Moderation
Customer-side moderation
Because NORTH is passthrough, your app moderates user input, prompts, and TTS text before audio is sent for rendering. We do not need access to that text.
◆ Safety & identity
Generative faces
need controls.
Avatar APIs make impersonation easy, that is the actual risk shape, not a marketing one. This page is what NORTH does about it today and what we expect from customers shipping to end users.
◇ The honest version
A photorealistic face API is dual-use technology.
NORTH renders a talking face from a single reference image. That is exactly what makes it useful for tutors, support agents, and companions, and exactly what makes it abusable for non-consensual likeness, impersonation, or fraud.
We do not solve this problem with a single magic feature. Our approach is a layered one: an Acceptable Use Policy customers contractually accept, customer-side moderation (passthrough mode keeps prompts and TTS text on your side), session-level logging so misuse is traceable, and a takedown / kill-switch path for incidents.
Honest scope: NORTH is generative-rendering infrastructure. Final responsibility for what gets generated, who consents, and how outputs are distributed sits with the customer shipping the product. We give you the controls; you wire them into your UX.
◆ Controls
What we ship today.
Identity registries, consent capture, watermarking, and similar deployment-specific controls are scoped per enterprise contract. Email eric@northmodellabs.com with your specific compliance requirements.
Identity
Public-figure policy
Customer terms prohibit generation of public figures without documented authorization. We act on reports promptly.
Operational
Session logging
Session create / delete, face uploads, and admin actions are recorded for incident review and billing reconciliation.
Response
Abuse takedown path
One inbox for misuse reports. We acknowledge within one business day, suspend offending API keys, and purge cached outputs on confirmation.
◆ Acceptable use, summary
What customers contractually agree not to do.
Full text in our Terms of Service. Summary form below for procurement / security review.
- Generate the likeness of any real person without their documented consent (or, for public figures, without an explicit lawful basis).
- Impersonate any individual, organization, or government with intent to defraud, deceive, or harass.
- Produce sexual content depicting any identifiable person.
- Produce content depicting minors in sexualized, violent, or exploitative scenarios.
- Generate non-consensual intimate imagery, regardless of source.
- Reverse-engineer, extract, or attempt to recover model weights or training data.
- Resell raw NORTH inference as a competing avatar API without a written reseller agreement.
- Use NORTH outputs in legal proceedings, news media, or evidentiary contexts without clear AI-generated disclosure.
◆ Audit & logging
What we record, and why.
| Event | Stored | Why |
|---|---|---|
| Session create / delete | Operational log | Misuse detection · billing reconciliation |
| Face image upload | Operational log | Abuse review and incident traceback |
| API key issued / revoked | Operational log | Access governance |
| Generated MP4 (offline) | Customer-presigned URL, 24h | Customer download window |
| WebRTC video frames | Not stored | Realtime; never retained |
| Customer prompts / TTS text | Not received | Passthrough mode; we never see them |
See /privacy for retention windows. Enterprise contracts can configure stricter retention or zero-retention modes.
◆ If something goes wrong
Takedown and kill-switch.
Reporting abuse. Anyone, customer or non-customer, can report misuse to eric@northmodellabs.com. We acknowledge within one business day and triage with severity.
Takedown.For high-severity reports (non-consensual intimate imagery, impersonation of a real individual, fraud) we suspend the offending account's API access while we investigate. DMCA-style takedown requests follow the standard process in our Terms.
Kill switch. If you need to immediately revoke API keys and freeze new sessions for an account (whether yours or one we trace abuse to), we do that on request, fastest path is eric@northmodellabs.com. Self-serve key revocation lives in the dashboard today.
◆ Direct contacts
One inbox per concern.
Security
eric@northmodellabs.com
Vulnerabilities, security questionnaires, architecture review.
Abuse
eric@northmodellabs.com
Misuse reports, takedown requests, impersonation.
Privacy / DPA
eric@northmodellabs.com
Data subject requests, DPA / SCC review, sub-processor questions.
For media impersonation discovered in the wild, attach the URL and a brief description; we will trace it back to the originating account if it was generated through our API.