Anti-CSAM & Zero-Tolerance Policy

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] This is a DRAFT policy and does not constitute legal advice. It must be reviewed and finalised by qualified counsel before publication or reliance.

my-own-dolls.com (the "Platform"), operated by [[PLACEHOLDER: LEGAL ENTITY NAME]], [[PLACEHOLDER: REGISTERED ADDRESS, GERMANY/EU]] (the "Operator"), maintains an absolute, non-negotiable zero-tolerance policy toward child sexual abuse material ("CSAM") and any other content depicting, promoting, soliciting, or facilitating the sexual exploitation or endangerment of minors. There are no exceptions and no tolerance thresholds.

All content on the Platform is strictly adult (18+). Every performer appearing in any photo is a verified adult at the time of production, and the Operator retains age- and identity-verification records in accordance with its separate Age Verification and Records (2257-style) policies. Content that depicts, appears to depict, or is represented as depicting a minor is prohibited without exception, including computer-generated, AI-generated, drawn, animated, or otherwise synthetic depictions where applicable under German and EU law.

This policy applies to all users, uploaders, performers, contributors, employees, contractors, and any third party who interacts with the Platform. It supplements, and does not replace, the Operator's Terms of Service, Acceptable Use Policy, Privacy Policy, and Content Standards.

"CSAM" means any material that visually depicts a minor (any person under 18 years of age) engaged in sexually explicit conduct, or that constitutes child pornography, the sexual abuse of children, or the sexual exploitation of children as defined under German criminal law (including §§ 184b, 184c StGB), EU law, and applicable international instruments.

"Illegal content" includes, in addition to CSAM: content depicting non-consensual sexual activity; non-consensual intimate imagery ("NCII", sometimes called "revenge porn"); content involving trafficking, coercion, or exploitation; bestiality; and any other content unlawful under the laws of Germany, the European Union, or any jurisdiction whose application the Operator is reasonably required to observe (including card-network and payment-provider requirements).

This policy is to be read together with the regimes referenced throughout, including the GDPR, the German Youth Media Protection Treaty (JMStV) and its closed-user-group age-verification requirements, the EU Digital Services Act (DSA), card-network adult-content rules (Visa/Mastercard), 18 U.S.C. § 2257 (as applied through payment-network expectations for an EU operator), the U.S. TAKE IT DOWN Act and NCII frameworks, and the DMCA where relevant.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: confirm statutory citations, definitions, and the precise scope of synthetic/AI-generated content prohibitions under current German and EU law.]]

The Operator employs automated detection at the point of upload. Before any submitted image can be queued for review or publication, it is scanned against industry-standard CSAM detection systems, including perceptual and cryptographic hash-matching technologies such as [[PLACEHOLDER: HASH-MATCHING / DETECTION PROVIDER(S), e.g. PhotoDNA, hash lists maintained by NCMEC, IWF, and/or other recognised hotlines]].

Any upload that produces a confirmed match against a known-CSAM hash set is automatically blocked from publication, quarantined in a secured, access-restricted state, and escalated immediately to the Operator's Trust & Safety and legal functions for mandatory reporting and preservation. The uploading account is suspended pending investigation.

Hash-matching is a baseline safeguard and is not relied upon in isolation. The absence of a hash match does not constitute approval; all content remains subject to the human pre-publication review described below. Detection logs, match metadata, and preserved evidence are handled under strict access controls and retained only as required for reporting, legal compliance, and cooperation with authorities, consistent with the GDPR.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: confirm chosen detection tooling, lawful basis and retention period for preserved material under GDPR Art. 6/9, and the data-handling chain for quarantined content.]]

No user-submitted or third-party content is published on the Platform automatically. Every photo set is subject to mandatory human pre-publication review by trained moderation staff before it becomes visible to subscribers. Reviewers verify that content is consistent with the Operator's age-verification and consent records and shows no indicators of a minor or of non-consensual or otherwise unlawful conduct.

Content that cannot be conclusively confirmed as compliant is rejected. Where a reviewer encounters material that is, or may be, CSAM or other illegal content, the reviewer follows a strict escalation protocol: the content is preserved, the account is frozen, no copies are made or shared beyond what is necessary, and the matter is referred immediately to the designated reporting officer for action under Section 5.

Moderators receive ongoing training on identifying CSAM and exploitation indicators, on chain-of-custody and evidence-preservation requirements, and on their own welfare and support given the nature of the material. Access to flagged material is limited to authorised personnel on a strict need-to-know basis.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: describe moderator training program, welfare provisions, and the internal escalation/preservation protocol approved by counsel.]]

Where the Operator identifies, or has a reasonable basis to suspect, CSAM or the sexual exploitation of a minor, it will report the matter promptly to the competent authorities. As a Germany/EU-based operator, primary reporting is made to the Bundeskriminalamt (BKA) and, as appropriate, to an INHOPE-affiliated hotline (for example, [[PLACEHOLDER: INHOPE/GERMAN HOTLINE, e.g. eco Beschwerdestelle / jugendschutz.net]]).

Where applicable — including where required or expected by U.S.-based service providers, payment networks, or hosting infrastructure — a report will also be made to the U.S. National Center for Missing & Exploited Children (NCMEC) via its CyberTipline. The Operator will additionally comply with any reporting and notice obligations arising under the EU DSA and applicable national implementing law.

Reports are made as soon as practicable after confirmation, together with preservation of the relevant content, account data, access logs, and any other information reasonably required by the receiving authority. The Operator will not delete or alter potential evidence except as directed by the competent authority or required by law, and will preserve such material in a secure, access-controlled manner.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: confirm the correct reporting bodies and channels, statutory reporting deadlines, the lawful basis for transferring personal data to authorities (including any third-country transfers to NCMEC under GDPR Chapter V), and the designated reporting officer / point of contact.]]

The Operator cooperates fully and proactively with the BKA, other German and EU law-enforcement agencies, INHOPE hotlines, NCMEC, and competent authorities in other jurisdictions in the investigation and prosecution of CSAM and child-exploitation offences. This includes responding to lawful requests for data, preservation orders, and judicial or administrative orders in accordance with applicable law.

Upon valid legal process, or where otherwise permitted or required by law, the Operator will disclose relevant information, including subscriber and uploader identity records, payment and verification data, access logs, and preserved content. Disclosures are assessed for legal validity and handled by, or under the supervision of, the Operator's legal function and Data Protection Officer to ensure they comply with the GDPR and applicable procedural safeguards.

Nothing in the Operator's Privacy Policy or in any confidentiality commitment limits its ability or obligation to report CSAM and cooperate with authorities. The protection of children and the prevention of child sexual abuse override competing confidentiality interests to the extent permitted by law.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: confirm process for validating legal requests, MLAT/cross-border request handling, and DPO involvement.]]

Anyone who encounters content on the Platform that they believe to be CSAM, child exploitation, non-consensual intimate imagery, or any other illegal content should report it immediately. Reports can be made to [[PLACEHOLDER: DEDICATED REPORTING EMAIL, e.g. [email protected]]] and via the in-platform "Report" function available on each content page, in line with the notice-and-action mechanism required under the EU DSA.

When reporting, please provide as much detail as possible, including the URL or location of the content, a description of the concern, and any context that may assist review. You do not need to be a subscriber to submit a report. Reports concerning CSAM are triaged on a priority, expedited basis.

Reporters may, where appropriate, also contact authorities directly: in Germany, the BKA or local police; an INHOPE hotline such as [[PLACEHOLDER: HOTLINE NAME/URL]]; and, in the United States, the NCMEC CyberTipline at report.cybertip.org. If a child is in immediate danger, contact emergency services (in the EU: 112) without delay.

Performers or individuals who believe intimate imagery of themselves has been published without consent (NCII) may use the dedicated NCII / non-consensual imagery removal process described in the Operator's [[PLACEHOLDER: NCII / TAKE-IT-DOWN POLICY REFERENCE]], which provides for expedited removal.

Any account associated with the upload, distribution, solicitation, or possession of CSAM or other illegal content via the Platform will be terminated immediately and permanently. Access is revoked, content is removed and preserved as evidence, and the matter is reported and referred to authorities as set out above. Reinstatement is not available.

The Operator will pursue all available legal remedies and will support criminal prosecution. Offending conduct may result in criminal liability under German law (including §§ 184b, 184c StGB) and other applicable laws, in addition to civil liability. The Operator cooperates with payment networks and may report offending merchants/accounts where required under Visa/Mastercard adult-content and brand-protection rules.

Attempts to circumvent detection systems, to re-register after termination, or to use the Platform to store, transmit, or advertise illegal content will be treated as aggravating conduct and reported accordingly. The Operator reserves the right to take any further action it considers necessary to protect minors, comply with the law, and safeguard the integrity of the Platform.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: confirm enforcement measures, evidence-retention periods, and interplay with Terms of Service termination and refund provisions.]]

This policy is owned by the Operator's Trust & Safety and legal functions. Questions about this policy (other than urgent reports, which should follow Section 7) may be directed to [[PLACEHOLDER: COMPLIANCE/LEGAL EMAIL]]. Data-protection enquiries may be directed to the Operator's Data Protection Officer at [[PLACEHOLDER: DPO CONTACT]]. Records-custody matters are handled by the Custodian of Records at [[PLACEHOLDER: CUSTODIAN-OF-RECORDS CONTACT]].

The Operator: [[PLACEHOLDER: LEGAL ENTITY NAME]], [[PLACEHOLDER: REGISTERED ADDRESS]], VAT/USt-IdNr [[PLACEHOLDER: USt-IdNr / VAT]].

This policy is reviewed at least annually and updated as legal requirements, detection technologies, and industry standards evolve. Material changes will be reflected in the version date below.

Version: DRAFT. Effective date: [[PLACEHOLDER: DATE]]. Last reviewed: [[PLACEHOLDER: DATE]]. [[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT: confirm governance owners, review cadence, and all contact placeholders.]]