Outglow legal

Child Sexual Abuse and Exploitation (CSAE) Standards

Effective May 26, 2026. Legal version 2026-05-26-csae-1.

1. Scope and definitions

For the purposes of these Standards, the terms below carry the meanings used by the U.S. National Center for Missing & Exploited Children (NCMEC), the WeProtect Global Alliance Model National Response, and INHOPE.

• Child / minor means any person under the age of 18, regardless of any local age of consent.
• Child sexual abuse material (CSAM) includes any visual, textual, audio, or interactive depiction that sexualizes a minor or that depicts the sexual abuse or exploitation of a minor. This includes photo-realistic, AI-generated, computer-generated, drawn, animated, or deepfake material. Real or simulated, all of it is prohibited.
• Child sexual abuse and exploitation (CSAE) means CSAM plus any related conduct, including but not limited to:
  • Grooming — building a relationship, trust, or emotional connection with a minor in order to manipulate, exploit, or abuse them.
  • Sextortion — threatening to release sexual content of a minor unless they pay money, send more content, or perform other acts.
  • Solicitation — requesting, encouraging, or attempting to receive sexual content from a minor; offering or attempting to send sexual content to a minor; arranging to meet a minor for sexual contact.
  • Sexualization of minors — captions, hashtags, comments, edits, or filters that present a minor in a sexualized context, even when the underlying image is not, on its own, illegal.
  • Trafficking — advertising, brokering, or arranging the sale, transport, or exchange of a minor for sexual purposes.
  • Distribution and possession — uploading, sharing, linking to, requesting, advertising, or storing CSAM in any form, including in direct messages, profile fields, hashtags, or external links.
  • Self-generated CSAM — content produced by a minor of themselves; the minor is treated as a victim, not as an offender.

2. Zero-tolerance policy

Any CSAE content, conduct, or attempt is strictly prohibited on Outglow. When we detect CSAE we will, at minimum and without prior warning:

1. Remove the content from every product surface.
2. Permanently terminate the responsible account and any associated accounts.
3. Preserve the content, account, and associated metadata as required by law.
4. File a CyberTipline report with the U.S. National Center for Missing & Exploited Children (NCMEC) as required by 18 U.S.C. § 2258A, and cooperate with law enforcement requests that follow.
5. Where the offender or the victim is outside the United States, forward the report through INHOPE or to the appropriate national hotline as a matter of standard practice.

These actions apply even if the account is otherwise in good standing, even if the content was reported only by another user, and even if the responsible person claims the depicted minor is fictional, of legal age, or computer- generated. We do not require law enforcement involvement before taking action; we act first and report.

3. Age requirements and age assurance

Outglow requires a minimum age of 13, or the higher minimum age set by local law (for example, 14 in Spain, 15 in France, or 16 in Germany, Italy, and several other EU member states under GDPR Article 8). Users below the minimum age may not create an account or use the service.

At signup we collect a country and a date of birth and we enforce the minimum age per-country before creating the account. We retain the date of birth so we can age-gate features and so we can respond to law-enforcement requests about a specific user. If we have reason to believe an account is operated by a person below the minimum age, we suspend the account, request age verification, and delete the account and its content if verification is not provided.

Outglow does not publish content rated for adult audiences, does not host adult creator categories, and does not allow nudity or sexually explicit content anywhere on the service — see our Terms of Service and the broader Community Guidelines they reference.

4. Prevention by design

We design product features to reduce the risk of CSAE at the source rather than only after the fact. Specific measures include:

• Default-safe direct messages. Users can mute or block any other user at any time. Blocks are mutual and bidirectional: a blocked user cannot start a new conversation, follow, see the blocker's profile, or appear in their feed.
• Account-level controls. Users can restrict who may comment on their posts ("everyone", "people you follow", or "no one") and filter comments by keyword.
• Public profile minimum. Profiles do not surface a user's email address, phone number, date of birth, precise location, or any other personally identifying field by default. The signup country and DOB are kept private and used only to enforce age requirements and to respond to legal requests.
• Two-factor authentication. 2FA over an authenticator app, email, or SMS is available to every user. Recovery codes are issued once at enrolment and stored only as hashes.
• Account integrity. We rate-limit signup, login, password reset, and verification flows; we tokenize sessions and rotate refresh tokens; we revoke every session when an account is suspended or when 2FA is reset by a moderator.
• Search and discovery limits. We do not allow hashtags or search terms that promote CSAE. Terms that have been used historically to traffic in CSAE are blocklisted from auto-suggest, trending strips, and topic pages.
• External link review. Links to known CSAM-hosting domains are blocked at the comment and message layer. Profile and message links are plain text and not auto-redirected.

5. Detection

We combine proactive and reactive detection so we catch CSAE whether or not a user reports it.

• Automated content scanning. Every image, video frame, thumbnail, caption, comment, direct message, and profile field is scanned when it is uploaded or edited. Scans look for known CSAM (matched against industry hash lists where available), for visual signals consistent with CSAM, and for textual signals consistent with grooming, sextortion, and minor-sexualization. Content that matches is queued to a safety review and made invisible to other users until reviewed.
• Account-behavior signals. We flag accounts whose behavior pattern is consistent with grooming, age-deception, or coordinated exploitation — for example, an adult account sending many opening direct messages to accounts that present as minors, mass-blocking by minor accounts, or sudden bursts of contact across many recipients.
• User reports. Every screen that surfaces user-generated content — posts, comments, profiles, battles, messages — exposes a "Report" action. The report form lets the user pick "CSAE / child safety" as a category, which routes the report into a dedicated, priority queue.
• Internal escalation. Any moderator or admin can route a piece of content to the priority CSAE queue directly from the moderation surface.

6. Reporting CSAE on Outglow

Users on Outglow can report any post, comment, profile, battle, or direct message by tapping the overflow menu and choosing "Report". The form lets the reporter pick "Child sexual abuse or exploitation (CSAE)" as the reason; that category jumps the moderation queue ahead of every other category.

Users may also contact us directly:

• By email at safety@outglow.live — monitored daily, including weekends. Please include any URLs, usernames, screenshots, and a brief description.
• By mail at Umbra Global LLC, 30 N Gould St 127962, Sheridan, WY 82801, USA, Attention: Trust & Safety.

You do not need an Outglow account to send a CSAE report. You can use a pseudonym. We will keep the reporter's identity confidential to the extent permitted by law.

If a child is in immediate danger, please contact local emergency services first. In the United States that is 911. You can also report directly to NCMEC at report.cybertip.org or by phone at 1-800-843-5678; outside the United States, find your nearest member hotline at inhope.org.

7. Response, removal, and enforcement

When a report or detection event lands in the CSAE queue, the responsible safety team — internal moderators with appropriate access controls, trained on Outglow's policies and the legal regime described in this document — reviews it on a priority schedule.

On a confirmed CSAE finding we will, in this order:

1. Preserve. Cryptographically preserve the content, account, and metadata required for the NCMEC report and for any subsequent law enforcement subpoena.
2. Remove. Take the content down from every public surface, message thread, and cache. Hide the offending account so it is no longer discoverable.
3. Terminate. Permanently disable the offending account, every known associated account (same device, same email, same payment instrument where applicable), revoke every session, and prevent re-registration with the same identifying signals.
4. Report to NCMEC. File a CyberTipline report with NCMEC, including content, metadata, IP addresses, timestamps, and the user information required by 18 U.S.C. § 2258A. We do not voluntarily release content or metadata to anyone other than NCMEC, law enforcement under valid legal process, or the user themselves (subject to safety review).
5. Cooperate. Respond to follow-on subpoenas, preservation requests, and emergency disclosure requests from competent law enforcement.
6. Notify affected users where appropriate. If a minor appears to be the victim, we will not contact the minor without first consulting a child-safety partner; we will not contact the offender.

Other CSAE-adjacent conduct that does not meet the CSAM bar (for example, sexualizing captions on otherwise lawful images of minors, grooming behavior with no explicit content, or self-described age-deception by an adult account) is still prohibited and is handled with account suspension, account termination, or law-enforcement referral as the facts justify.

8. NCMEC reporting and legal compliance

Outglow is a U.S. provider for the purposes of 18 U.S.C. § 2258A and reports apparent CSAM to NCMEC's CyberTipline as required by federal law. We treat the obligation as a floor, not a ceiling — we report any content that appears to constitute CSAM regardless of whether the report is technically required.

We retain the content the CyberTipline report references for the period required by 18 U.S.C. § 2258A(h) (90 days minimum, longer at NCMEC or law enforcement request) so that law enforcement can investigate without losing evidence to platform retention policies.

For users and victims outside the United States we forward the report through INHOPE or to the relevant national hotline. We respond to requests from foreign law enforcement through MLAT or other lawful channels; we do not provide content data directly to foreign governments outside those processes.

We comply with applicable national CSAE laws in addition to U.S. law, including the EU's CSAR proposal and existing transparency obligations under the Digital Services Act, the UK's Online Safety Act, Australia's Online Safety Act 2021, Canada's Mandatory Reporting Act, India's POCSO Act, and equivalents.

9. Appeals

We get enforcement wrong sometimes. Accounts removed for CSAE may appeal in writing to safety@outglow.live. We review every appeal on the merits. CSAE removals that are confirmed on appeal are not reversed; honest mistakes are reversed and the account is restored.

We do not provide an appeal channel that would let a person reach a child they have been removed from contacting.

10. Transparency

We publish an annual transparency report covering CSAE detection, the volume of CyberTipline reports filed, the volume of account terminations under this Standard, and the high-level categories of conduct involved. The transparency report does not identify specific accounts, content, or victims.

We also publish material changes to this Standard with a new effective date and legal version above. Substantive changes are summarized in the change log below.

11. Industry partners and helpful resources

• NCMEC CyberTipline — U.S. report channel, accepts public reports.
• INHOPE — international association of CSAM hotlines.
• Internet Watch Foundation (IWF) — UK hotline and operator of the global CSAM hash list.
• Thorn — child safety technology and research.
• WeProtect Global Alliance — international policy and operations framework.
• Cybertip.ca — Canadian hotline operated by the Canadian Centre for Child Protection.

12. Contact

Safety escalations and CSAE reports: safety@outglow.live

Legal entity: Umbra Global LLC, doing business as Outglow
Address: 30 N Gould St 127962, Sheridan, WY 82801, USA
General support: support@outglow.live
Terms: /legal/terms
Privacy: /legal/privacy

Change log

• 2026-05-26-csae-1 — First published version.