01 · AI-powered social media management
Social Neuron
From brand brief to scheduled posts across every major platform. Closed learning loop on what performs. Hosted in the EU, no third-party trackers.
Visit socialneuron.com01 — Computational privacy
Computational
privacy1,
engineered2.
- 1.
- The property of a system whose operation can be verified without disclosing the data it operates on.
- 2.
- Built into the architecture, attested at the boundary, audited by anyone who cares to.
Software, consulting, and research for privacy-first organisations.
On-device · Evidence-based · Open methodology
What's inside
Four ways in.
Pick a thread. The newest research, the consulting we offer, the products we ship, or the methodology behind every published claim.
The most recent publication
Research that you can audit, line by line.
Every Cosmo Codex research piece carries its evidence with it. Citations are specific. Methodology is published. If a claim isn't sourced, it isn't made.
Browse the archive06 May 2026 · 5 min read
UK Digital ID: Ten Safeguards Parliament Must Legislate
Our litigation-grade response to the Cabinet Office consultation on digital identity (CP 1498). Conditional support in principle, ten demands in primary legislation.
Read articleEngagements
Compliance work, scoped and priced up front.
Data protection, AI governance, and online safety work for UK organisations. Every engagement ends with a prioritised, specific remediation plan — not a generic checklist.
All engagementsShipping software
Two live products. Both privacy-first.
Independent comparison and on-platform content tooling, built on the same standards we recommend to clients. No third-party trackers, no affiliate-driven outputs.
All productsLive
TheVPNMatrix
Independent VPN comparison built around a published evidence methodology. 28 criteria, 3,469+ sourced records, no affiliate-driven rankings.
Live
Social Neuron
End-to-end content creation platform taking you from brand brief to scheduled posts across YouTube, TikTok, Instagram, Facebook and LinkedIn. DPIA completed, EU-hosted.
How we score
Eight components. One number. Open formula.
EQS — our Evidence Quality Score — assigns every published rating a number from −6 to 23 based on eight weighted components. Methodology versioned, replicable, and citable.
Read the methodologyEQS formula
EQS = Σ (wi · ci)
- c1 · Source independence+4
- c2 · Audit recency+3
- c3 · Jurisdiction+3
- c4 · Methodology disclosure+3
- c5 · Record count+3
- c6 · Reproducibility+3
- c7 · Adversarial review+2
- c8 · Affiliate independence+2
▸ 22 May 2026 · Today · Reading · NIST FIPS 203 (ML-KEM) standardisation ▸ 06 May 2026 · Submission · Cabinet Office CP 1498 · digital identity ▸ 08 Apr 2026 · Article · How we score VPN evidence: methodology explained ▸ 19 Mar 2026 · Article · What is Privacy-by-Design and why it matters for UK businesses ▸ 15 Mar 2026 · Article · A practical guide to GDPR compliance for UK startups ▸ 10 Mar 2026 · Article · AI governance: what UK businesses need to know in 2026 ▸ 11 Feb 2026 · Submission · Home Office DEP2025-0828 · facial recognition ▸ 22 May 2026 · Today · Reading · NIST FIPS 203 (ML-KEM) standardisation ▸ 06 May 2026 · Submission · Cabinet Office CP 1498 · digital identity ▸ 08 Apr 2026 · Article · How we score VPN evidence: methodology explained ▸ 19 Mar 2026 · Article · What is Privacy-by-Design and why it matters for UK businesses ▸ 15 Mar 2026 · Article · A practical guide to GDPR compliance for UK startups ▸ 10 Mar 2026 · Article · AI governance: what UK businesses need to know in 2026 ▸ 11 Feb 2026 · Submission · Home Office DEP2025-0828 · facial recognition
§ 02 · Manifest
What we cite. What we build with.
Our consulting work is grounded in primary statute and case law. Our products are built on a well-defined stack of privacy-enhancing primitives. Both inform each other.
── Citations
Law · Standards · Cases
- 01 UK GDPR · Art. 25
- 02 DPA 2018 · Part 3
- 03 EU AI Act · risk tiers
- 04 ECHR · Art. 8, 10, 11, 14
- 05 Equality Act 2010 · §149
- 06 PACE 1984
- 07 ISO 42001
- 08 ISO 27701
- 09 NIST FRVT · pt. 3
- 10 OSA 2023 · Ofcom codes
- 11 CP 1498 · digital identity
- 12 DEP2025-0828 · FR
── Primitives
Crypto · PETs · Architecture
- 01 FHE · homomorphic encryption
- 02 ZKP · zero-knowledge proofs
- 03 SMPC · multi-party computation
- 04 SD-JWT VC · selective disclosure
- 05 BBS+ · unlinkable presentation
- 06 W3C VC · verifiable credentials
- 07 DIDs · decentralised identifiers
- 08 TEE · trusted execution
- 09 On-device inference
- 10 Federated learning
- 11 Differential privacy
- 12 Post-quantum cryptography
Why we exist
Your data should never leave your device.
The default model of modern software is extraction. We build the alternative. Computation stays local. AI runs on the user's device. Research is held to evidence the reader can verify.
§ 03 — In market
Two products, both shipping.
Each one is a proof point. The privacy choices we argue for in consulting and research are the ones we build with.
02 · Evidence-based VPN comparison
TheVPNMatrix
28-criteria evaluation across 3,469+ sourced records. Methodology is public; placements are reproducible. No affiliate-driven rankings.
Visit thevpnmatrix.comWhat we build
Products
01 / Social Neuron
LiveSocial Neuron
End-to-end content creation platform that takes you from brand brief to scheduled posts across YouTube, TikTok, Instagram, Facebook, and LinkedIn. Performance from each post informs the next. DPIA completed, EU-hosted, no third-party trackers.
Read more02 / TheVPNMatrix
LiveTheVPNMatrix
Independent VPN comparison built around a published evidence methodology. 28 criteria, 3,469+ sourced records, no affiliate-driven rankings. Placement reflects the evidence, not the payout. Quarterly source audits, no third-party trackers.
Read more03 / Hearth
Coming soonHearth
A local-first AI runtime. Run capable language models on your own hardware (laptop, desktop, on-prem) with native context for your files, notes, and tools. No data leaves the device unless you choose to send it. Currently in private development.
Local LLMs On-Device Inference Edge AI Confidential Computing
Read more § 04 — Methodology
How we score evidence.
Every claim on TheVPNMatrix is backed by a record. Every record carries an Evidence Quality Score: eight components, computed from the source. If you disagree with a placement, you can examine the components that produced it.
Specimen · Evidence Quality Score
Formula
EQS = T + G + Q + I + S + R + A + C
Range · −6 to 23
Strong record · 14–18
Exclusion threshold · < 8
T 1–5
Type
Primary, community-replicable, secondary, tertiary.
G 1–5
Grade
Awarded A–E on completeness and rigor.
Q 1–5
Source quality
Academic, government, reputable press, blog, unverified.
I 0–2
Independence
Distance from the subject of the claim.
S 0–2
Scope
How comprehensive the underlying analysis is.
R 0–2
Reproducibility
Can someone else re-run the test and check the result?
A 0 to −3
Age
Fresh, recent, older, stale. Time decays score.
C 0 to −3
Conflict
Disclosed soft conflict, undisclosed hard conflict.
The full methodology lives in our research piece How we score VPN evidence . The database it produces is 3,469+ records and counting.
§ 05 — Specimen · Evidence record
One claim, fully scored.
A single record from the TheVPNMatrix evidence database, with every component of the Evidence Quality Score visible. This is what every claim on the site is backed by.
Record
#00342
Criterion · Server architecture
Provider · Mullvad VPN AB
Last audited · 12 Apr 2026
── Claim
Mullvad operates RAM-only VPN servers. No data persists to disk between reboots.
Primary source
Mullvad VPN AB · Server infrastructure
mullvad.net/servers · retr. 2026-04-12
Independent verification
Audit by Assured AB · July 2025
Methodology and findings published
── Score breakdown
EQS · 8 components
- T
Type · Primary
Direct from provider
5 / 5 - G
Grade · A
Comprehensive, with audit appendix
5 / 5 - Q
Source quality · Verified independent
Audited technical disclosure
5 / 5 - I
Independence
Third-party audit by Assured AB
2 / 2 - S
Scope
Full infrastructure documented
2 / 2 - R
Reproducibility
Audit methodology published
2 / 2 - A
Age · Fresh
Retrieved 2026-04-12
0 / 0 - C
Conflict of interest · None
No undisclosed relationship
0 / 0
Evidence Quality Score
21 / 21
Classification
● Strong record
Eligible for public scoring
Every other claim on TheVPNMatrix carries one of these. If a placement surprises you, the records that produced it are public.
Trust by design
Verifiable, not vibes.
Every privacy claim documented. Every framework citation specific. Every dependency disclosed.
01 — Methodology
EQS Methodology
Eight-component evidence quality score (−6 to 23). Open methodology, versioned, replicable. Every published rating shows its source records.
02 — Regulation
UK GDPR by design
Article 25 implemented at the architecture layer. DPIAs where required. Records of processing maintained. Lawful basis documented per data flow.
03 — Standards
ISO 27701 alignment
Privacy Information Management System (PIMS) controls mapped to ISO 27701:2019. Processor agreements where data leaves us. Subject rights honoured.
04 — Telemetry
Zero third-party trackers
No Google Analytics. No Facebook Pixel. No ad networks. No fingerprinting. The site you're reading sends data to one server: this one.
By the numbers
The arithmetic of trust.
Every claim sourced. Every test counted.
0
Tests passing across products
0
Sourced evidence records
0
Evaluation criteria, per VPN
0
Third-party trackers, anywhere
§ 06 — Exhibit
From the casebook.
An excerpt from our litigation-grade response to the Home Office consultation on facial recognition (DEP2025-0828).
Exhibit
A
Filed · 11 Feb 2026
Reference · DEP2025-0828
Folio · 01 / 01
── Submission · executive summary
“Mass biometric surveillance of public spaces without judicial pre-authorisation, statutory basis, or adequate equality protections is incompatible with ECHR Articles 8, 10, 11, and 14, Data Protection Act 2018 Part 3, and the Public Sector Equality Duty under the Equality Act 2010 s.149. ”
Home Office DEP2025-0828 · response of record · 11 February 2026
Read the full submissionHow we help
Consulting for UK organisations.
Data protection, AI governance, and online safety compliance for UK organisations. Every engagement ends in a prioritised, specific remediation plan.
- GDPR compliance audits
- DPIA & impact assessments
- AI governance frameworks
- Online Safety Act assessments
- Privacy-by-design reviews
- Advisory retainers · workshops
Technical foundation
Privacy-enhancing technologies
The primitives we research, apply, and build with.
Cryptographic privacy
Math you can verify, not policies you have to trust.
- · Homomorphic Encryption (FHE)
- · Zero-Knowledge Proofs
- · Secure Multi-Party Computation
- · Post-Quantum Cryptography
Confidential computing
Compute on data without seeing it.
- · Trusted Execution Environments
- · On-Device AI / Edge Inference
- · Federated Learning
- · Differential Privacy
Identity & sovereignty
Prove things about yourself without giving up everything.
- · Self-Sovereign Identity
- · Verifiable Credentials
- · Selective Disclosure (BBS+)
- · Age Assurance Mechanisms
Emerging
What we are watching, testing, and contributing to.
- · FHE Hardware Acceleration
- · Confidential AI
- · Machine Unlearning
- · Post-Quantum ZKPs
Research
Latest
6 May 2026 / 5 min read Digital ID UK Policy
UK Digital ID: Ten Safeguards Parliament Must Legislate
Our litigation-grade response to the Cabinet Office consultation on digital identity (CP 1498). Conditional support in principle, ten demands in primary legislation.
8 Apr 2026 / 5 min read Methodology VPN
How We Score VPN Evidence: TheVPNMatrix Methodology Explained
A transparent, reproducible evidence-scoring system across 28 criteria. Every claim on TheVPNMatrix.com is backed by a record in this database.
19 Mar 2026 / 4 min read GDPR Privacy
What Is Privacy-by-Design and Why It Matters for UK Businesses
Privacy-by-Design is a legal requirement under UK GDPR, not just a best practice. This guide explains the seven foundational principles and how UK businesses can implement them.