1. Scope & Definitions

This Child Safety & CSAM Reporting Policy ("Policy") applies to all content, users, accounts, and conduct on the JamStream Service. It is incorporated by reference into the Terms of Service and Privacy Policy.

• CSAM (Child Sexual Abuse Material) — Any visual depiction (photograph, video, illustration, computer-generated image, deepfake, or any other form) of sexually explicit conduct involving a minor, as defined under 18 U.S.C. § 2256, EU Directive 2011/93/EU Art. 2(c), Israeli Penal Law § 214(b), and the laws of every other jurisdiction in which JamStream operates. CSAM includes apparent CSAM, virtual/AI-generated CSAM, and morphed CSAM, all of which are illegal and prohibited.
• Minor — Any natural person under 18 years of age (or such higher age as required by local law).
• NCMEC — The National Center for Missing & Exploited Children, a US 501(c)(3) non-profit and the designated entity for CyberTipline reports under 18 U.S.C. § 2258A.
• CyberTipline — NCMEC's centralized reporting platform for child exploitation, accessible at report.cybertip.org for registered Electronic Service Providers (ESPs).
• ESP (Electronic Service Provider) — A "provider of an electronic communication service or remote computing service" as defined in 18 U.S.C. § 2258E. JAMSTREAM LTD is a registered ESP with NCMEC, registered as JAMSTREAMLTD.
• PhotoDNA — Microsoft's hash-matching technology that identifies known CSAM by comparing image hashes against databases maintained by NCMEC, Cybertip.ca, the Child Internet Watch Foundation (IWF), and Thorn.
• Trusted Flagger — A recognized child-safety organization (NCMEC, IWF, INHOPE members, etc.) authorized to notify JamStream of suspected CSAM on the platform via the dedicated safety@jamstream.live channel.

2. Zero Tolerance & Prohibited Content

JamStream maintains an absolute, zero-tolerance prohibition on all forms of child sexual exploitation, including but not limited to:

• CSAM in any form (real, virtual, AI-generated, morphed, drawn, animated)
• Grooming, solicitation, or attempted sexual communication with minors
• Sexualized content involving minors, even if not depicting explicit acts (e.g. sexualized poses, costumes, or framing)
• Content that promotes, glorifies, normalizes, or instructs child sexual abuse
• Communities, groups, hashtags, or coded language used to share or coordinate access to CSAM (including "MAP" / "minor-attracted person" advocacy and similar)
• Coordination of contact between adults and minors outside the platform for any sexual purpose
• Sextortion, financial exploitation, or any coercive demand involving minors
• Sale, trade, or solicitation of CSAM, including in private messages, room chat, or virtual gifts/tips referencing such content

Violation of any of the above results in immediate account termination, permanent ban, evidence preservation, mandatory NCMEC reporting, and where applicable, referral to law enforcement.

3. Minimum Age Requirement

JamStream is intended for users aged 13 and older. Users under 18 must have parental consent where required by local law. Users under 13 are strictly prohibited from creating accounts. We enforce this requirement through:

• Mandatory date-of-birth verification at signup
• Age-appropriate design defaults consistent with the UK Age-Appropriate Design Code, California AADC, and Irish DPC fundamentals
• Automated flagging of accounts that, through reported birthdate or content analysis, appear to belong to underage users
• An audit log of underage signup attempts (collection: ageRejectionLog) retained for compliance review

If you believe an account belongs to a child under 13, please report it to safety@jamstream.live.

4. Automated Detection — PhotoDNA & Sightengine

Every image uploaded to JamStream — including profile photos and concert cover images — is automatically scanned by two independent systems running in parallel before the image becomes visible to other users:

• Microsoft PhotoDNA Cloud Service. The image is hashed using PhotoDNA's robust perceptual-hashing algorithm and compared against the combined databases of NCMEC, Cybertip.ca, the IWF, and Thorn. PhotoDNA identifies known previously-classified CSAM with high accuracy. JamStream uses PhotoDNA Cloud Service SDK v1.05.001 or later.
• Sightengine AI-based screening. The image is also scanned by Sightengine's nudity-2.1, weapon, offensive-2.0, gore-2.0, and face-age models, which detect novel (previously unseen) CSAM, age-inappropriate content, and other prohibited material that hash-matching alone cannot catch.

If either system flags the image as CSAM or potential CSAM, the image is immediately removed from the live user interface (but preserved as evidence — see § 7), the uploading user's account is flagged for human review (typically within minutes), and an internal critical-priority alert is dispatched to the JamStream compliance team.

This scanning is mandatory for the operation of the Service and applies to all uploaded images regardless of user consent preferences. It is performed solely for the purposes of (a) preventing illegal content, (b) protecting minors, and (c) complying with our legal reporting obligations.

5. Human Review & Action

When the automated systems flag content as CSAM or suspected CSAM, the JamStream compliance team performs a human review within target SLAs (see § 13). The reviewer:

• Examines the flagged content (which has already been removed from the live UI)
• Reviews the uploading account's full history (other uploads, chat messages, room participation, payment history, IP address, device fingerprint where available)
• Determines the appropriate severity classification: confirmed CSAM, suspected/borderline, false positive
• For confirmed CSAM and suspected CSAM cases: triggers the mandatory NCMEC report (§ 6), permanent account termination (§ 9), and evidence preservation (§ 7)
• For false positives: clears the flag, restores the content, and feeds the data point to scanner-tuning where appropriate

6. Mandatory NCMEC CyberTipline Reporting

JAMSTREAM LTD is a registered Electronic Service Provider with NCMEC (registration: JAMSTREAMLTD). As required by 18 U.S.C. § 2258A, we report all confirmed CSAM detections — and where we have actual knowledge of facts or circumstances from which a violation of federal CSAM laws is apparent — to the NCMEC CyberTipline.

Reporting timing: "As soon as reasonably possible" after obtaining actual knowledge, which we operationalize as within 24 hours of automated detection or human-review confirmation. Where the reviewing analyst is unavailable, the report is filed at the next opportunity, with internal escalation logged.

Reporting contents: Each CyberTipline report includes the image itself, the user's username, email address (if available), account creation date, IP address (if available), the date and time of detection, the PhotoDNA hash match details (source database, match ID), the Sightengine score, the action taken (account suspended, image removed, evidence preserved), and any additional contextual information requested by the form.

Where applicable, parallel reports are filed with regional child-safety hotlines (e.g. the IWF for UK-resident users) and competent law enforcement.

7. Evidence Preservation

In compliance with 18 U.S.C. § 2258A(h) and (i), JamStream preserves all evidence relating to a CSAM detection for a minimum of 90 days from the date of the CyberTipline report, extended to one year on request from NCMEC, law enforcement, or where ongoing legal process requires it. Preserved evidence includes:

• The original image file (Firebase Storage object retained — not deleted)
• The Firestore csamReports document containing the full detection record
• The PhotoDNA hash, match source database, match ID, and timestamp
• The Sightengine raw response and score breakdown
• The uploading user's account snapshot at time of detection (username, email, registration data, IP, device fingerprint where available)
• The complete chain-of-custody log: who reviewed it, when, and what action was taken

The csamReports Firestore document is retained indefinitely as legal proof of our reporting compliance. The Storage object file is retained for the minimum 90-day window and may be deleted thereafter, subject to any extension request.

8. Confidentiality (18 U.S.C. § 2258A(h))

Federal law prohibits JamStream from notifying a user that they have been reported to NCMEC. Specifically, 18 U.S.C. § 2258A(h) provides that "no provider may make public the fact that a report has been made under this section." JamStream complies strictly: where an account is terminated due to a CSAM detection, the user receives a generic suspension notification ("CSAM policy violation, account terminated") without reference to the CyberTipline report or any law enforcement involvement.

JamStream employees with access to CSAM evidence are bound by confidentiality agreements and are trained on this requirement. Improper disclosure may constitute a federal offense.

9. Account Termination & Permanent Ban

Any account associated with confirmed CSAM is immediately and permanently terminated. The terminated account:

• Is permanently banned (no appeal accepted — see Terms of Service §15)
• Has all User Content removed from the public interface (with evidence preserved per § 7)
• Has any associated Coin balance forfeited; refunds are not provided for CSAM-related terminations
• Has any pending or held creator payouts forfeited where there is a reasonable basis to believe the payout is connected to prohibited activity
• Is added to internal hash-based blocklists to prevent re-registration with the same email, phone, payment method, or device fingerprint

Where the same individual is identified attempting to register from a different account, those subsequent accounts are also terminated and may be added to the CyberTipline report as related accounts.

10. Cooperation with Law Enforcement

JamStream cooperates fully with law enforcement investigations involving CSAM, in compliance with 18 U.S.C. § 2258A(g) (immunity for good-faith reporting and disclosure to NCMEC and law enforcement). Requests for evidence preservation extensions, additional information, or copies of preserved materials should be directed to legal@jamstream.live with appropriate legal process.

JamStream will not disclose evidence to private parties or other non-governmental entities except as required by court order or as expressly authorized by NCMEC.

11. Trusted Flagger Channel — How to Report to Us

Recognized child-safety organizations (NCMEC, IWF, INHOPE-member hotlines, national law enforcement child-safety units, and similar) may notify JamStream of suspected CSAM or child exploitation on our platform via our dedicated trusted-flagger channel:

This channel is reviewed directly by JamStream's compliance lead (currently the company founder). Notifications sent to this channel are not filtered through general abuse triage and receive the highest internal priority. Please include in your notification: a URL or identifier for the suspected content (e.g. concert ID, user profile URL), a brief description of what you observed, your organization, and any reference number from your case management system.

12. How Users Can Report Concerns

Any JamStream user (or non-user) who observes suspected CSAM, sexual content involving a minor, grooming behavior, or any child-safety concern on the platform should report it immediately:

• From within the platform: Use the in-app Report button on the relevant profile, message, or content (route: ⋮ menu → Report → "Child safety concern")
• By email: safety@jamstream.live (monitored 7 days a week)
• Directly to NCMEC: If you believe a child is in imminent danger, contact cybertipline.org or call 1-800-843-5678 (US) immediately. For non-US reports, see § 14.

You may report anonymously. Reports made in good faith are immune from civil liability under 18 U.S.C. § 2258B and similar laws in other jurisdictions.

13. Internal Procedure & SLAs

JamStream's internal CSAM-response procedure is governed by the following SLAs:

• Automated detection → image removal from live UI: within seconds (synchronous to Cloud Function execution)
• Critical-priority alert dispatched to compliance team: within minutes of detection
• Human review of automated flag: within 24 hours of alert (best effort: same business day)
• CyberTipline report filed for confirmed CSAM: within 24 hours of human-review confirmation
• Trusted-flagger notification acknowledged: within 24 hours
• Trusted-flagger notification actioned: within 72 hours (same-day for clear cases)
• Account termination on confirmed CSAM: immediate upon human confirmation
• Evidence preserved: minimum 90 days from CyberTipline report, indefinitely for the csamReports Firestore record

14. Other Hotlines & Resources

If you observe child sexual exploitation outside JamStream or wish to report independently of our channel, the following hotlines accept reports:

• NCMEC CyberTipline (US): cybertipline.org · 1-800-843-5678
• Cybertip.ca (Canada): cybertip.ca
• IWF (UK and worldwide): iwf.org.uk
• INHOPE (International network of hotlines): inhope.org — find your local hotline
• 105 (Israel) — Israel Police Cyber Unit: Online reporting and emergency line for online child safety in Hebrew, English, Arabic, and Russian
• EU INHOPE network: Reports for EU member states route through national hotlines

15. Transparency Reporting

JamStream is committed to operational transparency. As our user base grows, we will publish annual transparency reports including: total number of automated CSAM scans performed, total positive detections, total NCMEC reports filed, average time-to-report, average time-to-acknowledgement for trusted-flagger notifications, and total law enforcement requests received and processed. The first transparency report will be published once we exceed 10,000 monthly active users or upon NCMEC's request, whichever is earlier.

16. Updates to This Policy

JamStream may update this Policy from time to time to reflect changes in law, technology, or our practices. Material changes will be announced via in-app notification and on jamstream.live. The "Last Updated" date at the top of this Policy indicates when the most recent changes took effect.

17. Contact Information

Child safety / Trusted-flagger reports: safety@jamstream.live

General abuse reports: abuse@jamstream.live

Legal process / Law enforcement: legal@jamstream.live

Data protection (privacy): privacy@jamstream.live

Postal address: ג'אמסטרים בע"מ (JAMSTREAM LTD), Havatselet 6, Kiryat Yam, Israel · ח.פ. 517333407