01Scope and responsibility
These rules apply to every account, profile, post, message, project, site, domain, asset, bot, integration, payment instruction and use of Ident.ink. You are responsible for your own conduct and for people, software and credentials you authorise.
Context matters, but labels such as joke, parody, research, private, encrypted or test do not excuse unlawful or harmful conduct. Attempting, assisting, soliciting or concealing a prohibited act is also prohibited.
02Illegal content and conduct
- Do not commit, promote, facilitate or profit from crime or provide instructions whose purpose is to enable serious wrongdoing.
- Do not sell unlawful goods or services, evade sanctions, launder funds, conceal proceeds, or interfere with an investigation.
- Do not upload or link to material you know is illegal in the place from which you operate or where the service is lawfully required to act.
03Child safety and exploitation
Any child sexual abuse material, grooming, sexual extortion, trafficking, sexualisation of minors, or attempt to obtain sexual content from a minor is forbidden. Apparent or generated depictions are included where prohibited or harmful. We may preserve and report evidence to the appropriate bodies without notice.
04Terrorism and violent extremism
Do not praise, support, recruit for, fund, instruct or distribute propaganda for a proscribed terrorist organisation or violent extremist cause. Documentary, counterspeech, educational and newsworthy material must have clear context and may still be restricted where law or safety requires.
05Violence, threats and self-harm
- No credible threats, targeted incitement, celebration of real-world harm, doxxing that creates danger, or instructions intended to enable an attack.
- No encouragement, coordination or graphic glorification of suicide, self-harm or eating-disorder behaviour. Supportive recovery discussion is allowed.
- Contact emergency services if someone faces immediate danger; a platform report is not an emergency response.
06Hate, harassment and abuse
Do not attack, dehumanise, threaten, exclude or promote hatred against people based on protected characteristics. Persistent unwanted contact, sexual harassment, humiliation campaigns and coordinated abuse are prohibited. Good-faith criticism of ideas, organisations and public conduct is allowed when it does not cross these lines.
07Sexual exploitation and intimate material
No non-consensual intimate imagery, sexual extortion, trafficking, coercion, or sexual content involving a person who cannot lawfully consent. Do not use private information or synthetic media to sexualise, threaten or impersonate someone. Adult material may be restricted or prohibited by feature, audience, processor or law.
08Fraud, impersonation and deception
- No phishing, fake support, credential collection, investment or employment scams, pyramid schemes, fabricated fundraising, chargeback abuse or deceptive checkout flows.
- Do not impersonate a person, business, staff member or verified identity, or falsely claim endorsement, partnership or authority.
- Parody and fan accounts must be unmistakably labelled and may not create a likelihood of harmful confusion.
09Privacy and personal data
Do not expose credentials, private addresses, identity documents, health or financial data, private communications or precise location without a lawful basis and appropriate permission. Do not purchase, scrape, combine or sell personal data through the platform in breach of privacy, marketing or data-broker law.
10Intellectual property
Upload and publish only material you own or are authorised to use. Do not remove rights-management information, sell counterfeit goods, repeatedly infringe rights, or use another party’s branding in a misleading way. Rights holders may report alleged infringement through Support with enough information to identify the work and content.
11Cybersecurity and infrastructure
- No SQL injection, cross-site scripting, server-side request forgery, command injection, path traversal, deserialisation abuse, credential stuffing, password spraying or exploitation of a vulnerability.
- No malware, ransomware, spyware, cryptomining, botnets, denial-of-service activity, traffic amplification, scanning of private infrastructure or interference with another tenant.
- Do not bypass authentication, authorisation, payment gates, quotas, rate limits, bans, moderation, audit trails or technical safeguards.
- Security research requires prior written authorisation and must follow security.txt. Stop and report immediately if you encounter another user’s data.
12Scraping, automation and artificial activity
Do not scrape or crawl private, authenticated, access-controlled or disallowed content; ignore robots or rate controls; harvest profiles or emails; train a model on platform or user content without rights and permission; or use automation that degrades service.
No account farms, fake engagement, artificial follows, spam networks, coordinated ranking manipulation or automated actions that misrepresent a human. Public search indexing that obeys published controls is allowed.
13Spam and unsolicited communications
Do not send bulk or repetitive messages without valid consent, use purchased lists, conceal the sender, evade opt-outs, or create doorway pages and low-value content solely to manipulate traffic or advertising. Commercial communications must be truthful, properly identified and provide every legally required unsubscribe route.
14Sites, domains and bots
Hosted sites and bots must not steal credentials, distribute malware, operate abusive proxies, manipulate other platforms, raid communities, evade platform rules, infringe rights or conceal unlawful services. You must secure secrets, comply with Discord and other connected-platform rules, and keep bot permissions no broader than needed.
Do not point a domain you do not control, abuse certificates, generate deceptive subdomains or use Ident.ink infrastructure as disposable storage, a redirect farm or a command-and-control service.
15Network and messages
Professional profiles, posts, follows and messages must be authentic and relevant. Do not use hiring, partnership or payroll tools for discriminatory, exploitative or fraudulent offers. Recipients may block and report contact.
End-to-end encryption and User Key features protect message content from ordinary access; they do not create immunity. Reported metadata, participant-provided content, abuse signals and activity outside an encrypted session may still be reviewed and acted on.
16Payments, referrals and payroll
- Do not use Connect, payroll or referrals for money laundering, sanctions evasion, self-referral, sham work, tax evasion, unlawful gambling, stolen instruments or circular transactions.
- Do not misclassify workers, conceal legally required information, generate fake recipients or manipulate schedules to evade review.
- Only submit a payment instruction you are authorised and funded to make. Test environments must use provider-approved test credentials, never real payment data.
17Fair use and free-resource abuse
Do not squat on accounts, projects, storage, domains or bots; intentionally exhaust resources; evade metering; resell shared access; or use free features for bulk archival, automation or traffic. Dormant free content may be archived or removed after appropriate notice where required.
18Reporting and cooperation
Use Support to report illegal content, safety issues, impersonation, infringement, spam or other violations. Identify the exact URL, account or message, explain the concern and include lawful evidence. Do not file knowingly false or retaliatory reports.
Preserve relevant records and cooperate with proportionate requests during an investigation. Never obtain evidence by hacking, harassment or publishing private information.
19Enforcement
Depending on severity, intent, harm, history and risk, we may warn, reduce distribution, label or remove content, freeze a payment instruction, restrict features, revoke sessions, rate-limit, suspend, apply known-network controls, terminate, preserve evidence or notify a provider or authority.
We may act without advance notice for urgent safety, legal, fraud or security reasons. Account-level action is not proof of criminal conduct. We may correct an action when new evidence changes the assessment.
20Complaints and appeals
Eligible users may challenge a moderation decision through the Reports, Moderation and Appeals Policy. Provide the case reference and explain the error or new evidence. A reviewer not responsible for the original decision should conduct the review where practicable.
Repeated, abusive or identical appeals may be closed. Legal rights and any mandatory complaint route remain available regardless of an internal decision.
These rules are applied proportionately and alongside the Reports, Moderation and Appeals Policy.