Compliance Policy

Last updated: May 5, 2026

1. Purpose

This Compliance Policy describes how socials.download handles the legal and accountability dimensions of evidence-preservation work: the operator-attestation gate that precedes every capture, the audit trails that document chain of custody, the procedure for responding to lawful process and takedown requests, and the commitments we publish about timelines and reporting. It supplements — and does not displace — our Terms of Use, Privacy Policy, and DMCA Procedure.

2. Operator attestation, captured

Every capture is preceded by an explicit operator attestation that the operator has a lawful basis to access and preserve the artifact in the operator’s jurisdiction. The attestation text is fixed and presented to the operator at submission; the act of submitting the capture is the act of attesting.

The attestation is recorded as part of the audit log entry for the capture. The recorded values are:

  • The verbatim attestation text shown to the operator at submission.
  • The UTC timestamp of submission.
  • The operator’s authenticated session identifier.
  • A SHA-256 hash binding the attestation to the specific capture (URL + platform + capture session ID).

Liability for the accuracy of the attestation is the operator’s. False attestations are a material breach of the Terms and may also constitute fraud, perjury, or other offences depending on the use the capture is put to.

3. Audit-log discipline

The audit log is a tamper-evident record of every action taken with respect to a capture. For each capture and each subsequent action against it, the log contains:

  • The capture session ID.
  • The source URL and source platform.
  • The subject account handle as reported by the platform at capture time.
  • The UTC capture timestamp.
  • The SHA-256 hash of the captured artifact bytes.
  • The verbatim attestation text and submission timestamp.
  • The operator account identifier.
  • The IP address of the request, retained for 30 days for abuse mitigation, then truncated.
  • Every re-download, retention-window action (auto-delete, manual delete, takedown), and any access by counsel or staff under documented process.

Audit-log entries are immutable in the ordinary course. Corrections are made by appending a new entry that references and explains the prior entry; the prior entry is not modified or deleted. Database-administrator actions that touch the audit log are themselves logged in a separate system-administration log retained on the same terms.

4. Operator access to the audit trail

Every paid operator can review and export their own audit log from the account dashboard. Free-trial operators do not receive an audit log because free-trial captures are not retained — the artifact streams through and the only persisted record is a 30-day server log entry that does not constitute chain-of-custody documentation.

Operators can also generate a verification packet for any specific capture — a bundle containing the artifact, the metadata sidecar, the attestation entry, and the audit-log entries that touch that capture. The verification packet is signed and timestamped; counsel or a third party can re-hash the artifact and verify the packet has not been altered.

5. Lawful process: subpoenas, warrants, court orders

Lawful process is directed to legal@socials.download. We require service in writing from a recognised legal authority or counsel of record. We respond on the following posture:

  • Acknowledgement: within 1 business day of receipt, with a tracking ID.
  • Scope review: we read the request narrowly and respond only with what is plainly within scope. Overbroad, ambiguous, or improperly served requests receive a written response identifying the deficiency and (where appropriate) proposing a narrowed scope.
  • Operator notification: we notify the affected operator unless prohibited by law, court order, or non-disclosure provisions of the request itself. Notification gives the operator the opportunity to challenge the request before compliance.
  • Substantive response: for valid, in-scope requests, response is provided within the time required by the request or by 30 days, whichever is shorter, unless the request specifies a different timeline.
  • Challenge: we will challenge requests we reasonably believe to be unlawful, overbroad, or improperly served. We may also intervene in proceedings where third-party rights are at stake.

We charge reasonable cost recovery for compliance with civil subpoenas as permitted by law. Compliance with criminal-process requests is provided without charge.

6. Preservation requests

Counsel or law-enforcement may submit preservation requests to legal@socials.download. A valid preservation request stops the routine retention-window deletion for the specifically identified captures for an initial 90-day window, extendable on written renewal. The preservation event is itself audit-logged, and the affected operator is notified unless the request is accompanied by a non-disclosure provision.

7. Takedown handling

Copyright takedowns are governed by our DMCA Procedure: valid notices acted on within 24–48 hours, counter-notification per § 512(g), repeat infringers terminated.

Non-copyright takedowns — privacy, defamation, harassment, GDPR / data-protection erasure, court orders, platform-policy enforcement — are evaluated on the same timeline. We weight requests against the public interest in the captured material, the rights asserted, and any pending lawful process. The audit log records every takedown action with the basis and the timestamp.

We reserve the right to remove or restrict access to captured content at any time in response to lawful process, a credible report of abuse, breach of these Terms, or a determination by us that continued availability poses material risk to the operator, to a third party, or to the platform.

8. Operator accountability

Operators are responsible for the captures they submit, the attestations they make, and the use they put captured material to. We enforce that responsibility through:

  • The attestation gate at the point of capture (no attestation, no capture).
  • The repeat-infringer policy under § 512(i): three substantiated takedowns in a rolling 12 months results in account termination.
  • Suspension or termination for false attestations, evasion of the attestation gate, or other material breaches of the Terms.
  • Cooperation with lawful process where the operator is a target of investigation or litigation, subject to the procedure in section 5.

9. Authorization scope (what does “lawful basis” mean?)

The operator attestation references “a lawful basis in your jurisdiction”. That phrase is deliberately broad because what counts as a lawful basis differs across jurisdictions and across roles. Examples we recognize as plainly within scope:

  • You are the rights-holder of the captured content.
  • The content is part of the public record (e.g., a public official’s public posts).
  • The capture is journalistic work product covered by press-freedom protections.
  • The capture is conducted under court-authorized discovery or a preservation order.
  • The capture is conducted on behalf of an authorized client investigation by counsel or a licensed investigator.
  • The capture is conducted by or for a regulated trust-and-safety, brand-protection, or anti-fraud function under documented authority.
  • The capture is for academic research under your institution’s ethics review.

Examples we do not recognize and that constitute a false attestation: stalking, harassment, doxxing, non-consensual intimate imagery, infringement for commercial exploitation, capture from accounts behind privacy controls you have not been granted access to, and any other capture without a credible lawful basis. The attestation is your representation that you fall within the former, not the latter.

10. Data retention summary

The retention windows are documented in the Privacy Policy and operationalised here:

  • Free-trial captures: artifact deleted within 60 seconds of delivery.
  • Pro captures: artifact retained 30 days, then permanently deleted.
  • Studio captures: artifact retained 90 days, then permanently deleted.
  • Audit-log entries: retained for the lifetime of the account plus any statutory record-keeping obligation, then deleted.
  • Preservation-request captures: retention-window deletion is paused for the duration of the preservation request and any documented renewal.
  • Account closure: account email, captures, and capture-metadata rows are wiped within 24 hours; audit-log retention continues per the second bullet.

Operators can request deletion of any specific capture from their dashboard at any time. The deletion is recorded in the audit log; the artifact itself is unrecoverable after the deletion completes.

11. Transparency reporting

Beginning with the calendar year following first paid revenue, we publish an annual Transparency Report covering the prior calendar year. The report aggregates (without identifying any operator, subject, or capture):

  • Number of DMCA takedown notices received, acted on, refused as deficient, withdrawn, and counter-notified.
  • Number of non-copyright takedown / removal requests, by category and disposition.
  • Number of subpoenas, search warrants, and other legal-process requests received, by jurisdiction and disposition.
  • Number of preservation requests received and outstanding.
  • Number of accounts terminated under the repeat-infringer policy.
  • Median and 95th-percentile time-to-action for each category.

The report is published to /legal/transparency and the URL is shared with paid operators by email when each year’s report goes live.

12. Jurisdictional reminder

socials.download operates from the United States. The Terms select Georgia law and Fulton County, Georgia courts for disputes between operator and Service. None of the foregoing alters the operator’s obligation to comply with the laws of any jurisdiction in which the operator is located, in which the subject is located, or in which the captured material may be used. Operators are solely responsible for ensuring their use complies with applicable laws in their jurisdiction.

13. Contact

Compliance questions and policy correspondence: legal@socials.download. DMCA notices: dmca@socials.download. Privacy and data-rights requests: privacy@socials.download. General product questions: support@socials.download.

← Back to the home page·Terms of Use·DMCA Procedure·Privacy Policy