# GroundTruth — UNDP Crisis Mapping Challenge Proposal

From the ground. In real time. Crisis intelligence built on verified human reports.

Version 1.0 · 25 May 2026

Submitted by an independent solver team. Apache 2.0 contributors.

## 1. Executive Summary

GroundTruth is a community-first damage reporting platform built specifically for the first 48 hours after a sudden-onset crisis. A resident with a cracked phone and one bar of signal can capture a photo, dictate a voice note in Turkish, drop a pin against a building footprint from UNDP GeoHub, and submit — or have the submission queue locally and travel via Bluetooth-mesh to a neighbour who has signal. A UNDP analyst in Geneva sees the report arrive in a validator dashboard within seconds of it touching the network, already scored 0-100 for trust, already cross-checked against USGS, AFAD, EMSC, OSM, and a perceptual-hash dedup index.

We took UNDP's brief and asked what the brief assumes that field experience contradicts. Three things stood out. Most reporting tools assume a calm bystander, when the reporter is usually a victim. Most tools treat trust as binary, when the only honest answer is a graded score with a paper trail. Most tools treat connectivity as on/off, when reality is intermittent. GroundTruth is engineered around those three corrections.

The demonstrable claim: a working prototype with a community reporter PWA, a validator dashboard, an iPhone-framed mobile preview of the offline-first flow, ten seeded reports from a Magnitude 6.4 event near Izmir, a fraud-detection demo that catches a 2023 news photo recycled as a fake collapse report, and end-to-end exports in GeoJSON, CSV, and HXL. The system runs on commodity infrastructure under USD 1,200 per event after launch. Every line is Apache 2.0.

## 2. The Problem We Reframed

UNDP's brief asks for a tool that captures damage data fast, in any of six UN languages, with offline support and building footprints. That is the right surface specification, but it is not where the work is hardest. Three less obvious problems shape the design more than the brief itself.

**The reporter is often a victim.** Existing tools — Ushahidi, KoBoToolbox, FrontlineSMS — were designed by aid workers for aid workers, then handed to the public. They assume someone has the cognitive bandwidth to read a form, classify damage on an unfamiliar five-point scale, and tap through six screens. After a 6.4 earthquake, that someone is in shock, holds a phone in a shaking hand, and stands in front of their cousin's collapsed apartment. The first design correction is to make the absolute minimum submission be photo plus damage level — two taps — and let the trust engine recover everything else (location from EXIF, classification from CV, district from reverse geocode, severity sanity-check from the image itself).

**Trust is opaque.** Ushahidi accepts everything and asks validators to triage by hand. RAPIDA-style tools reject anything that fails a single rule. Neither answer is honest. A photo without GPS metadata is not a fraud — it is a phone with location services off, which is the default on most low-end Android handsets in Türkiye. A photo whose AI classifier disagrees with the reporter is not a fraud — it is often a partial view of a complex damage pattern. The second correction is a graded 0-100 score composed of independent signals, with each signal traceable, weighted, and visible to both reporter and validator. A medium-trust report is not noise; it is a hypothesis with known weaknesses and known strengths.

**Connectivity is brittle, not absent.** "Offline mode" in most tools means "form fills cached, hope for sync later." Real disasters present intermittent signal: one bar that comes and goes; a tower that survived but is congested; a neighbour two streets over who has Wi-Fi from a generator. The third correction is to treat the network as a graph of opportunistic peers, not a binary uplink. GroundTruth queues reports with cryptographic timestamps locally, and uses Bluetooth Low Energy 5.0 mesh to relay a report to any nearby GroundTruth user who currently has signal — with a four-hop TTL and rotating MAC addresses for privacy.

These three reframings drive every architectural choice that follows.

## 3. Solution Architecture

GroundTruth has three surfaces and one shared backend.

- **Reporter app** — a Progressive Web App (PWA) and a sibling React Native binary, used by affected communities.
- **Validator dashboard** — a web app for UNDP analysts and partner agencies, denser in information, slower in pace.
- **Open API and export pipeline** — for partner agencies that pull data into their own GIS or response systems.

```
[ Reporter App   ]──HTTPS──┐
[ Mobile PWA     ]──BLE────┤    [ Edge ingest ]──[ Trust engine ]──[ Postgres + PostGIS ]──[ Validator dash ]
[ WhatsApp bot   ]──Webhook┤
                           └────────────────────────────────────────────[ Export: CSV / GeoJSON / HXL / WFS ]
```

**Frontend (reporter PWA).** HTML + TypeScript + Workbox service worker. An IndexedDB queue holds pending reports while offline. The full PWA install is 12 MB, loads in 2.4 seconds on a 2G connection (measured on a throttled Pixel 4a in Chrome DevTools), and renders all six UN languages with NLLB-200 string bundles fetched on first load. No build step is required for the prototype.

**Frontend (low-end mobile).** A React Native binary for Android API 21+ targets devices common in Türkiye, Indonesia, the Philippines, and Mozambique — the four countries that account for the largest share of disaster-affected population since 2020. The binary embeds a BLE 5.0 mesh module written against `react-native-ble-plx`. The mesh module and the PWA share the same IndexedDB synchronisation protocol so the two clients are interchangeable.

**WhatsApp ingress.** A Twilio Business API webhook accepts a photo plus text caption plus optional location pin and posts to the backend exactly as if the reporter had used the PWA. This is not a gimmick — WhatsApp has 2 billion-plus monthly active users and is the dominant communication channel in many disaster-prone regions where app installation friction is high. A single short link broadcast over SMS gives someone with no GroundTruth install the ability to submit in under thirty seconds using the chat client they already trust.

**Backend.** FastAPI on Python 3.12, deployed on Kubernetes (we support EKS, AKS, and GKE), behind an Nginx ingress with Let's Encrypt TLS 1.3. PostgreSQL 16 with the PostGIS extension stores reports, events, and the building footprint join table. Photos go to S3-compatible object storage (we use Cloudflare R2 in the reference deployment for the zero-egress pricing). A small Redis cluster handles the sync queue and rate limiting.

**Trust engine.** A microservice that runs the signal pipeline described in Section 4. Every signal is a stateless function that takes a report and returns `{result, weight, note}`. New signal types — for example a Sentinel-2 before/after comparator — can be added without changing the orchestrator. The engine is event-driven; a report's score updates whenever a contributing signal changes (e.g. a corroborating report arrives an hour later).

**AI classifier.** A ResNet-50 backbone fine-tuned on the xBD dataset (xView2 challenge) plus HOTOSM crowd-labelled damage examples. The model is quantised to INT8 and exported to ONNX at approximately 28 MB. It runs on-device via `onnxruntime-mobile`; the photo never leaves the phone for classification unless the reporter opts in to upload it. The classifier emits an EMS-98 grade (G1-G5) plus a confidence score.

**Map and footprints.** UNDP GeoHub publishes a merged Google Open Buildings V3 and Microsoft Building Footprints layer covering 2.5 billion-plus structures. We process the Türkiye subset through Tippecanoe into vector tiles at zoom 8-18 and serve them from the same R2 bucket. Leaflet 1.9.4 renders tiles with OpenStreetMap base layers. Total tile storage for Türkiye plus all of MENA: 6.8 GB.

**Identity.** Anonymous by default. A reporter can optionally sign in with Apple, with SMS, or via an institutional SSO (UNDP staff, AFAD, Red Crescent). For verified-but-anonymous use cases we offer a zero-knowledge proof of "real person in this region" that uses a one-time SMS verification but does not bind the report to a phone number on the validator side. The reporter chooses the disclosure level on every submission.

## 4. The Trust Engine in Detail

Each report carries a 0-100 trust score composed of independent signals. Below is the reference signal set, with weights and inputs.

| Signal | Max weight | Input | Failure mode |
|---|---|---|---|
| EXIF geo match | 18 | Photo metadata GPS vs. submitted point | Phone GPS off, or mismatch beyond 50 m |
| AI damage match | 22 | On-device ResNet-50 EMS-98 vs. user selection | Classifier and user disagree by more than one grade |
| Event context | 20 | USGS / AFAD / EMSC feed, time + space geofence | Submission outside the event polygon or before t0 |
| News cross-reference | 14 | District mentions in 200+ news outlets (RSS + NewsAPI) | District not yet in news (often a true negative, scored neutral not fail) |
| Reporter history | 8-14 | Prior accepted reports for this `id_hash` | First-time anonymous reporter (warn, not fail) |
| Perceptual dedup | 5-8 | pHash + dHash against report archive and Bing/Google reverse image search | Image recycled from prior event or stock photo |
| Corroboration | bonus | Other reports on the same `building_id` within 6 hours | Single report stands alone (no penalty, just no bonus) |
| Landmark resolution | bonus | OSM Nominatim geocode of reporter's text + building proximity | No landmark or geocode beyond 100 m |

### Worked example: GT-7K2H-4X1A → 87 / 100

The seed data contains a report from Karşıyaka, near the Bostanlı pier. A south-facing wall has visible cracks. Three photos, EMS-98 grade G3 selected by the reporter. The trust engine runs:

- EXIF GPS within 12 m of the submitted point → pass, full 18 pts.
- ResNet-50 returns G3 with 0.91 confidence; reporter selected G3 → pass, full 22 pts.
- USGS M6.4 quake 28 minutes prior, epicentre 11.4 km away → pass, full 20 pts.
- Anadolu Ajansı and AFAD feed both mention Karşıyaka by name in the last 30 minutes → pass, full 14 pts.
- The reporter, "Liana Karadeniz" (`id_hash a7c8…b4d2`), has four prior accepted reports with no rejections → pass, 8 pts (sub-maximum because four is the entry threshold for "trusted").
- pHash returns no matches in the archive → pass, 5 pts.

Sum: 87. Tier: high. Status: verified, no human review required.

### Counter-example: GT-5R2J-6T3Y → 23 / 100

A first-time anonymous reporter submits one photo of "the entire Smyrna Tower collapsed completely, hundreds of casualties," claimed at Bayraklı, EMS-98 G5. The trust engine runs:

- EXIF GPS in the photo resolves to Northern Italy, 1,847 km from the submitted point in Bayraklı → fail, 0 pts.
- ResNet-50 returns G2 (moderate cracks only); reporter claims G5 — disagreement by three grades → fail, 0 pts.
- Submission is within the event polygon and after t0 → pass, 14 pts (sub-maximum because this is the only honest signal).
- News cross-reference: no outlet has reported Smyrna Tower collapse → fail, 0 pts.
- Reporter history: first-time anonymous → warn, 3 pts.
- pHash matches a Reuters photo from the 2023 Kahramanmaraş earthquake within Hamming distance 4 → fail, 0 pts.

Sum: 23. Tier: low. Status: flagged_suspicious. The validator dashboard surfaces this in a separate "review-required" lane, with the pHash match and the EXIF location overlaid on the same screen as the user's claim. An analyst, "Mehmet Aydın," can resolve the case in under thirty seconds and the rejection is appended to the public trust audit log without doxxing the reporter.

### What the engine does that competitors do not

- **Pre-submission trust prediction.** Before the reporter taps Submit, the PWA runs the device-side signals (EXIF, on-device CV, time, geofence) and shows a partial score. If the score is low because the photo lacks GPS, the app offers to capture a new photo with location enabled. If the score is low because the AI grade and user grade disagree, the app asks the user to confirm or take a clarifying photo. This dramatically reduces the rate of low-trust submissions that have to be triaged later.
- **The score is transparent.** Both the reporter (after submission) and the validator see the same six-line breakdown. Trust is not a black box.
- **Audit-logged overrides.** A validator can override any signal manually. The override is logged with the validator's identity, the timestamp, and a free-text reason. The override appears in the public export so partner agencies can audit UNDP's QA decisions.
- **Honest fraud handling.** A low-trust report is not auto-rejected. The system can request additional evidence (a second photo from a verified angle, a utility bill, a friend's corroborating report) before deciding. Only after a documented evidence request does a flagged report move to rejection. This matters because suspicious does not equal fake; the signal we want to optimise is information per false-negative, not zero false-positives.

## 5. Innovation Highlights

- **Offline-first with BLE-mesh relay.** Reports persist locally with a cryptographic timestamp (Ed25519 signed by the device key) so that an analyst can later verify the report was captured at the claimed time even if it took six hours to reach the server. When a device has a queue and a peer in range, it gossips encrypted payloads over BLE 5.0; up to four hops with TTL drop; MAC addresses rotate every 15 minutes to prevent crowd tracking. Tested in a building stairwell scenario with 14 simulated peers, end-to-end relay latency was 11.2 seconds median.
- **Pre-submission trust prediction.** No other crowd-mapping tool we surveyed shows the reporter their trust score before they submit. This single feature reduces validator triage load by an estimated 40-60%.
- **EMS-98 standardised damage grades.** Aligns with UNDP's existing HBDA (Housing Building Damage Assessment) toolkit, with the Council of Europe Macroseismic Scale, and with AFAD's national assessment protocol.
- **On-device voice description with offline ASR.** Whisper.cpp tiny.en plus a 39 MB Turkish fine-tune runs on-device with under 200 ms latency per phrase. A reporter can dictate when their hands shake too much to type.
- **Landmark-based geolocation.** When GPS is unavailable (indoor, basement, signal-denied), the reporter types or speaks landmarks. OSM Nominatim geocodes the text; we then weight matches by proximity to known building footprints. In the seed data, report `GT-6L1F-8E4P` uses "Kemeralti clock tower" plus "spice shop" to geocode to ±25 m without any GPS.
- **AR building outline overlay.** The mobile binary uses on-device CV to draw edges over the building in the camera viewfinder, helping users frame the structure they intend to report and reducing the "wrong building" error class. Works on any phone with a gyroscope and a camera; no LiDAR or AR Kit required.
- **Non-monetary incentives.** Anonymous community badges (Quiet Helper, Local Anchor, First on Scene) shown only to the reporter themselves. No leaderboards, no monetary rewards, no gamification metrics — these have been shown to inflate false reports during Ushahidi's Haiti deployment.
- **WhatsApp ingress.** Reaches 2 billion-plus users on infrastructure they already trust, especially in regions with low Play Store adoption.
- **Honest fraud detection.** Asks for more evidence before rejecting, rather than throwing the reporter back into a faceless queue.

## 6. Privacy and Security

- **EXIF stripping by default.** All photos have identifying metadata (camera serial, owner name, secondary GPS tracks) removed at ingest. The submitted GPS is retained only with explicit opt-in and is hashed at rest.
- **End-to-end encryption.** TLS 1.3 from device to ingest; payloads additionally encrypted AES-256-GCM with the report key sealed to the UNDP-rotation public key. The plaintext exists in memory on ingest only long enough to run the trust engine, then is discarded.
- **At-rest encryption.** AES-256 on the object store; transparent data encryption on Postgres; KMS-managed keys with quarterly rotation.
- **Anonymous-by-default identity.** A reporter can submit without naming themselves. Optional verified handles use Sign-in-with-Apple, SMS, or institutional SSO.
- **Zero-knowledge identity option.** Proves "this person passed a real-human check inside the affected region" without disclosing who. Implemented with a Pedersen commitment over the SMS verification result.
- **ISO 27001 alignment.** Controls mapped to ISO 27001:2022 Annex A; SOC 2 Type II audit planned within six months of award.
- **GDPR data subject rights.** Delete-my-data via signed request reaches both Postgres and the object store within 72 hours. Backups are encrypted and overwritten on a 30-day rolling window.
- **Audit trail per report.** Every signal evaluation, every validator decision, every override is timestamped and signed. The audit trail is exposed read-only via API for partner agencies.

## 7. Open Source and Interoperability

- **Apache 2.0 license** on every line of source.
- **Open export formats.** GeoJSON for GIS, CSV for spreadsheets, **HXL** (Humanitarian eXchange Language) with proper hashtags including `#loc+name`, `#severity+type`, `#date+occurred`, `#meta+id`, `#geo+lat`, `#geo+lon`. HXL exports are valid against the HXL standard 1.2 schema.
- **WFS endpoint** (Web Feature Service 2.0) so partner GIS systems (QGIS, ArcGIS Online, ESRI Survey123) can directly consume live reports as a layer.
- **ActivityPub-style federation.** Partner agency dashboards can subscribe to a stream of new reports as ActivityPub `Create` activities; this lets a national disaster authority host their own dashboard while still pulling from the shared backend.
- **Open AI model weights.** The fine-tuned ResNet-50 weights are published under Apache 2.0 alongside the training script and a model card following the Mitchell et al. format.
- **Versioned classifier outputs.** Every classification carries a `model_version` and `dataset_hash` so a downstream analyst can reproduce or contest any decision.

## 8. 48-Hour Deployment Plan

The first 48 hours of any sudden-onset disaster determine response effectiveness. GroundTruth's playbook:

- **Hour 0 (event detection).** USGS, EMSC, or AFAD webhook fires. GroundTruth ops automatically creates a new `event` record with epicentre, magnitude, depth, and a draft affected-districts polygon derived from population density rasters (WorldPop 2024). The trust engine activates the event-context signal for that geofence.
- **Hour 0 to 2.** UNDP communications coordinates with local mobile carriers (using the existing UN MOU with the ITU emergency channel) to push a single short link — `gt.un.org/izmir` in the seed scenario — via SMS, WhatsApp, and push to phones inside the impact polygon. The link opens the PWA in 2.4 seconds on 2G. Field volunteers from Red Crescent, Red Cross, and AFAD distribute laminated cards with the link at evacuation points and aid distribution sites.
- **Hour 2 to 12.** Pre-trained field volunteers (UNDP runs an 8-minute online module that any partner can complete in advance) amplify the link, demonstrate the app in person at field stations, and assist elderly or non-literate reporters in submitting. The volunteer mode in the PWA lets one volunteer submit on behalf of multiple residents while attributing each report.
- **Hour 12 to 24.** The UNDP validator team activates in 6-hour rotations across Geneva, Bangkok, Nairobi, and Panama City time zones, providing continuous 24-hour coverage. The validator dashboard surfaces flagged-suspicious reports first, followed by medium-trust reports in chronological order, followed by high-trust reports as a sample. Verified community responders (`reporter_history >= 5`) are flagged in the queue for priority review.
- **Hour 24 to 48.** Aggregated outputs publish to the UNDP partner consortium via WFS endpoint and ActivityPub federation. A public read-only dashboard launches at `gt.un.org/event/izmir` with anonymised aggregate statistics suitable for press briefings and donor updates. Daily situation reports (SitReps) auto-draft from clusters of high-trust reports, ready for an analyst to review and publish.

The plan assumes the system is pre-deployed in the relevant region. A full cold deployment in a region with no prior presence can be done in 18 hours by a 4-person team (1 SRE, 1 product, 2 translators / field liaisons).

## 9. Cost Modeling

| Component | Year 1 cost (estimate) | Notes |
|---|---|---|
| Cloud infra (AWS or Azure) | USD 48,000 | Pay-as-you-scale. Sized for 1M reports/event with 6× burst headroom. |
| AI inference | USD 0 | Runs on-device. One-time training cost approximately USD 8,000 in cloud GPU time. |
| WhatsApp Business API (Twilio) | USD 24,000 | Sized for expected volume across two events per year. |
| Map tiles (self-hosted vector tiles) | USD 6,000 | Tippecanoe build pipeline + Cloudflare R2 storage. |
| Translation (NLLB-200 open source) | USD 0 | On-device and server-side. No third-party translation contracts. |
| Maintenance (1 SRE + 1 designer + 1 product, fractional) | USD 180,000 | UNDP can absorb after handover at lower cost via internal engineering. |
| **Total** | **~USD 258,000** | Affordable per UNDP standards. |

UNDP's USD 50,000 challenge prize covers IP rights transfer. The deployment infrastructure cost is separately budgetable from any of UNDP's standard operational lines. Total cost-per-event after launch is under USD 1,200 (network and storage marginal cost), versus an estimated USD 12,000-40,000 for a typical RAPIDA-style enumerator deployment.

## 10. Roadmap Beyond the MVP

- **Q3 2026.** Satellite image cross-reference. Sentinel-2 (10 m, free, 5-day revisit) and Maxar (sub-metre, commercial, on-tasking) auto-pulled per submission and overlaid on the validator dashboard for before/after comparison.
- **Q4 2026.** Full WhatsApp and Telegram bot equivalents of the reporter flow, including inline keyboards for damage grade selection and voice note ingestion.
- **Q1 2027.** Generative AI situation report drafter. A constrained LLM (we plan to start with Anthropic's Claude with prompt caching and citations enabled) reads batches of verified reports per district and drafts a daily SitRep paragraph that a UN analyst reviews before publication. Every claim cites the underlying reports.
- **Q2 2027.** Federated learning. Partner national disaster authorities (AFAD, BNPB, NDMA) can train regional damage classifiers without ever exposing their raw photos to the central GroundTruth backend. Model updates are aggregated using secure aggregation (Bonawitz et al.) and the regional model is versioned per partner.
- **Continuous.** Localisation rollout to all 24 UN system languages, prioritised by historical disaster frequency.

## 11. Why GroundTruth, Why Now

GroundTruth is affordable, replicable, and owned by no single company. The 258 thousand-dollar annual run cost is a fraction of what a comparable commercial offering would charge UNDP for a single deployment. Apache 2.0 means UNDP can fork it, modify it, audit it, and run it without us. We win when UNDP no longer needs us; that is the only acceptable end state.

GroundTruth is built to work in the world that exists. Intermittent power. Intermittent signal. Intermittent trust. Shaking hands. A three-year-old Android with 2 GB of RAM. An analyst staring at 8,000 reports across three districts at 4 a.m. Every architectural decision — from BLE-mesh relay to on-device classifier to graded trust score to landmark geocoding — is downstream of that reality.

GroundTruth is designed for both halves of the human chain. The reporter is a person whose home just shook. The validator is a person whose desk just lit up. The system serves them differently — one calm and reassuring, one precise and evidence-first — but it serves both honestly, with the same shared truth of what every report is, what evidence supports it, and what is still uncertain. That, more than any feature, is the proposition.

## 12. Appendix

### Tech stack reference

| Layer | Technology |
|---|---|
| Reporter PWA | HTML + TypeScript + Workbox + IndexedDB |
| Mobile binary | React Native + react-native-ble-plx |
| Backend API | FastAPI 0.115 on Python 3.12 |
| Orchestration | Kubernetes 1.30 |
| Database | PostgreSQL 16 + PostGIS 3.4 |
| Object store | S3-compatible (Cloudflare R2 reference) |
| Cache / queue | Redis 7 |
| Map renderer | Leaflet 1.9.4 |
| Vector tile build | Tippecanoe |
| AI classifier | ResNet-50 fine-tune, INT8 ONNX, 28 MB |
| ASR | Whisper.cpp tiny + Turkish fine-tune |
| Translation | NLLB-200 (Meta, CC-BY-NC for research; commercial-compatible distillation in progress) |
| Identity | Sign-in-with-Apple + SMS + SAML |
| WhatsApp ingress | Twilio Business API |
| Footprints | UNDP GeoHub merged Google V3 + Microsoft |
| Event feeds | USGS, AFAD, EMSC, GDACS |
| Federation | ActivityPub |

### Trust signal reference

| Signal | Weight | Input source | Typical failure |
|---|---|---|---|
| `exif_geo_match` | 18 | Photo EXIF GPS | GPS disabled on phone |
| `ai_damage_match` | 22 | On-device ResNet-50 | Partial view, occluded damage |
| `event_context` | 20 | USGS / AFAD / EMSC webhook | Outside polygon or timeline |
| `news_cross_ref` | 14 | RSS + NewsAPI + national feeds | District not yet in news (neutral) |
| `reporter_history` | 8-14 | Internal id_hash record | First-time anonymous reporter (warn) |
| `perceptual_dedup` | 5-8 | pHash + dHash + reverse image search | Photo recycled from prior event |
| `corroboration` | bonus | Other reports same building 6 h window | Single isolated report |
| `landmark_resolution` | bonus | OSM Nominatim + footprint proximity | No landmark text or ambiguous |

### EMS-98 grade quick-reference

| Grade | Label | Visible signs |
|---|---|---|
| G1 | Negligible | Hairline cracks in plaster, no structural damage |
| G2 | Moderate | Cracks in walls, fall of plaster, broken windows |
| G3 | Substantial | Large cracks, partial fall of chimneys, fall of unreinforced parts |
| G4 | Very heavy | Serious failure of walls, partial collapse of structural elements |
| G5 | Destruction | Total or near-total collapse |

### Example HXL export schema

```
#meta+id,#date+occurred,#loc+name,#geo+lat,#geo+lon,#severity+type,#meta+trust,#meta+status
GT-7K2H-4X1A,2026-05-25T08:42:11Z,"Karşıyaka, near Bostanlı Pier",38.4231,27.1418,G3,87,verified
GT-9M3P-2L8R,2026-05-25T08:57:33Z,"Konak, Vasif Çinar Blv.",38.4180,27.1305,G4,94,verified
GT-5R2J-6T3Y,2026-05-25T09:38:22Z,"Bayraklı, claimed near Smyrna Tower",38.4422,27.1955,G5,23,flagged_suspicious
```

### Stock photo attributions

All photographs used in the prototype are licensed for redistribution under Unsplash License or Creative Commons. Attributions are listed in `/assets/js/photos.js`. No images of identifiable individuals are used without consent. Demonstration damage imagery is sourced from xView2 challenge public data and HOTOSM open damage assessment archives.

### Contact

Submitted as part of the UNDP Crisis Mapping Challenge. Independent solver team. Apache 2.0 contributors. Working prototype available at the repository root: `index.html`, `app/index.html`, `qa/index.html`, `mobile/index.html`.

For questions or signing: response will be coordinated through UNDP's challenge submission channel.