Compliance & Risk

Compliance is addressed through a combination of technical controls and policy. The system minimizes exposure by avoiding custodial roles and by keeping personally identifiable information off‑chain.

Jurisdictional boundaries

• Identity: zkLogin provides federated sign‑on without placing raw credentials on chain. Where regulation requires KYC for specific actions, gating occurs off‑chain with the minimum data necessary, and no doxable PII is written to the ledger.
• Payments: tokens native to Sui are used for economic flows. Fiat on‑ramps, if offered, are provided by third‑party processors with their own compliance programs.

Content policy and takedowns

• Policy definition: clearly stated rules for prohibited content and process for appeals.
• Execution: moderation actions emit on‑chain events linking decisions to content references; catalogs can withdraw references while retaining evidence anchors.
• Transparency: audit trails, versioned manifests, and receipts document actions without exposing sensitive identities.

Bounties and safe handling of sensitive materials

• Encryption: end‑to‑end encryption is enforced for submissions; only hashes (and optional Walrus IDs) are recorded on‑chain.
• Access controls: bounty review and decryption keys are scoped to case participants; key handling follows least privilege.

Market integrity and disclosures

• Editorial markets: terms are published (hashed) on chain; resolution receipts include verifiable evidence (enclave or zk), and conflicts of interest are disclosed in content metadata.

Risk register (selected)

• Sponsored‑tx abuse → quotas, proof‑of‑person gating, deposits for high‑risk actions
• Oracle compromise → attestation verification, multi‑source receipts, manual override with audit
• Storage inconsistency → availability proofs, inconsistency events, client hash verification and fallback
• Wallet/zkLogin phishing → device‑scoped salts, explicit signing prompts, educational banners