All legal documents
Legal & Compliance
Trust & Safety / Content Moderation Policy
Version1.0UpdatedMay 30, 2026Reading time6 min read
1. Purpose
This policy describes how FlowFn keeps the Service safe for users and third parties. It explains what content is prohibited, how we detect and respond to violations, how anyone can report content of concern, and how we cooperate with law enforcement and child-safety authorities. It supplements (and does not replace) our Terms of Service, Acceptable Use Policy, and DMCA & Copyright Takedown Policy.
2. Prohibited Content
Regardless of how the content is created, stored, or transmitted (workflows, files, forms, visualizers, Playgrounds, Playground assets, Playground Data Sheets, Playground visitor-uploaded files, Playground visitor-written sheet rows, Agents and Agent system prompts / task instructions / branding, Agent visitor chat messages submitted through public Agent widgets or webhooks, AI outputs, integrations, messages sent through the Service), the following are prohibited: (a) child sexual abuse material (CSAM) or any content that sexualises minors; (b) content that incites or facilitates terrorism, mass violence, or genocide; (c) sexual content depicting real persons without their consent (including non-consensual intimate imagery and AI-generated deepfakes); (d) content that promotes self-harm or suicide; (e) malicious software, ransomware, exploit kits, drive-by exploits, browser-fingerprinting beyond the stated purpose of a Playground, cryptocurrency miners, or instructions for unlawful intrusion; (f) coordinated harassment, doxxing, or threats targeting specific individuals; (g) content that infringes intellectual property rights (handled separately under our DMCA policy); (h) content that violates applicable export controls, sanctions, or anti-money-laundering laws; and (i) content prohibited by our Acceptable Use Policy.
3. How to Report
Anyone (user or non-user) may report content or behaviour that violates this policy by emailing legal@flowfn.com with: (a) a description of the issue; (b) where the content is located on the Service (public URL, account, workflow, file, form, visualizer, Playground slug or embed URL, Agent slug or embed URL where known); (c) why the reporter believes it violates this policy; and (d) the reporter's contact details. We acknowledge reports within 2 business days and aim to take action on credible reports within 7 business days, prioritised by severity. Reports concerning imminent harm should be marked URGENT in the subject line and will be triaged within 24 hours.
4. Action We May Take
Depending on severity and pattern, we may: (a) remove or restrict access to specific content; (b) restrict or revoke specific features for the affected account; (c) suspend or terminate the affected account, in line with the Termination clause of our Terms of Service; (d) preserve relevant records to assist law-enforcement or regulator investigations; (e) report to NCMEC (in the case of suspected child sexual abuse material), the Singapore Police Force, the SingCERT, or other competent authorities as required or permitted by law; and (f) where a third party is named or harmed, share information necessary to address the issue, subject to applicable data-protection laws.
5. CSAM and Child Safety
FlowFn has zero tolerance for child sexual abuse material. Where we detect or receive a credible report of CSAM, we will: (a) immediately preserve and remove the content from the user-accessible Service; (b) report the matter to the U.S. National Center for Missing & Exploited Children (NCMEC) in line with 18 U.S.C. § 2258A where applicable, and to the relevant Singapore authorities and other competent authorities of the user's location; (c) terminate the responsible accounts; and (d) preserve evidence in line with applicable law. We do not require a court order to act on credible CSAM reports.
5A. Playground Visitor-Submitted Content
Playgrounds can be configured by their owner to accept files and sheet rows from anonymous visitors (via the flowfn.upload primitive and the public flowfn.data.insert / update / delete primitives). When a visitor submits content that appears to violate this policy: (a) the Playground owner remains the primary moderator of that content — they can delete uploads from the dashboard's Uploads pane and rows from the Sheet Manager, and are required by the Acceptable Use Policy to monitor what visitors submit; (b) anyone (including a visitor who submitted the content and later wishes to retract it) may report the content to legal@flowfn.com using the same report channel and timelines described in Section 3, including the Playground slug and, where known, the upload id or row id; (c) we may, in addition to the actions in Section 4, disable the visitor-upload toggle or the per-sheet public-write toggles for the affected Playground or Sheet without disabling the whole Playground; (d) for suspected CSAM in visitor uploads we follow the zero-tolerance process in Section 5 in full, including immediate preservation, removal, NCMEC report, and termination of the responsible accounts (which may include the Playground owner where they failed to act on a credible report); and (e) repeated visitor abuse of a single Playground without the owner's intervention may itself be treated as a violation by the Playground owner under the Acceptable Use Policy.
5B. Agent Authored Content and Visitor Chat
Interactive Agents can be embedded on third-party websites or published at FlowFn-hosted public URLs, and accept chat messages from anonymous visitors. Webhook Agents accept payloads from third-party platforms at a FlowFn-hosted URL. When an Agent's owner-authored content (name, description, system prompt / task instructions, calibration, branding strings, allowed-tool selection) appears to violate this policy, FlowFn may automatically or upon admin review (i) flag the Agent for review without affecting its operation, (ii) for higher-severity verdicts, force the Agent's public URL to be non-public and the embed widget to be disabled until the content is corrected, or (iii) for admin-confirmed violations, sticky-block the Agent until an admin lifts the block. The Agent owner is notified by email when an automated high-severity verdict is applied or an admin manually blocks. When a visitor chat message or webhook payload sent to a public Agent surface appears to violate this policy: (a) the Agent owner remains the primary moderator of conversations their Agent receives, and is required by the Acceptable Use Policy to monitor that activity; (b) anyone (including a visitor who later wishes to retract a message) may report the content to legal@flowfn.com using the channel and timelines in Section 3, including the Agent slug or embed URL and, where known, the run id; (c) we may, in addition to the actions in Section 4, disable embed on the affected Agent, restrict its allowed-domains list, or revoke the public URL without disabling the Agent itself; (d) for suspected CSAM we follow the zero-tolerance process in Section 5 in full; and (e) repeated visitor abuse of a single Agent without the owner's intervention may itself be treated as a violation by the Agent owner under the Acceptable Use Policy. AI-generated Agent responses are owner content for the purposes of this policy — Agent owners are responsible for what their configured Agent produces, just as workflow owners are responsible for the steps their workflows take.
6. AI-Generated and Synthetic Content
Our prohibitions apply equally to content generated using AI features within the Service. Users remain solely responsible for AI outputs they create, store, or distribute. Where AI outputs depict identifiable real persons in misleading ways or impersonate them without disclosure, we may remove the content and restrict the responsible account, in addition to any rights available under intellectual-property and personality-rights laws.
7. Appeals
If your content was removed or your account was restricted under this policy and you believe the action was incorrect, you may appeal. Where an automated moderation check has blocked one of your items (for example a workflow, form, or agent), the affected item shows a moderation banner in your dashboard with a "Request human review" action — using it opens a review request that our team actions. For other actions, or where no in-app banner is available, email legal@flowfn.com within 30 days. We review appeals in good faith and, where possible, respond within 14 business days. Appeals do not pause action taken to address imminent harm or unlawful content.
8. Cooperation with Authorities
We cooperate with valid legal process and may disclose user information and content to law enforcement, regulators, or courts where required by law or where necessary to protect the safety of users, third parties, or the public, in accordance with our Privacy Policy and applicable data-protection laws.
9. Updates
We may update this policy as the Service evolves and as best practices in trust and safety develop. Material changes will be notified through the Service or by email.
10. Contact
For trust-and-safety reports, content concerns, and questions about this policy, contact legal@flowfn.com. For copyright-specific takedown notices, see our DMCA & Copyright Takedown Policy.