VigilWatch applies the same analytical methodology used in executive protection and TSCM engagements — distilled into an app that works on any iPhone or Android. Signal fingerprinting, behavioral scoring, geospatial intelligence, and court-ready evidence export. No specialized hardware required.
TSCM sweeps, principal movement monitoring, threat escalation and UWB precision ranging for high-value targets.
Shelter intake BLE scanning, evidence collection for protective orders, safe route monitoring for at-risk clients.
Device documentation, chain-of-custody evidence exports, location pattern analysis for stalking investigations.
Counter-surveillance, client device audits, rogue WiFi detection, and documented intelligence reporting.
Modern trackers like Apple AirTags and Samsung SmartTags rotate their MAC addresses every 15 minutes to defeat persistent tracking. Naive scanners lose the thread. VigilWatch maintains identity continuity by detecting hardware-level fingerprints that survive MAC rotation:
Signal Received Strength Indicator (RSSI) is the primary proxy for physical distance. VigilWatch applies a four-tier framework to transform raw dBm readings into tactical decisions:
| Tier | RSSI | Distance |
|---|---|---|
| ⚠ Breach | ≥ −40 dBm | 1–2 meters — inner perimeter |
| Strong | ≥ −55 dBm | ~3 meters — immediate room |
| Good | −55 to −70 | 3–10 meters — adjacent space |
| Ambient | < −70 dBm | Background — distal traffic |
A Breach-tier unknown device triggers immediate UWB precision sweep protocol.
The Follow Score transitions operations from reactive alerts to a probabilistic model of active surveillance — preventing alert fatigue and prioritizing genuine threats. Each dimension is independently scored and weighted to produce a composite score.
Route Contamination analysis transforms disconnected scan events into a coherent surveillance timeline — proving that a device is moving in tandem with the subject across disparate environments.
The algorithm groups signal detections into discrete "Locations" using Haversine spherical distance calculations. This removes GPS error noise and groups proximate sightings into single location events.
Location Buffer Zones define the radius within which sightings are clustered into a single location event. Four quick-select options cover the primary operational environments:
Custom 25m increment adjustments available for precision environments.
Temporal pattern analysis identifies escalating surveillance trends before physical contact is made. The system applies linear regression across a 4-day frequency window displayed on a 24-hour radial clock.
| Level | Classification | Description | Tactical Response |
|---|---|---|---|
| Own | Authorized Hardware | Subject's personal devices — phones, earbuds, wearables, vehicle systems. Confirmed and whitelisted. | Whitelist immediately. Clears analytics baseline for high-fidelity threat detection. |
| Friend | Known-Good Environmental | Confirmed devices of security detail, family members, or trusted colleagues in the immediate environment. | Label and whitelist. Monitor for unexpected appearances outside normal context. |
| Unknown | Unclassified — Monitor | New or unclassified signals requiring evaluation. Not yet flagged but not cleared. | Begin Follow Score accumulation. Do not dismiss — classify during first operational hour. |
| Concern | Persistent / Suspicious | Devices with elevated Follow Scores, rogue network signatures (e.g., "Free_Public_WiFi"), or inconsistent environmental behavior. | Escalate monitoring. Cross-reference against Route Contamination map. Prepare evidence log. |
| Threat | Confirmed Tracker / High Score | Known tracker fingerprint confirmed, or Follow Score meets High Confidence threshold across multiple dimensions. | Alert Immediately. Per-device strobe and haptic alert. Engage UWB Precision Proximity Ranging (12m sweep limit, sub-centimeter precision) to physically locate device before location change. |
The following SOP applies to professional engagements — executive protection details, DV intake scans, law enforcement surveillance documentation, and PI counter-surveillance operations.
Establish "Home" and "Office" geofence zones (50–500m radius) immediately at the start of any engagement. These zones provide geospatial context for all device history and are required for the Follow-Me algorithm to correctly classify location events. Without zone initialization, all sightings are classified as generic ambient traffic.
During the first hour of any mission or intake scan, identify and classify all "Own" and "Friend" devices. This clears the Watchlist of known-good devices and ensures every remaining Unknown signal receives full analytical attention. Skipping this step will generate false positives and inflate alert volume.
Activate Interval Mode for all-day passive scanning. The Follow-Me algorithm requires a complete temporal dataset to function at full confidence — gap-filled data reduces the accuracy of Persistence and Frequency scoring. For vehicle-based operations, keep the app active throughout transit.
Review the 4-day frequency trend and 24-hour radial clock daily. Flag any device showing an Escalating trend pattern, especially if combined with Commute or Nighttime classification. This combination is the leading indicator of a tightening physical surveillance operation.
Any unknown device registering ≥ −40 dBm (Breach threshold) represents an immediate inner-perimeter violation — the hardware is physically adjacent to the subject. Engage UWB Precision Proximity Ranging immediately. The 12-meter radar sweep limit and sub-centimeter precision allows physical location of concealed devices before any movement from the current position.
Generate a PDF evidence export immediately upon detecting a High Confidence follow event or confirmed tracker fingerprint. Chain-of-custody integrity requires that evidence is captured contemporaneously — after-the-fact reconstructions are more easily challenged in legal proceedings. Export at detection, not at report preparation.
Detection is the midpoint — not the endpoint — of a professional security engagement. Every VigilWatch evidence export is structured for legal admissibility in stalking prosecutions, protective order proceedings, and corporate espionage litigation.
Auto-generated per event for chain-of-custody tracking across multiple incidents and legal proceedings.
Timestamped proximity readings showing the duration, intensity, and consistency of device presence.
Clustered sighting maps with geographic coordinates proving follow behavior across distinct locations.
5-Dimension Follow Score breakdown with confidence levels and pattern classification rationale.
Hardware UUID, Manufacturer ID, MAC history, and signal profile for tracker identification in court.
Mandatory disclosure regarding the intended use of data in judicial proceedings — required for admissibility.
VigilWatch puts the full TSCM analytical stack — signal fingerprinting, behavioral scoring, geospatial mapping, forensic export — on a standard smartphone. No specialized hardware. No per-seat licensing. Free for public access during early release.