# Trust And Safety Product Spec

Дата: 2026-05-21  
Scope: safety requirements for ErgoCommunity.org.

## Safety Principles

1. The portal is community-run and must not look like official support.
2. Verified means link/domain checked, not endorsed, audited or financially safe.
3. Wallet, bridge, DeFi and support links need explicit safety review.
4. No page, form or flow may request seed phrases, private keys, mnemonics or recovery files.
5. Stale or uncertain content remains visibly marked until reviewed.

## Link Registry Required Fields

Every external URL needs:

- label
- URL or source of truth
- category
- source type
- review state
- verified at
- verified by
- next review at
- risk level
- notes

## Sensitive Categories

These categories require safety review before publication:

- wallet
- browser extension
- bridge
- DeFi
- token sale
- fundraising
- private invite
- support account
- security disclosure

## Risk Taxonomy

### normal

Standard verified link or low-risk informational content.

### info

Legitimate content with contextual note, such as seasonal events or community summaries.

### caution

Content has user-action risk, stale state, disputed source, funding context or bridge interaction.

### high-risk

Wallet, bridge, DeFi, support impersonation or install-link flow.

### blocked

Known scam, unresolved phishing, broken official source, unsafe claim or malicious destination.

## Moderation Queue

All intake flows share these states:

- draft
- needs-info
- editor-review
- safety-review
- approved
- rejected
- stale
- archived
- blocked

Each moderation action needs:

- reviewer
- timestamp
- reason code
- reviewer note
- conflict-of-interest flag
- appeal or dispute path

## Scam / Phishing Report Flow

Required fields:

- suspected URL or handle
- category
- affected project
- short description
- screenshot optional
- transaction or ID optional
- reporter contact optional

Statuses:

- new
- triaged
- escalated
- warning-published
- resolved
- false-positive

SLA:

- Active wallet/support phishing: public warning or escalation within 4 hours.
- Normal reports: triage within 2 business days.

## Governance Summary Safety

Governance cards must say:

- community summary
- not official decision
- not a vote
- canonical source links required
- summarized by
- reviewed by
- confidence level
- last updated

## Project Card Safety

Project cards must separate:

- operational status
- verification status
- risk level
- source type
- owner confirmation
- last checked date
- checked by

Operational does not mean safe, audited, endorsed or risk-free.