Trust & Safety

_Last updated: [DATE]_ Hashtags Studios is built around a simple promise: talent stays sovereign, money stays safe, and identity stays sealed until both sides have committed. This page explains the concrete mechanisms that back that promise. ## Identity verification (KYC) Every account passes through identity verification before transacting. - **Talents + members** — passport / Emirates ID + selfie face-match (powered by Stripe Identity). - **Companies** — trade license + company registration + signatory passport. - **Talents under 18** — additional parental approval flow (parent name, contact, ID upload, declared relationship). KYC documents are encrypted at rest, only accessible to admin SUPPORT / FULL tier for face-match review, and never appear on public profile responses. We use document OCR (Tesseract) to extract fields for verification but **never** for marketing. ## Anti-fraud - **Rate limits** on sign-in (10 / 15 min), sign-up, password reset, KYC submission, payment requests, message send, report submission. Counters keyed by IP + account. - **Account lockout** — 10 failed logins lock the account for 30 minutes. - **Token versioning** — admins can rotate tokenVersion to force-logout an account (used after a credential compromise). - **TOTP** (optional) — 2FA available for all account types. - **HIBP password check** — passwords compared against the Have I Been Pwned breach list at registration + password change. - **Atomic claim** — discount codes, EXCLUSIVE contract acceptance, and competition entries use transactional claim semantics so they can't be over-redeemed under concurrent load. - **CSRF + CSP** — all server actions are CSRF-protected; strict Content Security Policy headers on every response. ## Talent Sovereignty — our anti-exploitation commitments The platform exists to keep talent free from the exploitative terms common in traditional agency representation. These commitments are enforced in code, not just policy: - **20% commission cap** — an agency can never take more than **20%** commission on a talent's work. Any commission rate an agency sets is hard-clamped to the cap at the point it is read, so even a mistaken or abusive override above 20% is brought back down to the cap before it can ever be charged. - **No lifetime lock** — there is no permanent, irrevocable representation lock. An EXCLUSIVE contract may hold a new talent to one agency only until they reach **Level 3**, after which they are free to change or leave. There is no mechanism to extend a lock beyond that. - **No-fee notice-period exit** — either party can end representation by giving notice (default **14 days**). The relationship simply stays active until the notice window passes, then a cron finalizes the termination. **No exit fee, no buyout owed by the talent, no clawback of commission already earned.** Either side can cancel the exit before the window closes. - **Symmetric and free both ways** — a talent ending representation (TALENT_INITIATED) and an agency dropping a talent (AGENCY_INITIATED) are treated identically: same notice, no penalty. - **Talent stays sovereign** — talent contact details are never exposed to an agency before a signed Work Contract, and the talent's earnings, profile, and audience belong to the talent. ## Money + escrow - **Deposits held in escrow** — bookings collect a **20% deposit** at request time (job-posting selections collect 10%); the balance is captured on completion. - **48-hour silent-flag window** — after delivery, the buyer has 48 hours to flag a problem before the escrowed payout is released. Payouts settle via Stripe Connect transfer only after that window passes (or the buyer confirms earlier). - **Atomic escrow freeze on dispute** — filing a dispute freezes the held funds atomically, so money cannot move while a case is open. - **Stripe-only payment** — no cash, no off-platform payment links. Attempts to route off-platform are an account-suspension event. - **Refunds + disputes** — see /refund. All refunds processed via Stripe to the original payment method in AED. - **No card storage** — we never see or store full card numbers; Stripe is the merchant of record. ## Privacy + identity sealing - **Talent contact sealed** — agency / company cannot see talent's real name, phone, or email until a Work Contract is signed. - **Company anonymised on jobs** — public job feed renders posts as "Hashtags posted a job" or anonymised by sub-type (TALENTS_AGENCY → "Agency", PROVIDER → "Direct client", FIRM → "Brand", etc.). - **EXCLUSIVE contract lock** — a talent under an active EXCLUSIVE contract routes bookings + offers through their representing agency only until they reach Level 3 (no lifetime lock — see Talent Sovereignty above). - **Blocks** — talents and members can block any other user; blocks prevent messages, bookings, and visibility of the blocker's content. ## Content moderation - **Pre-publish review** — events, competitions, services, products, courses, magazine articles, partnerships, and media posts pass through admin moderation before going public. - **Post-publish moderation** — reviews + comments + reports queued for MODERATOR-tier admin action. - **Blocked patterns** — public media posts cannot contain off-platform contact info (phone, email, telegram handles); pattern-matched at submission. - **Hate speech / harassment** — zero tolerance. Reports surface to admin and content is taken down on confirmation. ## Child safety - Members must be at least 13. - Talents under 18 require parental approval before profile visibility. - Bookings of under-18 talents always route through parental notification email. - All under-18 talents are flagged with extra moderation on KYC + content posts. ## Dispute resolution When a transaction goes sideways, either party can open a structured dispute from the transaction page. Filing freezes the escrowed funds atomically. Admin (MODERATOR / FULL tier) reviews the booking timeline, message history, file uploads, and evidence submitted by both parties. Resolution outcomes: - **Refund client** — full or partial refund processed via Stripe. - **Pay talent** — funds released to talent; client absorbs cost. - **Split** — partial refund + partial payout, used for partial delivery. The party that loses may file a single **appeal** with a written narrative. If the appeal is upheld, any payout already released is clawed back and the corrected outcome is applied. While a dispute is active, the underlying booking / service-order is excluded from the automatic payout-release crons. Average resolution: 3–5 business days. ## Compliance + retention We operate primarily under UAE consumer protection + data protection law, with secondary compliance to GDPR and other applicable regimes where users are located. Financial records retained 7 years per UAE accounting standards. Audit logs retained per platform settings (default 12 months). ## Reporting concerns - **In-platform** — report any user / listing / message via the Report button. - **Email** — trust@hashtags.studios for safety concerns; privacy@hashtags.studios for data concerns; contact@hashtags.studios for everything else. - **Emergency** — for ongoing harassment or safety threats, contact local UAE authorities at 999. This content can be updated live by an admin from /admin/settings (key: legal.trust).