登録
← Legal

Trust and Safety Policy

v0.1.0-draft · Effective TBD · DRAFT · Audience: subscriber | filmmaker | platform

Translation pending. The English-language source is shown below until a reviewed translation is available.

DRAFT, pending counsel review. This document is an internal draft prepared on 2026-04-26 by the engineering team. It has NOT been reviewed by external legal counsel. Do not rely on it for legal advice. Effective date is a placeholder pending sign-off. Apostle Pty Ltd makes no representation that this draft satisfies any specific jurisdictional requirement until counsel-reviewed.

Trust and Safety Policy

Last revised: 2026-04-26 · Version: 0.1.0-draft

1. Purpose and scope

This policy explains how PYLON receives reports of harm, triages them, escalates them, takes action, and notifies the parties involved. It applies to every surface PYLON operates: the web app (app.pylon.video), the admin app, the mobile applications, the in-app messaging in watch parties, comments and Q&A threads, and direct emails to our staff inboxes.

For copyright-specific takedowns see the DMCA Policy at /legal/dmca. For everything else, this is the document.

2. Reporting channels

We accept reports through three primary channels:

  • In-app /report. The fastest route. Authenticated. Reports are written to the moderation queue with the reporter's identity, the subject (title, comment, profile, message), the category, and a free-text description. The reporter receives an acknowledgement email within 24 hours.
  • Trust & Safety email. [email protected]. Use this channel if the in-app form is unavailable to you, if you are reporting a staff-related issue, or if you are reporting a matter that touches on legal process.
  • Admin escalation. A senior curator or admin reviewing a queue may open a report on their own initiative; the same triage and audit-logging rules apply.

Anonymous reports are accepted by email; we cannot route follow-up to an anonymous reporter.

3. Categories of report

We accept reports across the following categories:

  • Harassment, targeted intimidation, repeated unwanted contact, pile-on behaviour, gendered or identity-based abuse.
  • Hate speech, slurs, dehumanising rhetoric, calls to violence against a protected class.
  • Threats, credible threats of violence, doxxing intent, extortion.
  • Doxxing, publication of private personal information without consent (home address, phone, identification numbers, employer with intent to harass).
  • Impersonation, accounts pretending to be a real person without authorisation, including synthetic-voice or face impersonation in uploaded titles.
  • CSAM, any content sexually depicting a minor, including synthetic depictions. Reported immediately to NCMEC (US) and the AU eSafety Commissioner under the Online Safety Act 2021.
  • Self-harm, content promoting or instructing self-harm or suicide, with explicit carve-outs for documentary and recovery contexts.
  • Election integrity, synthetic content or coordinated activity designed to mislead voters about an election.
  • IP and copyright cross-reference, these are routed to the DMCA flow at /legal/dmca, but reports filed under this category through /report are not lost: the T&S triage forwards them to the DMCA desk on the same business day.

4. Triage SLA

Triage SLA is set by category, escalating as harm severity increases.

Severity tier Categories First-response SLA Action SLA
Critical CSAM, imminent threats of violence, election-integrity (active campaign) 1 hour 1 hour
High Harassment, doxxing, impersonation, hate speech, non-consensual intimate imagery 24 hours 72 hours
Routine Self-harm signals, ToS violations, brand-safety, non-acute disputes 5 business days 10 business days

The first-response SLA is the time from receipt to the first substantive triage action (read, classify, route). The action SLA is the time from receipt to a determination (action / no action / escalate).

The 1-hour critical SLA assumes an admin or senior-curator on duty. T&S coverage rotates 24/5 with on-call coverage for the critical-tier categories on weekends.

5. Escalation path

Reports move through the following tiers:

  • Curator, initial triage. Categorises, requests more information from the reporter where needed, and either resolves routine reports or escalates.
  • Senior curator, handles high-tier reports, signs off on title withdrawals.
  • Admin, handles critical-tier reports, signs off on account suspensions, makes the call on referrals to external authorities.
  • External authorities, referred matters: NCMEC for CSAM; AU eSafety Commissioner for material in scope of the Online Safety Act 2021; local law enforcement for credible threats; civil counsel for legally-novel matters.

Senior curators and admins are subject to mandatory two-factor authentication.

6. Removal authority

PYLON retains the right, in its sole editorial and safety discretion, to:

  • withdraw any title;
  • delete any comment, Q&A post, or watch-party message;
  • suspend any account;
  • terminate any account;
  • block any device or IP range from access.

Every such action is recorded in the immutable audit_log table with the actor (a named human), the timestamp, the category, and the reasoning. We do not delegate the removal decision to a model; we may use software to surface candidates for review.

7. User notifications

We aim to notify both the reporter and the affected user where appropriate. We do not always notify both, and we never disclose the reporter's identity to the affected user without the reporter's explicit consent.

  • Reporter, receives an acknowledgement on receipt and a closing notification when triage completes (action / no action / escalation).
  • Affected user, when a removal or suspension occurs, the affected user is notified by email at the address on file with the category, the policy reference, the action taken, and the appeals route.

In sensitive cases, credible threats, ongoing harassment, doxxing investigations, law-enforcement matters, we may delay notification to the affected user until safety considerations permit it.

8. Repeat-offender model

We use a strike-and-suspension model for accounts that repeatedly violate this policy:

  • Each substantiated violation increments a strike.
  • Three strikes within a rolling 12-month window result in account suspension (users.suspended_at set, role downgraded such that no authenticated tRPC procedure succeeds).
  • Suspended accounts may be terminated after 30 days unless an appeal succeeds.
  • Critical-tier violations (CSAM, credible threats) are immediate termination on first instance regardless of strike count.

Strike accounting is shared with the DMCA repeat-infringer counter (users.dmca_strike_count); the schema comment notes that the column is repurposed as a general moderation strike counter rather than specific to copyright.

9. Appeals

Suspended or restricted users may appeal by emailing [email protected] within 30 calendar days of the action. The appeal review is conducted by a different admin from the one who took the action. We commit to a written response within 14 calendar days of receipt of a complete appeal. A complete appeal includes the account email, the affected action, and a written response to the reasoning we provided in the action notice.

The appeal outcome is one of:

  • Sustained, original action stands. Strike remains.
  • Reduced, action is reduced (e.g. suspension shortened, suspension converted to a warning).
  • Reversed, action is reversed and the strike is removed.

Appeal outcomes are recorded in the audit log.

10. Law-enforcement cooperation

We respond to facially-valid legal process from authorities with jurisdiction over Apostle Pty Ltd or over the affected user.

  • Subpoenas (civil and criminal): we acknowledge within five business days, review for facial validity, and produce only the data narrowly required.
  • Court orders (production, preservation, disclosure): we comply with the order. Where the order does not include a gag provision and disclosure to the affected user is not legally prohibited, we notify the user.
  • Search warrants: we cooperate with execution and require the warrant to be specific to data we hold.
  • Emergency disclosure requests: where a law-enforcement agency represents that delay would result in death or serious physical injury, we may disclose without legal process; the request is documented and the legal process is required to follow.

Australian law-enforcement requests are accepted under the Telecommunications (Interception and Access) Act 1979 (Cth) and the Crimes Act 1914 (Cth) frameworks. US requests are accepted under the Stored Communications Act (18 U.S.C. §2701 et seq.).

11. Transparency report

We commit to publishing an annual Transparency Report covering the preceding calendar year. The report will include:

  • the volume of reports received by category;
  • the volume of takedowns, suspensions and terminations actioned;
  • the volume of DMCA notices received and counter-notices filed;
  • the volume of government and law-enforcement requests received, by jurisdiction and request type;
  • the volume of those requests we complied with, in whole or in part.

The first report covers the period from launch to the end of the relevant calendar year.

12. Inter-policy references

  • DMCA Policy at /legal/dmca.
  • AI Disclosure Policy at /legal/ai-disclosure-policy.
  • Editorial Policy at /legal/editorial-policy.
  • Acceptable Use Policy at /legal/acceptable-use-policy.
  • Community Guidelines at /legal/community-guidelines.

Contact

Version history

Version Date Author Summary
0.1.0 2026-04-26 engineering Initial draft. SLA matrix, escalation path, repeat-offender model, appeals, transparency commitment.