Trust & Safety

Sefaly may not be used to store, share, or distribute:

• Child sexual abuse material (CSAM) or any content that sexually exploits a minor, in any form.
• Content that promotes or facilitates terrorism, violent extremism, or imminent threats of violence against a person or group.
• Malware, viruses, exploits, or other code designed to damage, disrupt, or gain unauthorised access to systems or data.
• Content that infringes another person’s intellectual- property rights. (For copyright take-downs, see the DMCA policy.)
• Non-consensual intimate imagery (sometimes called “revenge porn”).
• Content used to defraud, deceive, or impersonate another person or organisation.
• Anything that is illegal under the laws that apply to you or to us.

Sharing prohibited content with others through Sefaly — public links, direct shares, or invitations — is a violation of these terms regardless of whether the file was ever decrypted.

Sefaly does not tolerate CSAM. Accounts associated with reports we substantiate, or that we are made aware of by law enforcement or NCMEC, will be terminated. As required by 18 U.S.C. §2258A, we report apparent CSAM to the National Center for Missing & Exploited Children’s (NCMEC) CyberTipline once we become aware of it, and we preserve relevant records for at least 90 days as the statute requires.

Important technical limit. Because Sefaly is end-to-end encrypted, we cannot inspect file contents to detect CSAM proactively. The Department of Justice and NCMEC have recognised that providers cannot report what they cannot see; §2258A’s reporting obligation is triggered by actual knowledge, not by failure to scan. We act on every credible report we receive.

If you have encountered CSAM on Sefaly — for example via a public share link — report it to us at safety@sefaly.com and also report it directly to NCMEC at report.cybertip.org. If you believe someone is in imminent danger, contact local law enforcement first.

For most reports, write to one of these addresses:

• CSAM / child-safety: safety@sefaly.com — please also report directly to NCMEC (see above).
• Copyright (DMCA): dmca@sefaly.com — see the DMCA policy for the elements your notice must contain.
• Other abuse (threats, harassment, malware, fraud): abuse@sefaly.com.
• Law-enforcement requests: legal@sefaly.com.

Please include the full share-link URL or other identifying information so we can locate the material. The more precisely you identify what you are reporting, the faster we can act.

Reports are reviewed by a member of our trust-and-safety on-call. For credible reports we will:

1. Disable the reported share link — this is immediate and stops further access to the file via that URL.
2. Suspend the account that uploaded or shared the material while we investigate.
3. Preserve relevant account metadata (login times, IP addresses, share-link records) for the duration the applicable statute requires.
4. Report to NCMEC in the case of apparent CSAM, within the timeframe 18 U.S.C. §2258A requires.
5. Cooperate with valid legal process from law enforcement.
6. Notify the account holder, where doing so would not interfere with an investigation or be prohibited by law.

We reserve the right to terminate or suspend an account where we have a credible basis to believe it has been used to store or distribute prohibited content. Termination removes the user’s access to the service, deletes their files from our storage, and disables outstanding share links.

Because the files are end-to-end encrypted, neither we nor any third party can recover them after termination. We will retain account metadata (email, IP records, share-link records) for as long as the applicable statute requires us to or as needed to support an ongoing investigation.

We respond to valid legal process — subpoenas, court orders, search warrants — from law-enforcement agencies. Because of the end-to-end design, the records we can produce are limited to account metadata, login records, share-link records, and the ciphertext we hold on our servers. We have no key to decrypt user files and cannot produce plaintext file content.

Law-enforcement enquiries should be sent to legal@sefaly.com.

We may update this policy from time to time as the service and the legal landscape evolve. Material changes are reflected in the “Last updated” date at the top of this page.