Child Safety Standards

1. Age Restriction & Access Control

Troy Circle is an 18+ platform exclusively. Access is not open to the public — every user must submit a membership application that is reviewed and approved manually by Troy Circle staff before any access is granted.

Our age enforcement measures include:

• Mandatory date-of-birth declaration during registration, validated server-side
• Manual review of each application by Troy Circle staff prior to approval
• Immediate and permanent account termination upon discovery that a user is or was a minor at time of registration
• Firestore security rules enforcing minimum age at the database layer (dateOfBirth + 568,036,800 seconds ≤ request timestamp)

2. Prohibited Content & Conduct

The following are strictly prohibited on Troy Circle and constitute grounds for immediate account termination and mandatory reporting to law enforcement authorities:

• Any imagery, video, audio, or text that sexually depicts, exploits, or abuses minors (CSAM)
• Grooming — any communication designed to gain the trust of a minor for the purpose of sexual exploitation
• Solicitation — requesting or distributing CSAM in any form, including links to external sources
• Trafficking — content facilitating the sexual trafficking or commercial sexual exploitation of minors
• Sextortion — coercing minors into producing or sharing sexual content through threats
• Any attempt to circumvent age verification or access controls to engage with minors

There are no exceptions to these prohibitions. Artistic, educational, or fictional framing does not exempt content from this policy.

3. Legal Framework

Troy Circle operates in compliance with the following legal instruments:

European Union

• EU DSA 2022/2065 Digital Services Act — obligations for online platforms regarding illegal content, including CSAM, effective February 2024
• EU 2011/93 Directive on combating the sexual abuse and sexual exploitation of children and child pornography
• GDPR 2016/679 General Data Protection Regulation — special protections for data relating to minors

Spain

• CP Art. 183–189 Código Penal — delitos contra la libertad e indemnidad sexuales de menores
• LO 8/2021 Ley Orgánica de protección integral a la infancia y la adolescencia frente a la violencia (LOPIVI)
• LO 3/2018 Ley Orgánica de Protección de Datos Personales y garantía de derechos digitales (LOPDGDD)
• Ley 34/2002 Ley de Servicios de la Sociedad de la Información (LSSI)

International

• UNCRC 1989 United Nations Convention on the Rights of the Child
• Budapest Convention 2001 Council of Europe Convention on Cybercrime — Art. 9 (child pornography)
• Lanzarote Convention 2007 Council of Europe Convention on Protection of Children against Sexual Exploitation and Abuse

4. Technical & Organisational Measures

Troy Circle implements the following technical and organisational safeguards:

• Invite-only access model — no user can self-register without a prior invitation and manual approval; there is no public sign-up flow
• Server-side age validation — age is computed from dateOfBirth and enforced in Firestore security rules; client-side values cannot be spoofed
• Firebase App Check — only verified app builds can make API calls, blocking automated abuse tools
• End-to-end message encryption — AES-256-CBC encryption for all chat messages, limiting exposure in the event of a breach
• FCM token isolation — push notification tokens stored in private subcollections, inaccessible to other users
• Screenshot prevention — FLAG_SECURE (Android) and privacy overlay (iOS) prevent screen capture of sensitive content
• Firestore security rules — users cannot read, write, or modify data outside their authorised scope
• Admin moderation panel — dedicated admin interface for reviewing reports, approving/rejecting applications, and adjusting user standing
• Moral Score system — behavioural scoring system that surfaces and penalises abusive conduct

5. Detection & Moderation

Troy Circle employs the following detection and moderation procedures:

• All new member applications are reviewed manually before access is granted — this is our primary prevention layer
• In-app reporting allows any user to flag profiles, messages, or content for immediate review
• All reports are reviewed by Troy Circle staff within 24 hours
• Reported content is preserved as evidence for a minimum of 90 days pending investigation
• Accounts subject to a credible report are suspended pending review
• Troy Circle reserves the right to access and review reported message content using admin decryption tools for the sole purpose of investigating safety violations

6. Mandatory Reporting Obligations

Upon identifying confirmed or credible suspected CSAM on the platform, Troy Circle will take the following actions without delay:

1. Immediately remove the content and suspend the associated account
2. Preserve all relevant evidence (content, metadata, account data, IP logs) as required by law
3. Submit a report to the National Center for Missing & Exploited Children (NCMEC) CyberTipline at missingkids.org pursuant to 18 U.S.C. § 2258A
4. Notify the Agencia Española de Protección de Datos (AEPD) where required under GDPR Art. 33
5. Report to Spanish law enforcement — Brigada de Investigación Tecnológica (BIT) of the Policía Nacional or the Grupo de Delitos Telemáticos of the Guardia Civil
6. Cooperate fully with Europol's European Cybercrime Centre (EC3) and Interpol upon request
7. Submit reports to the INHOPE network hotline for Spain (Protégeles / CTIC) where applicable

7. User Reporting

Troy Circle provides in-app reporting tools accessible on every user profile and within every chat conversation. Users can report:

• Fake or impersonation profiles
• Inappropriate or illegal content
• Harassment or threatening behaviour
• Suspected underage users
• Any content that appears to involve the exploitation of minors

Reports relating to child safety are escalated immediately and treated as the highest priority. Users who submit good-faith reports are protected from retaliation.

To report outside the app or for urgent concerns, contact us directly at hello@troycircle.app with subject line CHILD SAFETY REPORT.

8. Enforcement & Account Actions

Violations of this policy result in the following actions, which may be applied individually or in combination:

• Immediate account suspension — pending investigation of any credible report
• Permanent account termination — for confirmed violations, with no possibility of reinstatement
• Device and IP blocking — to prevent re-registration from the same device or network
• Evidence preservation and mandatory reporting — as described in Section 6
• Referral to law enforcement — Troy Circle will proactively refer confirmed cases to the appropriate authorities without waiting for a formal request

Troy Circle does not offer appeals processes for violations of child safety policy. These decisions are final.

9. Law Enforcement Cooperation

Troy Circle will respond to lawful requests from competent authorities in Spain, the European Union, and internationally. This includes:

• Preservation and disclosure of account data, message metadata, and IP logs upon receipt of a valid legal order
• Emergency disclosure of data where there is an imminent risk to the life or safety of a child, without requiring a formal order
• Full cooperation with Europol, Interpol, and national law enforcement agencies in cross-border investigations
• Compliance with orders from the Fiscalía de Menores and Spanish judicial authorities

Law enforcement agencies may direct formal requests to: hello@troycircle.app

10. Contact & Responsible Disclosure