Top-percentile compliance posture · live as of Q1 2026

We built compliance-first from launch.

In a category where the median operator does almost nothing and the leader had to be forced into compliance by a near-death event, Chatalystar shipped a cryptographic identity chain, per-upload chain-of-custody, and 24-hour responsive infrastructure on day one.

See the architecture →Transparency data Read the white paper Report content

The landscape

Adult content is hosted everywhere from anonymous Telegram channels to verified mainstream subscription platforms. Here is where every meaningful tier sits — and where Chatalystar emerges. Theoretical maximum (hardware-rooted C2PA provenance) is shown as a dashed ghost above us; not yet practical at commercial scale.

Dark net / Telegram channels

0% verified · No accountability

Vibe-coded AI sites

Anonymous prompts · No identity binding

Tube sites (legacy)

Bulk uploaded · After-the-fact moderation

Mainstream subscription platforms

ID at signup · No per-upload binding

Post-reset Pornhub

Verified-uploader-only after 2020 purge

Chatalystar

Per-session attestation · Per-upload HMAC chain · 24h SLA

Theoretical maximum

Hardware-rooted C2PA provenance (not yet practical)

Export:SVG PNG PDF MP4

How every upload is anchored

Each layer is live in production and labeled with what it does and what it prevents. Scroll to reveal the chain in build order — identity binding → cryptographic binding → upload-time moderation → responsive infrastructure.

Export:SVG PNG PDF

Identity binding✓ Live
Veriff identity verification (21+)
Every Star completes third-party government-ID verification with biometric liveness before publishing.
Prevents: Anonymous accounts, underage creators, stolen identities.
Identity binding✓ Live
Wallet binding (EIP-712)
Veriff session hash, wallet address, and Creator Agreement version are signed into a typed-data attestation.
Prevents: Identity-spoofed accounts, wallet hijacks producing content under another creator's identity.
Identity binding✓ Live
Vault PIN (out-of-band)
An additional second factor required to enter the upload vault, separate from wallet keys.
Prevents: Stolen-device uploads, key compromise leading to direct vault access.
Cryptographic binding✓ Live
Per-session signed attestation
Each vault session emits a fresh EIP-712 attestation binding wallet → identity → agreement version → session ID.
Prevents: Replay attacks, session hijacking, post-hoc claims that 'someone else uploaded that.'
Cryptographic binding✓ Live
Per-upload binding
Every uploaded asset embeds a signed reference to the active session attestation at the moment of upload.
Prevents: Bulk uploads with no per-asset accountability; orphaned content with no identity trail.
Cryptographic binding✓ Live
HMAC chain of custody
Each upload row is HMAC-linked to the previous row in the creator's history; tampering breaks the chain.
Prevents: Silent edits to history; selective deletion of incriminating uploads while keeping the rest intact.
Upload-time moderation✓ Live
Container & EXIF inspection
Image and video metadata is extracted, normalized, and inspected. Suspicious tooling, missing capture timestamps, or embedded GPS soft-flag.
Prevents: Re-uploaded scraped content, undisclosed AI-generated material.
Upload-time moderation✓ Live
Sightengine NSFW & minor screening
Two-tier automated scanning of every upload; minor-likelihood matches are hard-blocked and queued for human review.
Prevents: CSAM, even at upload-time before any view occurs.
Upload-time moderation✓ Live
Public mission, banned-niches, 2257
Plain-English public policy pages stating creator/member age floors, banned content, and 2257 records custodian.
Prevents: Plausible-deniability defenses; the platform's standards are public, dated, and auditable.
Responsive infrastructure✓ Live
Triage queue + 24-hour SLA
Reports route to a moderation queue with severity-based routing; acknowledgement under 24 hours, action target under 24 hours for severity-1 cases.
Prevents: Stale reports, content lingering for days while a person tries to get it removed.
Responsive infrastructure✓ Live
NCMEC + IWF + StopNCII integration
Hash-matching against industry CSAM and NCII hash lists; confirmed matches are reported to NCMEC under 18 USC § 2258A.
Prevents: Re-circulation of known harm material; failure to report under federal mandate.
Responsive infrastructure✓ Live
Quarterly transparency reports
Anonymized quarterly stats on removal requests received, response times, action rates, appeal outcomes, NCMEC reports filed.
Prevents: Opaque moderation; regulators / press / partners cannot independently audit posture.
Responsive infrastructure✓ Live
Law enforcement liaison
Dedicated le@chatalystar.com inbox for valid legal process; preservation requests honored; subpoena response under SLA.
Prevents: Investigators stuck behind a contact form; preservation requests dropping on the floor.

How we compare

Composite percentile scores across identity binding, per-upload accountability, response SLA, NCMEC integration, and transparency. Methodology is documented in the white paper.

Where every platform sits

Composite score: identity binding · per-upload accountability · response SLA · NCMEC integration · transparency

As of Q1 2026

Theoretical maximum (C2PA + hardware roots)

Aspirational — not yet commercially practical

100

P100

Chatalystar

Per-session attestation · per-upload HMAC chain · 24h SLA · NCMEC

P99

Pornhub (post-2020 reset)

Verified-uploader-only after the December 2020 purge

P84

OnlyFans

Identity at signup; bulk-uploads not per-asset bound

P78

Fansly

Identity at signup; reactive moderation queue

P72

Mainstream subscription median

Industry baseline for paid creator platforms

P65

XVideos / XHamster

Bulk-uploaded; after-the-fact moderation only

P35

Vibe-coded AI companion sites

Anonymous prompts; no identity binding; no audit trail

Telegram channels / dark net

Zero verification; zero accountability

Scores are Chatalystar's own composite assessment based on each platform's published policies and observable behavior at content-upload, takedown, and reporting moments. Methodology in the white paper.

Standards we meet — every row live at launch

Tech Coalition principles, NCMEC operational requirements, EU DSA articles (including Article 34 risk assessment), UK Online Safety Act duties, US state age-verification laws, and 18 USC § 2257 / § 2257A.

Standard / framework	Requirement	Live Chatalystar implementation	Status
Tech Coalition (Voluntary Principles) /banned-content · /trust/whitepaper	Adopt safety-by-design and transparency for child sexual exploitation	Sightengine minor screening hard-blocks at upload; quarterly transparency reports; public banned-content policy	Live
NCMEC (18 USC § 2258A) /trust#contact · le@chatalystar.com	Mandatory reporting of apparent CSAM to NCMEC CyberTipline	Automated CyberTipline submission for confirmed matches; preservation per § 2258A(h); LE liaison inbox	Live
EU DSA Article 14 /trust/report	Notice-and-action mechanism with statement of reasons	Public /trust/report form; tracking reference; SOR returned to reporter and content owner	Live
EU DSA Article 16-17 /community-guidelines	Trusted-flagger priority + restriction reasoning	Trusted-flagger lane in triage queue; restrictions accompanied by published policy citation	Live
EU DSA Article 24 (transparency) /trust#transparency	Annual transparency report with quantitative moderation data	Quarterly cadence (exceeds annual minimum); per-category counts; appeal outcomes; mean response time	Live
EU DSA Article 34 (risk assessment) /trust/whitepaper	Annual systemic-risk assessment for VLOPs (and voluntary for smaller platforms)	Risk register published with /trust whitepaper Annex C; reviewed and re-published quarterly	Live
UK Online Safety Act (Illegal Content Duty) /trust/report	Proactive measures to prevent illegal content; risk assessment; reporting routes	Pre-publication minor screening; banned-content public list; trust@/report@ inboxes; 24h SLA	Live
UK Online Safety Act (Children's Safety Duty) /why-21 · /community-guidelines	Highly effective age assurance for adult content	Veriff government-ID + biometric liveness for creators; age-confirmed gate at member NSFW unlock	Live
California AB 1394 / SB 1381 (NCII) /trust#contact	Reasonable steps to remove non-consensual intimate imagery within 48 hours of report	Stop NCII hash integration; severity-1 routing; 24-hour action target (exceeds 48h floor)	Live
18 USC § 2257 / § 2257A /2257	Records-keeping for performers in sexually explicit content	Veriff verification records retained; per-upload performer-binding via session attestation; named custodian	Live
Texas SB 12 / Utah SB 287 / Louisiana HB 142 (state age-verification) /age-verification	Reasonable age-verification before adult content access in regulated states	State-aware geolocation gate routes to commercial age verification flow before NSFW exposure	Live
Stop NCII (operational integration) /trust/whitepaper Annex B	Hash-match against industry NCII database before publication	Hash-check on upload; matches hard-blocked and routed to dedicated NCII queue	Live
IWF hash list (CSAM) /trust/whitepaper Annex B	Operational use of IWF hash list for known-CSAM blocking	IWF list integrated alongside Sightengine; matches hard-blocked + NCMEC report	Live

Live transparency data

Anonymized aggregates pulled from the responsive-infrastructure pipeline. Most-recent complete quarter, refreshed automatically at quarter close.

Loading the most recent quarter's transparency data…

Direct lines

Each inbox routes to the appropriate ops queue with the SLA shown. If you are not sure where to send something, use trust@chatalystar.com — we will route it. To submit a removal report through a structured form, use /trust/report.

report@chatalystar.comurgent

Anyone reporting harm

URLs, screenshots, your relationship to the content (subject / parent / authorized rep / rights holder).

Acknowledged within 4 hours · Action within 24 hours

trust@chatalystar.comstandard

Press, researchers, regulators, partners

Policy questions, transparency-data requests, briefing requests, due-diligence inquiries.

Replied within 48 business hours

le@chatalystar.comurgent

Law enforcement (with valid legal process)

Subpoenas, preservation requests, emergency disclosure requests, jurisdiction and badge / agency identifier.

Acknowledged within 24 hours · Emergency under 6 hours

dmca@chatalystar.comstandard

Standard DMCA notice elements (17 USC § 512(c)(3)) or international equivalent. See /dmca for the form.

Acknowledged within 48 hours

2257@chatalystar.cominfo

18 USC § 2257 records inspection requests

Written request to the records custodian per /2257; agency or counsel identifier.

Coordinated by appointment per § 2257 protocol

support@chatalystar.comstandard

Members and creators with account questions

Anything that isn't a takedown / policy / law-enforcement matter.

Replied within 1 business day

legal@chatalystar.cominfo

General legal correspondence

Service of process and other legal correspondence not handled by le@.

Replied within 5 business days

The white paper

v1.0 · April 2026

Eight-page technical document covering problem framing, the full deployed architecture (Phase 1 + Phase 2), threat model, mapping to standards, verification approach, risk register, and the future roadmap.

· Problem framing & scope
· Identity binding chain (Phase 1)
· Responsive infrastructure (Phase 2)
· Threat model & abuse cases
· Standards mapping (DSA · OSA · § 2257)
· Verification approach & methodology
· Annex A — cryptographic primitives
· Annex B — hash-list integrations
· Annex C — Article 34 risk register
· Annex D — methodology for comparison scores

Read in browser Download PDF

Embed our standards comparison

Free for editorial, research, policy, and creator-platform use. The iframe is sandboxed (no executable JS), ships with Schema.org structured data, and includes a do-follow backlink.

Use this comparison on your site

Sandboxed iframe + Schema.org structured data + do-follow backlink. Free for editorial, research, policy, and creator-platform use.

Bar chart with the top 5 platforms.

<iframe src="https://www.chatalystar.com/trust/embed?variant=medium"
        width="600" height="360"
        loading="lazy" referrerpolicy="no-referrer"
        sandbox="allow-same-origin"
        title="Chatalystar — Trust & Safety Comparison"
        style="border:0;max-width:100%;display:block"></iframe>
<p style="font:12px system-ui,sans-serif;color:#666;margin:6px 0 0">
  Powered by <a href="https://www.chatalystar.com/trust" rel="external" target="_blank">Chatalystar Trust &amp; Safety</a>
</p>
<script type="application/ld+json">{"@context":"https://schema.org","@type":"CreativeWork","name":"Chatalystar Trust & Safety Comparison","url":"https://www.chatalystar.com/trust","publisher":{"@type":"Organization","name":"Chatalystar","url":"https://www.chatalystar.com"}}</script>

Open the live embed in a new tab →Read methodology in the white paper →

Related policies

Page last reviewed April 8, 2026. Sub-policy pages keep their own URLs for deep-linking; this page is the canonical parent. Need a briefing? trust@chatalystar.com

We built compliance-first from launch.

The landscape

Dark net / Telegram channels

0% verified · No accountability

Vibe-coded AI sites

Anonymous prompts · No identity binding

Tube sites (legacy)

Bulk uploaded · After-the-fact moderation

Mainstream subscription platforms

ID at signup · No per-upload binding

Post-reset Pornhub

Verified-uploader-only after 2020 purge

Chatalystar

Per-session attestation · Per-upload HMAC chain · 24h SLA

Theoretical maximum

Hardware-rooted C2PA provenance (not yet practical)

Export:SVG PNG PDF MP4

How every upload is anchored

Export:SVG PNG PDF

Identity binding✓ Live
Veriff identity verification (21+)
Every Star completes third-party government-ID verification with biometric liveness before publishing.
Prevents: Anonymous accounts, underage creators, stolen identities.
Identity binding✓ Live
Wallet binding (EIP-712)
Veriff session hash, wallet address, and Creator Agreement version are signed into a typed-data attestation.
Prevents: Identity-spoofed accounts, wallet hijacks producing content under another creator's identity.
Identity binding✓ Live
Vault PIN (out-of-band)
An additional second factor required to enter the upload vault, separate from wallet keys.
Prevents: Stolen-device uploads, key compromise leading to direct vault access.
Cryptographic binding✓ Live
Per-session signed attestation
Each vault session emits a fresh EIP-712 attestation binding wallet → identity → agreement version → session ID.
Prevents: Replay attacks, session hijacking, post-hoc claims that 'someone else uploaded that.'
Cryptographic binding✓ Live
Per-upload binding
Every uploaded asset embeds a signed reference to the active session attestation at the moment of upload.
Prevents: Bulk uploads with no per-asset accountability; orphaned content with no identity trail.
Cryptographic binding✓ Live
HMAC chain of custody
Each upload row is HMAC-linked to the previous row in the creator's history; tampering breaks the chain.
Prevents: Silent edits to history; selective deletion of incriminating uploads while keeping the rest intact.
Upload-time moderation✓ Live
Container & EXIF inspection
Image and video metadata is extracted, normalized, and inspected. Suspicious tooling, missing capture timestamps, or embedded GPS soft-flag.
Prevents: Re-uploaded scraped content, undisclosed AI-generated material.
Upload-time moderation✓ Live
Sightengine NSFW & minor screening
Two-tier automated scanning of every upload; minor-likelihood matches are hard-blocked and queued for human review.
Prevents: CSAM, even at upload-time before any view occurs.
Upload-time moderation✓ Live
Public mission, banned-niches, 2257
Plain-English public policy pages stating creator/member age floors, banned content, and 2257 records custodian.
Prevents: Plausible-deniability defenses; the platform's standards are public, dated, and auditable.
Responsive infrastructure✓ Live
Triage queue + 24-hour SLA
Reports route to a moderation queue with severity-based routing; acknowledgement under 24 hours, action target under 24 hours for severity-1 cases.
Prevents: Stale reports, content lingering for days while a person tries to get it removed.
Responsive infrastructure✓ Live
NCMEC + IWF + StopNCII integration
Hash-matching against industry CSAM and NCII hash lists; confirmed matches are reported to NCMEC under 18 USC § 2258A.
Prevents: Re-circulation of known harm material; failure to report under federal mandate.
Responsive infrastructure✓ Live
Quarterly transparency reports
Anonymized quarterly stats on removal requests received, response times, action rates, appeal outcomes, NCMEC reports filed.
Prevents: Opaque moderation; regulators / press / partners cannot independently audit posture.
Responsive infrastructure✓ Live
Law enforcement liaison
Dedicated le@chatalystar.com inbox for valid legal process; preservation requests honored; subpoena response under SLA.
Prevents: Investigators stuck behind a contact form; preservation requests dropping on the floor.

How we compare

Composite percentile scores across identity binding, per-upload accountability, response SLA, NCMEC integration, and transparency. Methodology is documented in the white paper.

Where every platform sits

Composite score: identity binding · per-upload accountability · response SLA · NCMEC integration · transparency

As of Q1 2026

Theoretical maximum (C2PA + hardware roots)

Aspirational — not yet commercially practical

100

P100

Chatalystar

Per-session attestation · per-upload HMAC chain · 24h SLA · NCMEC

P99

Pornhub (post-2020 reset)

Verified-uploader-only after the December 2020 purge

P84

OnlyFans

Identity at signup; bulk-uploads not per-asset bound

P78

Fansly

Identity at signup; reactive moderation queue

P72

Mainstream subscription median

Industry baseline for paid creator platforms

P65

XVideos / XHamster

Bulk-uploaded; after-the-fact moderation only

P35

Vibe-coded AI companion sites

Anonymous prompts; no identity binding; no audit trail

Telegram channels / dark net

Zero verification; zero accountability

Standards we meet — every row live at launch

Standard / framework	Requirement	Live Chatalystar implementation	Status
Tech Coalition (Voluntary Principles) /banned-content · /trust/whitepaper	Adopt safety-by-design and transparency for child sexual exploitation	Sightengine minor screening hard-blocks at upload; quarterly transparency reports; public banned-content policy	Live
NCMEC (18 USC § 2258A) /trust#contact · le@chatalystar.com	Mandatory reporting of apparent CSAM to NCMEC CyberTipline	Automated CyberTipline submission for confirmed matches; preservation per § 2258A(h); LE liaison inbox	Live
EU DSA Article 14 /trust/report	Notice-and-action mechanism with statement of reasons	Public /trust/report form; tracking reference; SOR returned to reporter and content owner	Live
EU DSA Article 16-17 /community-guidelines	Trusted-flagger priority + restriction reasoning	Trusted-flagger lane in triage queue; restrictions accompanied by published policy citation	Live
EU DSA Article 24 (transparency) /trust#transparency	Annual transparency report with quantitative moderation data	Quarterly cadence (exceeds annual minimum); per-category counts; appeal outcomes; mean response time	Live
EU DSA Article 34 (risk assessment) /trust/whitepaper	Annual systemic-risk assessment for VLOPs (and voluntary for smaller platforms)	Risk register published with /trust whitepaper Annex C; reviewed and re-published quarterly	Live
UK Online Safety Act (Illegal Content Duty) /trust/report	Proactive measures to prevent illegal content; risk assessment; reporting routes	Pre-publication minor screening; banned-content public list; trust@/report@ inboxes; 24h SLA	Live
UK Online Safety Act (Children's Safety Duty) /why-21 · /community-guidelines	Highly effective age assurance for adult content	Veriff government-ID + biometric liveness for creators; age-confirmed gate at member NSFW unlock	Live
California AB 1394 / SB 1381 (NCII) /trust#contact	Reasonable steps to remove non-consensual intimate imagery within 48 hours of report	Stop NCII hash integration; severity-1 routing; 24-hour action target (exceeds 48h floor)	Live
18 USC § 2257 / § 2257A /2257	Records-keeping for performers in sexually explicit content	Veriff verification records retained; per-upload performer-binding via session attestation; named custodian	Live
Texas SB 12 / Utah SB 287 / Louisiana HB 142 (state age-verification) /age-verification	Reasonable age-verification before adult content access in regulated states	State-aware geolocation gate routes to commercial age verification flow before NSFW exposure	Live
Stop NCII (operational integration) /trust/whitepaper Annex B	Hash-match against industry NCII database before publication	Hash-check on upload; matches hard-blocked and routed to dedicated NCII queue	Live
IWF hash list (CSAM) /trust/whitepaper Annex B	Operational use of IWF hash list for known-CSAM blocking	IWF list integrated alongside Sightengine; matches hard-blocked + NCMEC report	Live

Embed our standards comparison

Free for editorial, research, policy, and creator-platform use. The iframe is sandboxed (no executable JS), ships with Schema.org structured data, and includes a do-follow backlink.

Use this comparison on your site

Sandboxed iframe + Schema.org structured data + do-follow backlink. Free for editorial, research, policy, and creator-platform use.

Bar chart with the top 5 platforms.

<iframe src="https://www.chatalystar.com/trust/embed?variant=medium"
        width="600" height="360"
        loading="lazy" referrerpolicy="no-referrer"
        sandbox="allow-same-origin"
        title="Chatalystar — Trust & Safety Comparison"
        style="border:0;max-width:100%;display:block"></iframe>
<p style="font:12px system-ui,sans-serif;color:#666;margin:6px 0 0">
  Powered by <a href="https://www.chatalystar.com/trust" rel="external" target="_blank">Chatalystar Trust &amp; Safety</a>
</p>
<script type="application/ld+json">{"@context":"https://schema.org","@type":"CreativeWork","name":"Chatalystar Trust & Safety Comparison","url":"https://www.chatalystar.com/trust","publisher":{"@type":"Organization","name":"Chatalystar","url":"https://www.chatalystar.com"}}</script>

Open the live embed in a new tab →Read methodology in the white paper →

The landscape

How every upload is anchored

Veriff identity verification (21+)

Wallet binding (EIP-712)

Vault PIN (out-of-band)

Per-session signed attestation

Per-upload binding

HMAC chain of custody

Container & EXIF inspection

Sightengine NSFW & minor screening

Public mission, banned-niches, 2257

Triage queue + 24-hour SLA

NCMEC + IWF + StopNCII integration

Quarterly transparency reports

Law enforcement liaison

How we compare

Where every platform sits

Standards we meet — every row live at launch

Live transparency data

Direct lines

The white paper

Embed our standards comparison

Use this comparison on your site

Related policies

The landscape

How every upload is anchored

Veriff identity verification (21+)

Wallet binding (EIP-712)

Vault PIN (out-of-band)

Per-session signed attestation

Per-upload binding

HMAC chain of custody

Container & EXIF inspection

Sightengine NSFW & minor screening

Public mission, banned-niches, 2257

Triage queue + 24-hour SLA

NCMEC + IWF + StopNCII integration

Quarterly transparency reports

Law enforcement liaison

How we compare

Where every platform sits

Standards we meet — every row live at launch

Live transparency data

Direct lines

The white paper

Embed our standards comparison

Use this comparison on your site

Related policies