Anti-Abuse Policy
How Bio-Link.se detects, prevents, and responds to platform abuse — protecting users, the internet ecosystem, and our reputation
ℹ️ About This Policy
This Anti-Abuse Policy is a supplementary operational document that works alongside our Terms of Service, Privacy Policy, and Security & Safety page. It details our internal procedures, response commitments, and escalation framework for handling abuse on the Bio-Link.se platform.
1. Purpose & Scope
1.1 Purpose
This Anti-Abuse Policy establishes Bio-Link.se's commitment and operational framework for preventing, detecting, and responding to abuse of our URL shortening and bio page creation platform. As a link service, we have a heightened responsibility to prevent our infrastructure from being weaponized for phishing, malware distribution, fraud, or other harmful activities.
1.2 Scope
This policy applies to:
- All users — Free, Premium, and OF Plan subscribers
- All content — Bio pages, shortened URLs, embedded links, images, and text
- All access methods — Web interface, API, and any future integrations
- All jurisdictions — Regardless of where the user is located
1.3 Core Principles
Our anti-abuse operations are guided by:
- Zero Tolerance — No warnings for serious violations (phishing, malware, CSAM, fraud)
- Proportionality — Enforcement actions proportional to the severity of the violation
- Speed — Automated detection and rapid human response minimize harm
- Transparency — Clear rules, published statistics, and documented processes
- Due Process — Appeals available for non-critical enforcement actions
- Cooperation — Active collaboration with security vendors, law enforcement, and industry peers
2. Definitions
- "Abuse"
- Any use of the Bio-Link.se platform that violates our Terms of Service, applicable law, or is designed to harm users, third parties, or the platform itself.
- "Abuse Report"
- A formal or informal notification from an internal system, external party, user, security vendor, or law enforcement agency identifying suspected abuse.
- "Automated Detection"
- Abuse identified by our technical systems without human intervention, including API integrations, pattern matching, and behavioral analysis.
- "Manual Review"
- Human investigation of flagged content by our security team.
- "Severity Level"
- Classification of abuse from Critical (P0) to Low (P3) based on potential harm, scale, and legal implications.
- "Takedown"
- The act of disabling, blocking, or removing abusive content or accounts from the platform.
- "False Positive"
- Legitimate content incorrectly identified as abusive by automated or manual systems.
- "Repeat Offender"
- A user or entity that has been previously actioned for abuse and attempts to re-use the platform.
- "Threat Intelligence"
- Information about known threats, malicious indicators, and attack patterns from security vendors, databases, and partner platforms.
3. Abuse Categories & Severity Classification
All abuse is classified by category and severity level. Severity determines response time, enforcement action, and escalation path.
| Severity | Category | Examples | Response Target |
|---|---|---|---|
| 🔴 P0 — Critical | Imminent Harm |
|
< 30 minutes |
| 🟠 P1 — High | Serious Harm |
|
< 4 hours |
| 🟡 P2 — Medium | Policy Violation |
|
< 24 hours |
| 🔵 P3 — Low | Minor Violation |
|
< 72 hours |
🚫 Automatic P0 Classification
The following are always classified as P0 (Critical) regardless of scale or intent: CSAM, active phishing with credential harvesting, malware distribution, terrorism content, and any content involving imminent physical danger. These trigger automatic blocking within minutes and immediate law enforcement notification.
4. Detection Methods
Bio-Link.se employs a defense-in-depth strategy with multiple overlapping detection layers:
4.1 Automated Pre-Publication Scanning
Every link and bio page is scanned before activation:
- Google Safe Browsing API — Real-time check against Google's database of billions of unsafe URLs
- VirusTotal API (97 engines) — Multi-engine scan including Sophos, Fortinet, ESET, Kaspersky, BitDefender, and 92 additional vendors
- Internal Blocklist — Matching against our proprietary database of known malicious domains, patterns, and IP ranges
- AI Pattern Detection — Machine learning models trained to identify phishing page structures, fraudulent language patterns, and social engineering techniques
4.2 Continuous Post-Publication Monitoring
All active content is re-scanned on a continuous schedule:
- 03:00 UTC — Full scan of all active shortened URLs via Google Safe Browsing
- 04:00 UTC — Bio page content review and embedded link validation
- 09:00 UTC — New content review (links created in previous 24 hours)
- Real-time — Continuous monitoring of flagged accounts and high-risk content
4.3 Behavioral Analysis
Our systems monitor user behavior patterns to identify suspicious activity:
- Rapid bulk link creation (exceeding normal usage)
- Links to newly registered domains (< 30 days old)
- Patterns matching known phishing kit structures
- Account creation from flagged IP ranges or known VPN/proxy services
- Repeated targeting of specific brands or financial institutions
- Unusual geographic patterns (e.g., account from Sweden, all links targeting Brazilian banks)
4.4 External Intelligence Sources
- Security vendor notifications — Alerts from Google, VirusTotal, Cloudflare, and others
- Abuse reports — User reports via abuse@bio-link.se
- Law enforcement requests — Official takedown requests and investigation notices
- Industry sharing — Threat intelligence from platform peers and security communities
- Brand protection services — Notifications from companies monitoring for impersonation
4.5 Cloudflare Protection Layer
- DDoS mitigation
- Bot detection and challenge pages
- Rate limiting
- IP reputation scoring
- Web Application Firewall (WAF) rules
📊 Detection Coverage
Combined, our systems scan 1,000+ links weekly, maintain 24/7 automated monitoring, and leverage 97+ security engines for comprehensive threat coverage.
5. Response Process
When abuse is detected or reported, the following process is initiated:
Detection / Report
Abuse identified via automated scan, user report, or external notification
Classification
Severity assigned (P0–P3) based on abuse type and potential harm
Immediate Action
P0/P1: Auto-block content and redirect to warning page
Investigation
Security team reviews evidence, verifies abuse, checks for false positive
Enforcement
Apply proportional action: warning, suspension, or permanent termination
Documentation
Log all evidence, actions taken, and timestamps for audit trail
External Reporting
Notify law enforcement, NCMEC, or relevant authorities as required
Post-Incident Review
Update blocklists, improve detection, document lessons learned
5.1 Automated Response (P0 Critical)
For P0 violations, the system acts without waiting for human review:
- Malicious link immediately redirected to a security warning page
- Account automatically flagged and access suspended
- Admin notification sent via email within seconds
- All other links from the same account queued for emergency scan
- IP address and device fingerprint recorded for ban enforcement
5.2 Manual Review Process
All automated actions are followed by human verification:
- Security team member assigned to the case
- Content reviewed against Terms of Service and applicable law
- False positive check performed
- If confirmed: enforcement proceeds. If false positive: content restored and user notified
- Decision documented with reasoning
6. Response Time SLAs
We commit to the following response time targets:
| Severity | Initial Response | Content Action | Investigation Complete | Reporter Notified |
|---|---|---|---|---|
| 🔴 P0 | Immediate (automated) | < 30 minutes | < 24 hours | < 48 hours |
| 🟠 P1 | < 1 hour | < 4 hours | < 48 hours | < 72 hours |
| 🟡 P2 | < 4 hours | < 24 hours | < 5 business days | < 5 business days |
| 🔵 P3 | < 24 hours | < 72 hours | < 10 business days | < 10 business days |
⚠️ SLA Exceptions
Response times may be extended during high-volume attack periods, holidays, or extraordinary circumstances. P0 automated responses remain active 24/7/365 regardless.
7. Escalation Matrix
Abuse cases are escalated based on severity, complexity, and external involvement:
| Level | Handler | Triggers |
|---|---|---|
| L1 — Automated | System / Bot | Known signatures, blocklist matches, API flags |
| L2 — Security Team | Security Analyst | User reports, unconfirmed flags, P2/P3 violations, appeals |
| L3 — Senior Review | Platform Administrator | P0/P1 confirmed, legal complexity, high-profile targets, repeat offenders |
| L4 — External | Law Enforcement / Legal | Criminal activity, CSAM, law enforcement requests, legal proceedings |
7.1 Auto-Escalation Rules
- Any case not resolved within 2× the SLA target is automatically escalated one level
- Any case involving minors is immediately escalated to L3+L4
- Any case with law enforcement involvement starts at L3 minimum
- Any case involving 10+ affected accounts is escalated to L3
8. Enforcement Actions
Enforcement actions are proportional to the severity of the violation:
8.1 Content-Level Actions
- Link Redirect — Malicious link redirected to a security warning page
- Link Deactivation — Shortened URL permanently disabled
- Bio Page Removal — Entire bio page taken down
- Content Edit — Specific content removed with page preserved (minor violations)
8.2 Account-Level Actions
- Warning — Written notification of policy violation (P3 only, first offense)
- Temporary Suspension — Account access disabled for 7–30 days (P2, first offense)
- Permanent Termination — Account permanently deleted, all content removed (P0/P1, or repeat P2)
- Plan Downgrade — Forced downgrade from OF Plan for age gate violations
8.3 Network-Level Actions
- IP Block — Source IP address banned from the platform
- IP Range Block — Extended block for coordinated attacks
- Device Fingerprint Ban — Device-level block to prevent ban evasion
- Email Domain Block — Registration blocked from disposable/abusive email providers
8.4 Enforcement by Severity
| Severity | First Offense | Second Offense | Third Offense |
|---|---|---|---|
| 🔴 P0 | Immediate termination + IP ban + law enforcement report | N/A — No second chance | |
| 🟠 P1 | Immediate termination + IP ban | N/A — No second chance | |
| 🟡 P2 | Content removal + warning OR 7-day suspension | 30-day suspension | Permanent termination |
| 🔵 P3 | Warning + content edit request | Content removal + 7-day suspension | Permanent termination |
🚫 No Refunds for Enforcement
Accounts terminated for abuse violations are not eligible for refunds, data export, or content recovery. This applies to all subscription tiers including Premium and OF Plan. See Terms of Service Section 6.3.
9. Appeals Process
9.1 Who Can Appeal
Appeals are available for:
- P2 and P3 enforcement actions
- Suspected false positives
- Content incorrectly flagged by automated systems
🚫 No Appeals Available For
- P0 (Critical) violations — Phishing, malware, CSAM, terrorism
- P1 (High) violations with confirmed evidence — Fraud, impersonation
- Accounts terminated by law enforcement request
- Repeat offenders (3+ previous violations)
9.2 How to Appeal
- Send an email to appeals@bio-link.se
- Include your username, the content/action in question, and your reasoning
- Provide any evidence supporting your case
- Appeals must be submitted within 14 days of the enforcement action
9.3 Appeal Review
- Appeals are reviewed by a different team member than the original decision-maker
- Review completed within 10 business days
- Outcome communicated via email with reasoning
- Appeal decisions are final
9.4 Possible Outcomes
- Upheld — Original action remains. No further appeal available.
- Modified — Reduced enforcement (e.g., suspension shortened, warning instead)
- Overturned — Content restored, account reinstated, apology issued
10. Evidence & Data Retention
We retain abuse-related data for enforcement, legal compliance, and pattern detection:
| Data Type | Retention Period | Purpose |
|---|---|---|
| Abuse reports (incoming) | 5 years | Pattern analysis, legal evidence |
| Enforcement action logs | Permanent | Repeat offender detection |
| Terminated account data | Permanent (identifiers only) | Ban enforcement, re-registration prevention |
| IP blacklist entries | Indefinite | Network-level protection |
| Content snapshots (violations) | 2 years | Legal evidence, appeal support |
| Security scan logs | 2 years | Audit trail, system improvement |
| Appeal records | 5 years | Consistency, legal defense |
| Law enforcement correspondence | 7 years | Legal compliance |
| CSAM reports (to NCMEC/police) | Permanent | Legal obligation, child protection |
| Age verification logs (OF Plan) | 3 years minimum | Legal compliance, child protection |
⚠️ Deletion Requests
Abuse-related data is exempt from standard GDPR deletion requests under Article 17(3)(d) and (e) — processing necessary for reasons of public interest and for the establishment, exercise, or defense of legal claims. See our Privacy Policy — Data Retention for full details.
11. External Reporting Obligations
Bio-Link.se reports abuse to external authorities and organizations based on the nature of the violation:
11.1 Mandatory Reporting
We are legally obligated to report in the following cases:
| Abuse Type | Reported To | Timeframe |
|---|---|---|
| CSAM / Child Exploitation |
Swedish Police (Polisen) NCMEC (CyberTipline) Interpol / Europol |
Immediately (< 1 hour) |
| Terrorism / Violent Extremism |
Swedish Security Service (SÄPO) Europol (EU IRU) |
Immediately (< 1 hour) |
| Imminent Threat to Life |
Swedish Police (112) Local law enforcement |
Immediately |
| Large-Scale Fraud / Phishing |
Swedish Police (Polisen) Targeted brand/organization Anti-Phishing Working Group (APWG) |
< 24 hours |
| Data Breach (affecting users) |
Swedish Data Protection Authority (IMY) Affected users |
< 72 hours (GDPR requirement) |
11.2 Voluntary Reporting
We may also report to the following at our discretion:
- Google Safe Browsing — Submit newly discovered malicious URLs for global blocking
- VirusTotal — Share threat samples and indicators
- Cloudflare — Report coordinated attack patterns
- Anti-Phishing Working Group (APWG) — Contribute phishing data to the eCrime database
- Spamhaus — Report spam-related infrastructure
- Brand owners — Notify companies being impersonated on our platform
- Domain registrars — Report malicious domains linked through our service
- Hosting providers — Notify upstream hosts about malicious destination content
11.3 Law Enforcement Cooperation
Bio-Link.se cooperates fully with law enforcement under the following framework:
- Valid legal requests: We respond to court orders, subpoenas, and official information requests
- Emergency requests: Imminent danger cases processed without waiting for formal legal process
- Proactive reporting: We report serious crimes even without receiving a formal request
- Evidence preservation: We honor preservation requests and litigation holds
- Jurisdiction: Primary cooperation with Swedish law enforcement; international requests via mutual legal assistance treaties (MLAT)
🏛️ Legal Process Contact
Law enforcement agencies should direct requests to: legal@bio-link.se
For emergencies involving imminent harm: security@bio-link.se (monitored 24/7)
12. Industry Cooperation
12.1 Security Vendor Integration
We maintain active integrations with the following security vendors and databases:
- Google Safe Browsing — Bidirectional: We consume their threat data and contribute our findings
- VirusTotal — 97-engine scanning with results informing our automated blocking
- Cloudflare — Infrastructure-level protection and threat intelligence
12.2 Abuse Contact Responsiveness
We are committed to being a responsive abuse contact:
- abuse@bio-link.se is actively monitored and responds within SLA targets
- We acknowledge receipt of all external abuse reports within 24 hours
- We provide actionable updates to reporters when content is actioned
- We maintain an up-to-date abuse contact in our WHOIS records and on our website
12.3 Threat Intelligence Sharing
We contribute to the broader security ecosystem by:
- Sharing anonymized threat patterns with security communities
- Reporting malicious destination URLs to relevant blocklist operators
- Notifying affected platforms when their brands are being impersonated
- Contributing phishing URLs to public threat feeds where appropriate
12.4 False Positive Resolution
We actively work to resolve false positive detections:
- Submit false positive appeals to security vendors when our domain or user content is incorrectly flagged
- Maintain communication channels with vendor security teams
- Provide evidence and context to support delisting requests
- Publish transparency information about false positive incidents (see our Security & Safety page)
13. User Reporting Mechanisms
13.1 How to Report Abuse
Users and third parties can report abuse through multiple channels:
| Channel | Best For | Response Time |
|---|---|---|
| 📧 abuse@bio-link.se | All abuse reports — phishing, fraud, malware, spam, illegal content | < 24 hours |
| 🔐 security@bio-link.se | Security vulnerabilities, responsible disclosure | < 24 hours |
| ⚖️ legal@bio-link.se | Law enforcement requests, DMCA/copyright, legal process | < 48 hours |
| 📋 Report Abuse Page | Guided reporting with checklists and instructions | < 24 hours |
13.2 What to Include in a Report
Effective reports should include:
- The URL or bio page link (e.g., bio-link.se/username or a shortened link)
- Type of abuse (phishing, malware, scam, spam, illegal content, etc.)
- Description of why you believe it is abusive
- Screenshots or evidence (if available)
- Your contact information (optional but helpful for follow-up)
13.3 Reporter Protections
- Confidentiality: Reporter identity is never disclosed to the reported user
- Anonymous reporting accepted: Contact information is helpful but not required
- No retaliation: We prohibit any form of retaliation against good-faith reporters
- Status updates: Reporters with contact info receive confirmation and outcome notifications
13.4 Abuse of the Reporting System
⚠️ False Reports
Submitting knowingly false or malicious abuse reports is itself a violation of our Terms of Service. This includes weaponizing abuse reports against competitors or using reports as a form of harassment. Abusive reporters may have their reports deprioritized or their contact blocked.
14. Adult Content Specific Abuse
Adult content on Bio-Link.se is only permitted under the OF Plan ($3.99/month) with strict safeguards. This section covers abuse scenarios specific to adult content.
14.1 Age Gate Violations
| Violation | Severity | Action |
|---|---|---|
| Adult content bio page without Age Gate enabled | P1 | Immediate suspension, content removal, forced plan downgrade |
| Age Gate intentionally bypassed or disabled | P1 | Permanent termination |
| Adult content on Free or Premium plan | P2 | Warning + 48h to upgrade or remove content |
| Insufficient blur level on Content Teaser | P2 | Warning + content edit required within 24h |
14.2 Prohibited Adult Content
The following always triggers P0 (Critical) response:
- Child Sexual Abuse Material (CSAM) — immediate takedown, NCMEC report, law enforcement notification
- Non-consensual intimate imagery (revenge porn) — immediate takedown, law enforcement notification
- Content involving trafficking or coercion — immediate takedown, law enforcement notification
The following triggers P1 (High) response:
- Bestiality / zoophilia content
- Content depicting or simulating sexual violence
- Content involving unconscious or drugged individuals
- Any other content listed in Terms of Service Section 4.3B
14.3 Adult Content Monitoring
OF Plan accounts are subject to enhanced monitoring:
- Automated Age Gate presence verification on every bio page load
- AI content classification to detect untagged adult content
- New adult bio pages may enter a manual review queue (reviewed within 48 hours)
- Regular compliance audits of OF Plan accounts
- Enhanced user reporting mechanisms for adult content concerns
✅ Our Commitment
We support legitimate adult content creators who follow the rules. Our enforcement targets bad actors, not the adult content industry. Compliant OF Plan users enjoy full platform features with industry-leading privacy protections.
15. Transparency & Accountability
15.1 Public Transparency
We maintain transparency about our anti-abuse efforts through:
- Security & Safety page — Public information about our security systems, scanning schedule, and incident reports: bio-link.se/custom/safety-security/
- Annual Transparency Report — Published statistics on enforcement actions, abuse volume, and response metrics
- Incident Disclosure — Significant security incidents disclosed publicly with timeline and remediation details
15.2 Transparency Report Contents
Our annual transparency report includes:
- Total abuse reports received (by category)
- Reports actioned vs. dismissed
- Average response times by severity
- Accounts terminated (by violation type)
- Law enforcement requests received and fulfilled
- False positive rate and resolution statistics
- DMCA / copyright takedown statistics
- Geographic distribution of abuse (anonymized)
15.3 Internal Accountability
- All enforcement actions are logged with timestamps, reasoning, and the responsible team member
- Regular internal audits of enforcement consistency
- Quarterly review of SLA performance
- Annual policy review and update (see Section 16)
16. Policy Review Cycle
16.1 Regular Review
This Anti-Abuse Policy is reviewed and updated:
- Annually — Comprehensive review of all sections
- After major incidents — Post-incident review may trigger immediate updates
- When regulations change — EU Digital Services Act, Swedish law, GDPR updates
- When detection capabilities change — New security tools or vendor integrations
16.2 Change Notification
Material changes to this policy are communicated via:
- Email notification to registered users
- Website notice on the policy page
- Updated "Last Modified" date in the header
16.3 Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | February 4, 2026 | Initial publication |
18. Contact Information
📞 Abuse & Security Contacts
Piltegatan 4
431 41 Mölndal
Sweden