professional searches and analysis.

  • TMRL
    Team
    L5

    Initial founding team working together, all spending significant time on the venture.

  • FRL
    Funding
    L4

    Documented 12-month development plan with costs and activities; identified funding sources and pre-seed strategy in place.

From the report
“The core multi-agent synthesis logic has been fully engineered and independently validated.”
KTH IRL Evidence Report · Third Rail Systems OÜ

Independent technical validation confirmed the core stateless synthesis methodology. Patent protection is in progress.

View full IRL Evidence Report
07About & origin

Built on Earned Secrets

Third Rail Systems was founded on a singular operational truth: institutional safety requires deep visibility, but human privacy requires absolute discretion. We built the minimum-disclosure compliance layer to resolve this paradox.

Registered
Tallinn, Estonia · European Union
CEO

Levi Hankins

20-year US Navy combat veteran with lived experience under "Don't Ask, Don't Tell." Operational authority on discretion under institutional scrutiny. Primary architect and builder of the ISI platform, the sovereign data layer, and the multi-agent synthesis engine.

Founded Third Rail Systems to build the infrastructure that did not exist when he served, for enterprises managing duty-of-care obligations, and for civil-society organisations protecting the activists who do the most exposed work.

CTO

Jeremy Stabile

Cybersecurity analyst with national-security research depth (RAND), HIPAA-grade healthcare GRC experience (Cedars-Sinai, UCLA), and German multinational GDPR experience (Karl Storz). Co-engineer of the stateless synthesis layer, the decoupled audit trail, and the human-in-the-loop oversight design.

The Estonia Advantage

Proudly registered in Tallinn, Estonia, ensuring a strict European corporate footprint outside direct US jurisdiction.

09Intake

Initiate a Pilot Assessment

Request a 20-minute architecture fit-call. Our 4-to-6 week paid enterprise pilots require zero API integration with your HRIS.

  • 20-minute architecture fit-call
  • Zero HRIS API integration required
  • EU-sovereign data flows throughout

By submitting, you consent to Third Rail Systems OÜ processing the information above solely to evaluate pilot fit. No special-category data is requested.

v1.0 · Tallinn · EU-Native