Trust & Safety

How we keep members and spaces safe.

The honest version: privacy-first doesn't mean lawless. Here's what we audit, what we disclose, how we respond to reports, and what we do when the state comes asking.

All systems operational99.98% uptime · last 90 days
SOC 2 Type II · currentAudited by BDO · renewed Feb 2025
No active incidentsLast incident resolved 47 days ago

The four pillars

What "trust & safety" means to us.

P1

Security

SOC 2, annual pentests, bug bounties, and cryptography that's actually peer-reviewed.

Jump ↓

P2

Moderation

Clear platform rules. Space admins set their own. Humans review appeals.

Jump ↓

P3

Transparency

Every six months we publish numbers — takedowns, warrants, incidents, outages.

Jump ↓

P4

Rule of law

We follow it. We also challenge it when it's overbroad. Here's the line.

Jump ↓

Pillar 01 · Security

What protects the system.

Infrastructure

  • AWS (US) + Hetzner (EU), both SOC 2 and ISO 27001
  • TLS 1.3 everywhere, HSTS preloaded
  • AES-256 at rest with KMS-managed keys
  • Immutable audit log, 180-day retention
  • Quarterly DR drills, tested restore < 4h

Cryptography

  • Signal protocol for DMs — no private keys held server-side
  • Vault sealed by Argon2id + local secure enclave
  • Ed25519 for identity, X25519 for key agreement
  • Post-quantum KEM (ML-KEM-768) in beta
  • Every crypto change reviewed by Trail of Bits

Operations

  • Engineers use YubiKeys; no passwords on production
  • All access logged, reviewed monthly
  • Incident playbooks rehearsed quarterly
  • No production data leaves production for dev
  • Vendor sub-processor list published publicly

SOC 2 Type II

Feb 2025

BDO · Report on request under NDA

Pentest

Jan 2025

NCC Group · 0 critical, 2 high (resolved)

Crypto review

Oct 2024

Trail of Bits · public report

GDPR DPA

Current

Signed with 8,400+ customers

Bug bounty program

Up to $10,000 for qualifying reports.

Scope includes app, API, web, and the reference protocol implementation. Out of scope: social engineering, third-party vendors, self-XSS. PGP key: 0x8E1D4A2F.

SeverityPayoutHall of Fame
Critical (RCE, auth bypass)$5,000 – $10,000
High (privilege escalation, SSRF)$1,500 – $5,000
Medium (IDOR, stored XSS)$500 – $1,500
Low (rate-limit bypass, info leak)$100 – $500Opt-in

Pillar 02 · Moderation

Two layers, on purpose.

L1 Platform rules

Enforced by Clikkin. These are the lines no space can opt out of.

  • No CSAM — detected, hashed, reported to NCMEC within 1 hour
  • No credible, targeted threats of physical violence
  • No non-consensual intimate imagery
  • No coordinated manipulation (bot nets, engagement farms)
  • No distribution of malware or phishing infrastructure
  • No doxxing to facilitate harm
  • No evasion of sanctions, child labor, or sex trafficking

Violations can result in account termination. Space admins who knowingly harbor these are terminated with their spaces.

L2 Space rules

Set by admins. Must be more restrictive than platform rules, never less. Members see them on join.

  • Topic scope, conduct standards, posting cadence
  • Custom moderation workflows & role tooling
  • Appeal process — admins must designate one
  • Automated filters (spam, language, linked domains)
  • Admin tools: shadow-ban, timeout, warn, remove

Clikkin doesn't second-guess a space's internal moderation unless it crosses into L1.

If we're wrong

Every enforcement action has an appeal.

A trained human, not the model that flagged it, reviews every appeal. If we were wrong, we say so publicly, restore the content, and log what we changed.

1Action takenUser receives the exact rule cited and the excerpt in question
2Appeal submittedOne-click from the notification. Add context in free-form text.
3Human reviewsDifferent person from the one who took the action. Median: 18 hours.
4Outcome loggedIf overturned, we publicize the rule change in the next policy notes.

Pillar 03 · Transparency

The numbers, every six months.

Published March and September. This table covers July – December 2024. The full PDF with methodology is at the bottom.

Total user reports

82,411

+14% vs H1 '24 · scales with user base

Content removed

11,240

13.6% of reports actioned

Accounts terminated

1,019

Repeat or severe violators

Appeals granted

24%

Of 4,120 appeals submitted

Government requests

67

31 complied · 22 narrowed · 14 rejected

NCMEC reports filed

118

All CSAM · median detect-to-report 54min

Uptime

99.98%

3 incidents · 27 minutes total downtime

Security disclosures

43

0 critical unpatched · median fix 6.2 days

Government requests · H2 2024 detail

We publish this because "we got 67 requests" alone is useless.

Requesting countryTypeCountCompliedChallengedRejected
United StatesSubpoena281873
United StatesSearch warrant121020
United StatesPreservation order8800
United KingdomRIPA / IPA5023
GermanyNetzDG4310
FranceCourt order3111
Other (6 countries)Mixed7232

"Challenged" = we went to court or filed a formal objection. "Rejected" = refused on procedural or scope grounds without litigation. Where permitted, we notified the affected user.

Warrant canary

As of March 14, 2025, Clikkin has not received any National Security Letter, FISA order, or other secret court order that would prevent us from saying so. If this statement disappears in a future update, assume otherwise.

-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTyVm0dKAj...
[truncated · full at /canary.txt]
-----END PGP SIGNATURE-----
H2 2024 report (PDF)42pp · signed · March 2025 H1 2024 reportSeptember 2024 H2 2023 reportMarch 2024 All reports (archive)2021 – present

Pillar 04 · Rule of law

When the state comes asking, this is our rubric.

What we require

  • Valid court order, subpoena, or warrant under US law, served to our registered agent in Delaware
  • MLAT or similar for foreign government requests
  • Specific, scoped request — no fishing expeditions
  • Emergency disclosure only with good-faith belief of imminent death or serious physical injury (18 U.S.C. § 2702(c)(4))

What we do

  • Review every request; narrow overbroad scope
  • Push back on non-particularized demands
  • Notify the affected user unless legally gagged
  • Publish annual transparency statistics
  • Preserve data only for the duration required by law

What we will not do

  • Build a backdoor. We can't decrypt DMs. We won't engineer a way to.
  • Comply with gag orders we believe are unconstitutional without challenging them
  • Provide bulk access, "lawful intercept" taps, or real-time monitoring
  • Identify anonymous whistleblowers on the basis of informal requests

For law enforcement

Guidelines for serving legal process on Clikkin, Inc.

Our Law Enforcement Guidelines specify what data is available, required legal process, emergency channel, and response timelines. Legal process must be served on our registered agent:

Clikkin, Inc.
c/o Incorporate Now LLC
1013 Centre Road · Wilmington, DE 19805
USA

Emergency disclosure line

For requests involving imminent risk of death or serious physical injury only. Verified through a law-enforcement portal; do not call unverified numbers.

Access the LE portal →

Report something

Pick the right channel.

!

Report a post or account

Long-press in the app, or hit the ⋮ menu. We respond within 24 hours; urgent safety threats within 1 hour.

In-app is fastest →

Report a security vulnerability

contact@clikkin.com · PGP key 0x8E1D4A2F. Bounties up to $10,000. 24-hour acknowledgement.

Email contact@ →
§

DMCA / copyright

Submit a properly-formed notice via our designated agent. We process within 10 business days and forward to the poster.

File a DMCA →

Mental health or crisis

If you or someone you know is in crisis, we can't replace a hotline. Resources by country, and how we route sensitive reports internally.

Crisis resources →