Spinboss Protect operates under a documented compliance posture aligned with the principal regulatory frameworks applicable to its activities, including the EU Digital Services Act, the U.S. DMCA, the GDPR, the UK GDPR, the UK Online Safety Act, ICANN registrar abuse coordination practice, and M3AAWG sender best practice.
EFFECTIVE · 2026-01-01 · VERSION 2.1
Operations follow the trusted-flagger principles of the EU Digital Services Act where applicable, the notice-and-takedown framework of the U.S. DMCA in respect of U.S.-hosted matters, and the InfoSoc Directive for EU-hosted matters. Data processing is conducted under the GDPR and equivalent frameworks.
Material infrastructure changes pass through paired-approval change control with an immutable change log. The operators who dispatch correspondence do not control the signing keys; the operators who hold the keys do not draft correspondence; audit functions are independent of both.
Correspondence and operational logs are retained under documented retention windows. Where a matter remains open, retention is extended for the duration of the matter and for such additional period as is necessary for the exercise or defence of legal claims.
Routine transparency reports document volume, counterparty categories, average acknowledgement windows, and significant operational events. Reports do not disclose the identities of complainants or respondents.
Operational and authentication posture is subject to periodic external review under a documented scope and cadence. Findings and remediations are recorded in the change log.