← ChatClusive
EN
EspañolEnglishPortuguês
Legal

Compliance

Last updated: June 11, 2026

ChatClusive is built compliance-first: the controls described here are part of the product, not promises bolted on afterwards. This page summarizes how we approach AI disclosure, auditability, output safety, and data protection.

1. AI disclosure and labeling

ChatClusive ships configurable disclosure modes so each creator can match the rules of their platform and the jurisdictions of their fans. No mode ever claims the AI is a human: modes either disclose, deflect without asserting humanity, or pause and hand the conversation to the creator.

Honest disclosure — a creator-approved message stating that AI assistance is involved — is our recommended default, and is the appropriate posture for fans in the EU and Brazil and for platforms whose terms require visible AI labeling.

2. Immutable audit log

Every action the assistant takes — generating drafts, creator approvals, sends, disclosure events, escalations — is recorded in a hash-chained, append-only audit log. The chain can be verified end-to-end, which makes the record tamper-evident and usable as evidence of what actually happened.

3. Output safety layer

Price floors and ceilings, send limits and link gating are enforced in code, outside the language model. A suggestion that violates a creator's hard rules cannot be sent, no matter what the model produced.

4. Risk classification hard-blocks

An automated risk classifier hard-blocks material involving minors, illegal content, threats, and doxxing. These blocks are not configurable and apply to every tenant. High-severity risk events can also automatically reduce an account's autonomy level back to suggest-only.

5. Encryption and tenant isolation

Fan messages are encrypted at rest with AES-256-GCM under per-tenant keys, and all data is encrypted in transit. Every query is scoped to a single tenant, so one customer's data is never visible to another.

6. Deletion attestations

When data is deleted on request, ChatClusive issues a signed deletion attestation: a canonical record of what was deleted, when, and for whom, with a cryptographic signature (HMAC-SHA-256) over its hash. The attestation is linked to the audit chain and can be verified by an external auditor — so a deletion claim is provable, not just asserted.

7. Questions

This page is a product description, not legal advice. For compliance questions, audits, or documentation requests, contact noslen.pena@gmail.com.