cr8rs Safety Policy

1. Account Security

• Passwordless Login: cr8rs uses a passwordless login system. Your account security is tied to your third-party login provider (e.g., Google). cr8rs strongly recommends enabling Two-Factor Authentication (2FA) on your Google account and on any social media or content platform accounts linked to cr8rs, as these can be a gateway to your cr8rs account.
• Wallet and Payment Account Security: Enable 2FA or PIN protection on your Khalti account and any bank account linked to cr8rs for payouts.
• Secure Your Email: The email tied to your cr8rs login should be protected with a strong password and 2FA. If someone gains control of your email, they may be able to access your cr8rs account.
• Monitor Account Activity: Regularly review your account activity and tip transactions on the dashboard. If you see transactions or withdrawals you do not recognize, contact support@cr8rs.app immediately.
• cr8rs Staff Will Never Ask for Your Password or Verification Code: If you receive a message claiming to be from cr8rs and requesting your password, OTP or sensitive details, it is a phishing attempt. Report it to support@cr8rs.app.

2. Payout Account Verification and AML Compliance

• Identity Verification: Linking your KYC-verified Khalti account or bank account is mandatory before withdrawals. This prevents impersonation and unauthorized fund access.
• Khalti Verification: The NPR 10 test transaction confirms that the Khalti account belongs to the person named on the cr8rs account. This amount is fully refundable upon verification or rejection (see §2.5.1).
• Bank Account Verification: Bank details are verified at the time of the first withdrawal. The name on the cr8rs account must match the name on the bank account.
• Transaction Monitoring: cr8rs's system monitors tipping transactions for unusual patterns (AML/CFT compliance). Unusual activity (e.g., very large tips from new Contributors, multiple rapid tips) may trigger a review and temporary hold. Such transactions may also be reported to payment processors or law enforcement authorities if required.
• Report Suspicious Activity: If someone offers you a large tip in exchange for sending a portion back to them - do not engage. This is a classic fraud scheme.

3. Secure Streaming Practices (For Creators)

• Protect Your Alert Widget URLs: Never share the unique URL or key for your cr8rs alert widget publicly.
• Public Display Awareness: Be mindful of what is visible when your cr8rs dashboard is shown publicly (e.g., during a live stream). Ensure your balance, email, or other private data is not visible to your audience. Use a dedicated alert widget view rather than your full dashboard.
• Moderate Tip Messages: If you use real-time tip alerts and notifications, enable moderation features (profanity filters) to prevent misuse of tip messages. cr8rs continues to expand content moderation tools available to Creators.

4. User Behavior and Content Safety

• No Sharing of Sensitive Data: Keep interactions on cr8rs focused on support and appreciation. Do not share or solicit sensitive personal information through tip messages or platform features.
• Avoid Off-Platform Deals: All tipping should happen through the official cr8rs system. Off-platform arrangements to avoid fees remove the safeguards and dispute resolution mechanisms cr8rs provides.
• Content Compliance: Creators must ensure that content funded by tips complies with platform rules and applicable laws. Contributors must not use tips to coerce Creators into breaking rules or performing unsafe acts.
• No Self-Harm or Harm to Others: If any user exhibits behavior that suggests self-harm or harm to others (e.g., a tip message that sounds like a cry for help), cr8rs may, if aware, reach out with resources or alert authorities if someone appears to be in imminent danger. We encourage community members to look out for each other.

5. Protecting Your Earnings (Creators)

• Keep Credentials Private: Do not share your cr8rs login with managers or others. If you have a team, contact cr8rs about role-based access features (if available) rather than sharing your account.
• Beware of Phishing: cr8rs communicates through official channels (emails from @cr8rs.app, @cr8.rs or @cr8rs.me domains). Be cautious of emails or messages claiming to be from cr8rs that request your credentials, verification codes or personal details.
• Payout Verification: When you set or change a payout method, double-check the details. cr8rs has checks in place (name matching and KYC verification) to prevent misdirected payouts, but always verify before submitting.

6. Compliance and Safety Checks

• Periodic Reviews: cr8rs may conduct periodic compliance checks and may ask Creators to reconfirm information or update KYC if documents have expired. Please cooperate with such requests to avoid disruption to your account.
• Account Suspension for Safety: If cr8rs detects fraudulent or highly suspicious activity, cr8rs may temporarily suspend an account to protect the user or others. For example, if a Creator's account is accessed from an unusual location and a withdrawal is attempted, cr8rs may pause withdrawals and verify with the Creator.
• Community Reporting: Safety is a shared responsibility. If you see something, say something. Use the report mechanisms and support email to report misuse, suspicious behavior or dangerous content.

7. Secure Development and Data Practices

cr8rs is committed to:

• Secure development practices (secure coding, regular code reviews, penetration testing).
• Minimum necessary access - staff only have access to data required for their role.
• Up-to-date encryption and security protocols.
• An incident response plan - affected users will be notified within 72 hours of a confirmed data breach, as described in §6.4.

In conclusion, the safety of our community is paramount. We continuously work to introduce features and improvements that further enhance security. Your suggestions are welcome at support@cr8rs.app.