Travel risk systems that account for real people, not generic averages.
Third Rail Systems enables enterprise security teams to fulfil ISO 31030 travel risk mandates for marginalised employees, without triggering GDPR special-category data liabilities.
The same minimum-disclosure architecture serves civil-society organisations, IGOs, and human rights institutions that protect activists, defenders, and field staff in higher-risk environments. Different scale, identical operational tension between duty-of-care and identity protection.
- Avoid Jalan Alor 23:00–04:00
- Verified lodging cluster: KLCC / Bangsar
- Local counsel hotline attached
Illustrative operator view · sanitised dossier
The ISO 31030 vs. GDPR Catch-22
Two compliance regimes pulling in opposite directions. Most programmes pick one risk and inherit the other.
The Duty-of-Care Mandate
Enterprises must demonstrate reasonable steps to provide localised mitigations for marginalised employees (LGBTQ+, disabled, neurodivergent).
The Privacy Liability
Centrally collecting demographic identities creates a toxic, regulated data lake, exposing the enterprise to structural GDPR Article 9 violations.
The "Shadow HR" Risk
Well-intentioned teams track vulnerable travellers on informal spreadsheets, creating an un-audited legal nightmare for Data Protection Officers.
Why every multinational with a diverse workforce is exposed to the same regulatory pattern, and the architectural alternative that resolves it. Read the brief.
Long-form pieces from the founder. Read in order, or pick the lens that matches your concern: data, platform, or human.
Minimum-Disclosure Architecture
We materially decouple risk intelligence from human identity.
On-Device Processing
The traveller's profile is encrypted locally. Special-category data never enters your HRIS.
Stateless Threat Synthesis
The system cross-references the destination against local penal codes without centrally logging demographic inputs.
The Safety Dossier
Your Global Travel Risk team receives a sanitised, actionable mitigation plan. You get the audit trail; your DPO avoids the data.
Three layers. One zero-retention boundary.
The Intersectional Safety Intelligence (ISI) flow: context grounded, statelessly analysed, and synthesised into a sanitised dossier. Special-category inputs are purged from transient memory before output.
Context & Intelligence Grounding
- Encrypted client ingestion
- EU-sovereign reference data
- Federated live telemetry
Stateless Synthesis Enclave
- TRS-01 Grandin · Sensory and Neuro-Safety
- TRS-02 Heumann · Physical Accessibility
- TRS-03 Crenshaw · Intersectional Identity
Output Synthesis & Regulatory Alignment
- Sanitised dossier · audit trail
- Enterprise and traveller outputs
- Global compliance mapping
All special-category demographic inputs are permanently deleted from transient memory enclaves between Layer 2 and Layer 3. The synthesised dossier emerges without an upstream identity record to attach it to.
Safety intelligence without centralised storage of special-category data.
Human-in-the-loop oversight with logged data provenance.
Auditable proof of localised intersectional threat assessment prior to travel.
Bridging Security, Privacy, and Inclusion
Three mandates. One architecture. Each function keeps its own remit intact.
- Eliminate "Shadow HR" tracking.
- Generate auditable Safety Dossiers.
- Procure securely with flat Total Travel Volume (TTV) pricing.
- Enforce absolute data decentralization for special-category traits.
- Utilise a pre-audited AI architecture built to EU AI Act high-risk obligations.
- Maintain full EU-sovereign data flows.
- Provide enterprise-grade protection for underrepresented cohorts.
- Partner strategically with Security to unlock safe global mobility.
- Protect human rights defenders, activists, and field staff without creating internal demographic registers.
- Deploy intersectional safety assessments aligned with donor compliance frameworks (USAID 2 CFR 200, EU AI Act, GDPR).
- Pilot pricing for design partners; pro-bono deployment available for qualifying mission-aligned organisations.
Outcome · Mission-aligned safety infrastructure that withstands donor audit and protects the people you serve.
Engineered for the Modern Regulatory Landscape
Every architectural decision maps to a defensible compliance artefact.
We do not centralise "special-category data." The enterprise remains the Controller of standard itineraries; Third Rail acts as a Processor.
Built to meet EU AI Act high-risk obligations, with mandatory human-in-the-loop oversight and immutable vector logging. Final classification under review with counsel.
Verifiable, date-stamped evidence that the organisation assessed intersectional threats prior to deployment.
KTH Innovation Readiness Level (IRL) · Evidence Report
Third Rail Systems OÜ has been evidenced under KTH Royal Institute of Technology's Deeptech Startup Network IRL framework: six structured dimensions of readiness, scored against the international standard.
- TRLTechnologyL5
System validated in relevant environment with integrated components operating end-to-end.
- CRLCustomerL4
Customer segmentation with initial basic customer profiles in place.
- BRLBusinessL5
Validated calculations of main costs and revenues; pricing model and unit economics documented.
- IPRLIPL4
Confirmed possibilities for protection of key IPR through professional searches and analysis.
- TMRLTeamL5
Initial founding team working together, all spending significant time on the venture.
- FRLFundingL4
Documented 12-month development plan with costs and activities; identified funding sources and pre-seed strategy in place.
“The core multi-agent synthesis logic has been fully engineered and independently validated.”
Independent technical validation confirmed the core stateless synthesis methodology. Patent protection is in progress.
Built on Earned Secrets
Third Rail Systems was founded on a singular operational truth: institutional safety requires deep visibility, but human privacy requires absolute discretion. We built the minimum-disclosure compliance layer to resolve this paradox.
20-year US Navy combat veteran with lived experience under "Don't Ask, Don't Tell." Operational authority on discretion under institutional scrutiny. Primary architect and builder of the ISI platform, the sovereign data layer, and the multi-agent synthesis engine.
Founded Third Rail Systems to build the infrastructure that did not exist when he served, for enterprises managing duty-of-care obligations, and for civil-society organisations protecting the activists who do the most exposed work.
Jeremy Stabile
Cybersecurity analyst with national-security research depth (RAND), HIPAA-grade healthcare GRC experience (Cedars-Sinai, UCLA), and German multinational GDPR experience (Karl Storz). Co-engineer of the stateless synthesis layer, the decoupled audit trail, and the human-in-the-loop oversight design.
Proudly registered in Tallinn, Estonia, ensuring a strict European corporate footprint outside direct US jurisdiction.
From the founder's desk
- Founder noteJun 2026
What twenty years under Don't Ask Don't Tell taught me about building Third Rail Systems.
The lived-experience operational thesis behind a minimum-disclosure architecture: why discretion under institutional scrutiny is the founding constraint, not a feature.
- Liability briefMay 2026
The duty-of-care vs. data-privacy Catch-22: a multi-billion-euro liability hiding in EU enterprise HR.
The five enforcement vectors EU general counsel and CISOs are quietly under-pricing right now, and the architectural pattern that resolves them.
Initiate a Pilot Assessment
Request a 20-minute architecture fit-call. Our 4-to-6 week paid enterprise pilots require zero API integration with your HRIS.
- 20-minute architecture fit-call
- Zero HRIS API integration required
- EU-sovereign data flows throughout