Incident handling is visible before trust is requested.

Current banner

no breach pending

No active breach disclosure is pending on the public status surface.

Active incident template

When a breach is confirmed, this same banner changes to active incident — Day N and the JSON source records the detection date, disclosure deadline, and receipt hash.

72h disclosure pledge

Polis commits to affected-citizen and relevant DPA disclosure within 72h of breach detection, containment within one hour, and a public post-mortem within 30 days.

Signed incident receipt

The public receipt UI publishes the incident id, runbook version, detected time, disclosure deadline, receipt hash, public key id, and detached signature. It never asks a citizen to reveal secret material.

Receipt type

polis.incident_receipt.v1

Signature

ed25519-detached

Public key id

polis-breach-status-public-key-v1

Runbook source

The local runbook is `governance/runbooks/breach_ir_runbook.md`; it is checked by the privacy crate and local CI.

Evidence boundary

This page is public operational status only. It does not publish private incident details, raw audit rows, dashboard screenshots, cookies, API keys, or respondent data.