aiAllure Logo

Risk Policy & Prevention Measures

Last Updated: February 24, 2026

This document identifies the key risks associated with operating an AI-generated content platform, the prevention measures implemented to address each risk, and the responsible parties for each area. This policy is a core component of our corporate compliance framework under EU and Czech law.

Risk 1: Child Sexual Abuse Material (CSAM)

SeverityCritical
DescriptionRisk that users may attempt to generate AI content depicting minors in exploitative contexts.
Prevention Measures
  • Prompt filtering with keyword blocklists for minor-related content
  • AI output scanning for age-inappropriate content characteristics
  • Zero-tolerance enforcement: immediate ban + law enforcement referral
  • Mandatory reporting to relevant authorities: NCMEC (US), Europol, INHOPE, and Czech Police (Policie ČR) per Directive 2011/93/EU
  • Age verification requirement (18+) for all users
ResponsibleCTO (technical controls), Compliance Officer (enforcement & reporting)

Risk 2: Non-Consensual Intimate Content / Deepfakes

SeverityCritical
DescriptionRisk that AI-generated content could depict real, identifiable persons in intimate or compromising scenarios without consent.
Prevention Measures
  • Limited reference image uploads (via IdentityForge™) are subject to mandatory automated age verification, celebrity detection, and face validation before processing
  • All visual output content is generated from AI models; user-uploaded reference images are used solely as stylistic references and are never displayed publicly
  • Name-based filtering for known public figures and celebrities
  • Prompt injection filtering for identity-replication attempts
  • Abuse reporting system with expeditious response without undue delay
  • Immediate takedown upon valid identity-misuse complaint
ResponsibleCTO (technical filters), Compliance Officer (takedowns), Legal (response to complaints)

Risk 3: Identity Misuse & Impersonation

SeverityHigh
DescriptionRisk that users create AI companions or content that impersonates real individuals for fraud, harassment, or defamation.
Prevention Measures
  • Prohibited Use Policy explicitly forbids impersonation
  • Community Guidelines reinforce prohibition
  • User-facing report button on all content
  • Fast-track takedown process for identity complaints
  • User consent acknowledgment on account creation
ResponsibleModeration Team (review), Legal (takedown compliance)

Risk 3a: Non-Consensual Intimate Deepfakes (§193b)

SeverityCritical
DescriptionRisk that users exploit IdentityForge™ or other features to create non-consensual intimate synthetic imagery (“deepfakes”) of identifiable persons, constituting a criminal offense under Czech Criminal Code §193b (Act No. 40/2009 Coll.), EU AI Act Art. 50(2), Czech Civil Code §81–90 (personality rights), and similar laws in other jurisdictions (e.g., UK Online Safety Act 2023).
Prevention Measures
  • Mandatory automated age verification, celebrity detection, and face validation on all uploaded reference images before processing
  • IdentityForge™ limited to premium tiers with identity-linked accounts (traceable users)
  • Explicit user warranty that uploaded images depict only themselves or a consenting adult
  • No Redistribution clause in Terms of Service — IdentityForge™ content is for private, personal use only
  • Third-party depicted person takedown rights — any person can request removal of content depicting their likeness without an account
  • Expeditious response without undue delay for depicted person complaints
  • AI content provenance/watermarking measures (metadata labeling, invisible watermarks, C2PA compliance roadmap)
  • Active cooperation with Czech Police (Česká policie), Europol, and INHOPE for deepfake-related offenses
  • Immediate account termination, permanent ban, and law enforcement referral for violations
ResponsibleCTO (technical safeguards & watermarking), Compliance Officer (takedowns & law enforcement liaison), Legal (regulatory compliance & victim support), DPO (data erasure for depicted persons)

Risk 4: Illegal Content Generation

SeverityHigh
DescriptionRisk that users use AI to generate content promoting terrorism, violence, drug manufacturing, or other criminal activities.
Prevention Measures
  • LLM safety system prompts that refuse harmful requests
  • Content filtering on AI outputs before delivery to user
  • Automated flagging of suspicious prompt patterns
  • Moderation review pipeline for flagged content
  • Law enforcement cooperation procedures
ResponsibleCTO (AI safety), Moderation Team (review), Legal (law enforcement liaison)

Risk 5: Copyright & IP Infringement

SeverityMedium
DescriptionRisk that AI-generated content inadvertently or intentionally reproduces copyrighted characters, works, or trademarked material.
Prevention Measures
  • Copyright & Takedown Policy compliant with EU Copyright Directive (2001/29/EC, 2019/790) and US DMCA
  • Prompt filtering for well-known copyrighted character names
  • Repeat infringer policy with account termination
  • Counter-notification / objection process per EU and US requirements
ResponsibleLegal (copyright compliance, EU & DMCA), CTO (technical filters)

Risk 6: Data Protection & Privacy

SeverityMedium
DescriptionRisk of personal data breaches, non-compliance with GDPR/CCPA, or improper handling of user data.
Prevention Measures
  • Privacy Policy compliant with GDPR and CCPA
  • Data retention policy with defined periods and deletion procedures
  • Encryption of data in transit (TLS) and at rest
  • User rights portal (access, deletion, portability)
  • Data processing agreements with third-party vendors
  • Regular security audits
ResponsibleCTO (infrastructure security), DPO (data protection compliance), Legal (policy)

Risk 7: Platform Abuse & Fraud

SeverityMedium
DescriptionRisk of automated abuse, ban evasion, payment fraud, or misuse of the platform for commercial spam.
Prevention Measures
  • Rate limiting on all API endpoints
  • FingerprintJS for device identification and ban evasion detection
  • Payment fraud detection via payment processors
  • Automated spam and bot detection
  • Account verification requirements
ResponsibleCTO (technical controls), Finance (payment fraud)

Governance & Review

This risk policy is reviewed and updated:

  • Quarterly: Regular review of risk assessments and prevention measure effectiveness
  • After incidents: Post-incident review with updated mitigation measures
  • On regulatory change: When relevant laws or regulations are updated
  • Annually: Comprehensive risk policy audit

Assigned Responsibilities

RoleResponsibilities
CEO / Managing DirectorOverall corporate liability, risk policy approval, resource allocation
CTOTechnical safety controls, AI model safety, infrastructure security
Compliance OfficerPolicy enforcement, moderation oversight, regulatory compliance, audit trail
Legal CounselLegal analysis, law enforcement cooperation, DMCA/takedown, policy drafting
Moderation TeamContent review, report handling, enforcement execution
DPOData protection compliance, GDPR/CCPA, breach notification

Contact

For questions about this risk policy:

Compliance: hello@aiallure.com
Legal: hello@aiallure.com

Novera Group s.r.o.
Rybná 716/24
CZ-110 00 Praha 1