legal: TOS + Privacy v1.2 — TAKE IT DOWN Act + iron-clad hardening #4

Merged

Sponge merged 1 commit from feature/legal into develop

2026-05-23 04:25:08 +00:00

Sponge commented

2026-05-23 03:26:44 +00:00

Owner

Summary

Two-round revision of the Terms of Service and Privacy Policy on 2026-05-22:

Round 1 (v1.1) — TAKE IT DOWN Act (Pub. L. 119-12) compliance representations + indemnification + Pollinations publication safeguards per user verbatim spec
Round 2 (v1.2) — Full iron-clad hardening pass across both documents to position Unity AI Lab for the hobby-to-startup transition with minimal lawyer rewrite on handoff

Both docs: Effective 2026-05-08 → 2026-05-22, Version v1.0 → v1.2. Existing section anchor IDs preserved so external links keep working.

Changes — Terms of Service (`redesign/terms-v1.jsx`)

Grew 17 → 19 top-level sections.

New § II Prohibited Conduct & User Representations — TAKE IT DOWN Act compliance reps, deepfakes/NCII prohibition, Pollinations publication framing, user-controlled safeguards
New § III User Content and Indemnification — transient-relay framing, broad indemnitee list, full statutory reach
§ I Acceptance — electronic acceptance binding (E-SIGN + UETA), waiver of unawareness defense, no-reliance + entire-agreement clause
§ VII Parents & Guardians — new "Parent & Guardian Binding by These Terms" sub-section with joint-and-several binding for any minor access (authorized or not)
§ IX Acceptable Use — bullets expanded 10 → 13 with explicit statutory citations (state deepfake laws, DMCA, Lanham, CFAA, CAN-SPAM, TCPA, COPPA, UK AADC, EU DSA, HIPAA/FERPA/GLBA/PCI-DSS/GDPR/CCPA)
§ X Warranty — no-regulatory-compliance + no-manner-of-access warranty disclaimers
§ XI Liability — "No Liability for Third-Party Services or User Misuse" sub-section; cross-refs IX → XI
§ XII Indemnification — expanded (a)-(f) → (a)-(i); survival clause
§ XVI Changes — full rewrite (unilateral no-notice change right, periodic-review obligation, posting = exclusive notice, continued use = binding acceptance, applies to minors/guardians/agents)
§ XVIII Misc — no-reliance, 1-year time-bar, electronic communications consent, no-third-party-beneficiaries, independent counsel (no contra-proferentem)

Changes — Privacy Policy (`redesign/privacy-v1.jsx`)

17 sections retained; additions are mostly h3 sub-sections + paragraph additions.

§ IV — third-party-scoping disclaimer (Pollinations + upstreams + Cloudflare + GitHub Pages); user assumes all risk of third-party handling
§ VII — two new h3 sub-sections: "Data Generated by the Service" (accurate Worker→Pollinations transient-relay framing — fixes the contradictory "client-side" claim) + "No Collection of Personal Data for AI Training" (Unity AI Lab doesn't train; no warranty about Pollinations or upstream training/retention)
§ XIII Security — "No warranty of security" paragraph (explicit disclaimer of duty to meet any particular standard — ISO 27001, SOC 2, PCI-DSS, HIPAA Security Rule, NIST 800-53)
§ XVI Changes — full rewrite matching TOS § XVI

Other changes

Cache-bust on terms.html + privacy.html bumped ?v=20260508a → ?v=20260522a
docs/FINALIZED.md — comprehensive verbatim audit-trail entry per LAW #0

Test plan

/terms → Effective 2026-05-22, Version v1.2
TOC shows 19 entries; §§ II + III visible
§ I has 5 paragraphs (was 3) — electronic acceptance + no-reliance landed
§ VII shows new "Parent & Guardian Binding" h3 + 4-bullet list
§ IX bullet list shows ~13 items with state deepfake statute citations
§ X shows new regulatory + manner-of-access warranty disclaimers
§ XI cross-references read "Section XI"
§ XII (a)-(i) categories + survival clause
§ XVI multi-paragraph hardened rewrite
§ XVIII shows 5 new clauses
/privacy → Effective 2026-05-22, Version v1.2
§ IV ends with third-party-scoping paragraph
§ VII ends with two new h3s
§ XIII shows "No warranty of security"
§ XVI multi-paragraph hardened rewrite
No console errors / Babel parse errors on either page

Out of scope (flagged for attorney review post-incorporation)

TAKE IT DOWN Act "covered platform" applicability — unsettled; transient-relay architecture has a real out-of-scope argument; doc operates as if covered to be defensive
Mass-arbitration mitigations (batching protocols, fee-shifting) — for attorney to add pre-startup launch
Section 230 invocation — deliberately not added; AI / Section 230 unsettled across the industry
Incorporation of Unity AI Lab as a legal entity (WY LLC recommended) — single highest-leverage non-TOS legal action
Insurance (Tech E&O + general liability + cyber, ~$800-1500/yr at hobby scale)

Reference

Comprehensive legal & startup-formation reference doc set was written out-of-repo to /run/media/sponge/HDD2/Documents/UnityAILab/ (12 documents, ~15,500 words) — kept intentionally separate from this public site repo. Covers: WY-vs-DE incorporation playbook, multi-state founder rules, tax-structure decision, founder equity + OA scaffolding, company expenses + asset purchases (Section 179), operational complements (takedown, insurance, DMCA, incident response), TAKE IT DOWN Act applicability analysis, draft Law Enforcement Notice page, pre-attorney + pre-CPA checklists.

## Summary Two-round revision of the Terms of Service and Privacy Policy on 2026-05-22: 1. **Round 1 (v1.1)** — TAKE IT DOWN Act (Pub. L. 119-12) compliance representations + indemnification + Pollinations publication safeguards per user verbatim spec 2. **Round 2 (v1.2)** — Full iron-clad hardening pass across both documents to position Unity AI Lab for the hobby-to-startup transition with minimal lawyer rewrite on handoff Both docs: Effective `2026-05-08 → 2026-05-22`, Version `v1.0 → v1.2`. Existing section anchor IDs preserved so external links keep working. ## Changes — Terms of Service (`redesign/terms-v1.jsx`) Grew 17 → 19 top-level sections. - **New § II Prohibited Conduct & User Representations** — TAKE IT DOWN Act compliance reps, deepfakes/NCII prohibition, Pollinations publication framing, user-controlled safeguards - **New § III User Content and Indemnification** — transient-relay framing, broad indemnitee list, full statutory reach - **§ I Acceptance** — electronic acceptance binding (E-SIGN + UETA), waiver of unawareness defense, no-reliance + entire-agreement clause - **§ VII Parents & Guardians** — new "Parent & Guardian Binding by These Terms" sub-section with joint-and-several binding for any minor access (authorized or not) - **§ IX Acceptable Use** — bullets expanded 10 → 13 with explicit statutory citations (state deepfake laws, DMCA, Lanham, CFAA, CAN-SPAM, TCPA, COPPA, UK AADC, EU DSA, HIPAA/FERPA/GLBA/PCI-DSS/GDPR/CCPA) - **§ X Warranty** — no-regulatory-compliance + no-manner-of-access warranty disclaimers - **§ XI Liability** — "No Liability for Third-Party Services or User Misuse" sub-section; cross-refs IX → XI - **§ XII Indemnification** — expanded (a)-(f) → (a)-(i); survival clause - **§ XVI Changes** — full rewrite (unilateral no-notice change right, periodic-review obligation, posting = exclusive notice, continued use = binding acceptance, applies to minors/guardians/agents) - **§ XVIII Misc** — no-reliance, 1-year time-bar, electronic communications consent, no-third-party-beneficiaries, independent counsel (no contra-proferentem) ## Changes — Privacy Policy (`redesign/privacy-v1.jsx`) 17 sections retained; additions are mostly h3 sub-sections + paragraph additions. - **§ IV** — third-party-scoping disclaimer (Pollinations + upstreams + Cloudflare + GitHub Pages); user assumes all risk of third-party handling - **§ VII** — two new h3 sub-sections: "Data Generated by the Service" (accurate Worker→Pollinations transient-relay framing — fixes the contradictory "client-side" claim) + "No Collection of Personal Data for AI Training" (Unity AI Lab doesn't train; no warranty about Pollinations or upstream training/retention) - **§ XIII Security** — "No warranty of security" paragraph (explicit disclaimer of duty to meet any particular standard — ISO 27001, SOC 2, PCI-DSS, HIPAA Security Rule, NIST 800-53) - **§ XVI Changes** — full rewrite matching TOS § XVI ## Other changes - Cache-bust on `terms.html` + `privacy.html` bumped `?v=20260508a → ?v=20260522a` - `docs/FINALIZED.md` — comprehensive verbatim audit-trail entry per LAW #0 ## Test plan - [ ] `/terms` → Effective 2026-05-22, Version v1.2 - [ ] TOC shows 19 entries; §§ II + III visible - [ ] § I has 5 paragraphs (was 3) — electronic acceptance + no-reliance landed - [ ] § VII shows new "Parent & Guardian Binding" h3 + 4-bullet list - [ ] § IX bullet list shows ~13 items with state deepfake statute citations - [ ] § X shows new regulatory + manner-of-access warranty disclaimers - [ ] § XI cross-references read "Section XI" - [ ] § XII (a)-(i) categories + survival clause - [ ] § XVI multi-paragraph hardened rewrite - [ ] § XVIII shows 5 new clauses - [ ] `/privacy` → Effective 2026-05-22, Version v1.2 - [ ] § IV ends with third-party-scoping paragraph - [ ] § VII ends with two new h3s - [ ] § XIII shows "No warranty of security" - [ ] § XVI multi-paragraph hardened rewrite - [ ] No console errors / Babel parse errors on either page ## Out of scope (flagged for attorney review post-incorporation) - TAKE IT DOWN Act "covered platform" applicability — unsettled; transient-relay architecture has a real out-of-scope argument; doc operates as if covered to be defensive - Mass-arbitration mitigations (batching protocols, fee-shifting) — for attorney to add pre-startup launch - Section 230 invocation — deliberately not added; AI / Section 230 unsettled across the industry - Incorporation of Unity AI Lab as a legal entity (WY LLC recommended) — single highest-leverage non-TOS legal action - Insurance (Tech E&O + general liability + cyber, ~$800-1500/yr at hobby scale) ## Reference Comprehensive legal & startup-formation reference doc set was written out-of-repo to `/run/media/sponge/HDD2/Documents/UnityAILab/` (12 documents, ~15,500 words) — kept intentionally separate from this public site repo. Covers: WY-vs-DE incorporation playbook, multi-state founder rules, tax-structure decision, founder equity + OA scaffolding, company expenses + asset purchases (Section 179), operational complements (takedown, insurance, DMCA, incident response), TAKE IT DOWN Act applicability analysis, draft Law Enforcement Notice page, pre-attorney + pre-CPA checklists.

Sponge added 1 commit

2026-05-23 03:26:44 +00:00

legal(tos+privacy): v1.2 — TAKE IT DOWN Act CYA + iron-clad hardening pass 6fc4da0083

Two-round revision of the Terms of Service and Privacy Policy on
2026-05-22 to (a) add the user-specified TAKE IT DOWN Act (Pub. L. 119-12)
compliance representations, indemnification language, and Pollinations
publication safeguards, and (b) perform a full iron-clad hardening pass
across both documents to position Unity AI Lab for the hobby-to-startup
transition with minimal lawyer rewrite on handoff.

TOS changes (redesign/terms-v1.jsx):
  - Grew 17 → 19 top-level sections; existing #tos-* anchors preserved
  - New §II Prohibited Conduct & User Representations (TAKE IT DOWN Act,
    deepfakes/NCII, Pollinations safeguards, user reps)
  - New §III User Content and Indemnification (transient-relay framing,
    broad indemnitee list, full statutory reach)
  - §I Acceptance: electronic acceptance binding (E-SIGN + UETA), waiver
    of unawareness defense, no-reliance + entire-agreement
  - §VII Parents & Guardians: joint-and-several binding sub-section for
    any minor access (authorized or not); guardian indemnifies on §III
    + §XII terms; explicit waiver on guardian + minor's behalf
  - §IX Acceptable Use: bullets expanded 10→13 with explicit statutory
    citations (state deepfake laws, DMCA + Lanham, CFAA, CAN-SPAM + TCPA,
    COPPA + UK AADC + EU DSA, HIPAA/FERPA/GLBA/PCI-DSS/GDPR/CCPA)
  - §X Warranty: added no-regulatory-compliance + no-manner-of-access
    warranty disclaimers
  - §XI Liability: added "No Liability for Third-Party Services or User
    Misuse" sub-section; cross-references updated IX→XI
  - §XII Indemnification: expanded (a)-(f) → (a)-(i); survival clause
  - §XVI Changes: full rewrite — unilateral no-notice change right,
    user-side periodic-review obligation, posting = exclusive notice,
    continued use = binding acceptance, applies to minors/guardians/agents
  - §XVIII Misc: added no-reliance, 1-year time-bar, electronic
    communications consent, no-third-party-beneficiaries, independent
    counsel (no contra-proferentem)

Privacy changes (redesign/privacy-v1.jsx):
  - §IV: added third-party-scoping disclaimer (Pollinations + upstreams +
    Cloudflare + GitHub Pages); user assumes all risk of third-party
    handling
  - §VII: added two new <h3> sub-sections — "Data Generated by the
    Service" (accurate Worker→Pollinations transient-relay framing — no
    more contradictory "client-side" claim) + "No Collection of Personal
    Data for AI Training" (Unity AI Lab doesn't train; no warranty about
    Pollinations or upstream training/retention)
  - §XIII Security: added "No warranty of security" paragraph (explicit
    disclaimer of duty to meet any particular standard — ISO 27001, SOC 2,
    PCI-DSS, HIPAA Security Rule, NIST 800-53)
  - §XVI Changes: full rewrite matching TOS §XVI

Both docs: Effective 2026-05-08 → 2026-05-22, Version v1.0 → v1.2
Cache-bust: terms.html + privacy.html ?v=20260508a → ?v=20260522a

FINALIZED: docs/FINALIZED.md (verbatim user direction across multiple
revision rounds, full section-by-section change record, defensive
structure summary, architectural facts confirmed, follow-up flags).

Reference doc set written out-of-repo to
/run/media/sponge/HDD2/Documents/UnityAILab/ (12 documents,
~15,500 words) covering legal posture, incorporation playbook (WY vs
DE), multi-state founder rules, tax structure decision matrix, founder
equity + OA scaffolding, company expenses + asset purchases,
operational complements, TAKE IT DOWN Act analysis, LEO notice draft,
pre-lawyer/pre-CPA checklists.

Sponge merged commit 5b6abb79c7 into develop

2026-05-23 04:25:08 +00:00

Sponge referenced this pull request from a commit

2026-05-23 04:25:08 +00:00

Merge pull request 'legal: TOS + Privacy v1.2 — TAKE IT DOWN Act + iron-clad hardening' (#4) from feature/legal into develop