Trust & Safety

LinkStacked's Trust & Safety framework operates on three levels:

• Proactive technical safeguards — automated systems that prevent harmful content from reaching the platform in the first place.
• Community reporting — a trusted system for users to flag content that violates our policies.
• Human review — our trust and safety team reviews reports, escalations, and high-risk accounts manually.

Our policies are grounded in German law (Netzwerkdurchsetzungsgesetz / NetzDG), the EU Digital Services Act (DSA), and applicable international standards including the INHOPE network's guidance on illegal online content.

We maintain the following measures:

We take content related to self-harm and suicide seriously. Our approach is guided by safe messaging guidelines from mental health organisations.

• Content that provides detailed methods, encouragement, or "how-to" instructions for self-harm or suicide is prohibited
• Content that graphically depicts or promotes self-harm in a way that may normalise or encourage it is prohibited
• Content that targets or encourages at-risk individuals to harm themselves is subject to immediate removal and account suspension

LinkStacked may not be used to promote, represent, or recruit for:

• Organisations designated as terrorist organisations by Germany, the EU, the UK, or the UN Security Council
• Organisations with a documented history of mass violence, genocide, or ethnic cleansing
• Groups that promote or plan acts of terrorism, political violence, or insurgency
• Neo-Nazi, white supremacist, or other groups that promote violent racial ideology
• Organised crime groups or cartels

This includes: creating profiles for these organisations, sharing their propaganda, using their symbols or slogans, or fundraising on their behalf. Accounts engaged in this activity are permanently terminated and reported to relevant authorities.

We maintain several technical layers to prevent spam and inauthentic activity:

• Email verification required for all new accounts — disposable email domains are blocked
• Rate limiting on account creation per IP and per email domain
• CAPTCHA on account creation and login flows for unusual patterns
• Automated detection of profile content that matches known spam patterns (repeated link farms, affiliate redirect chains)
• Redis-backed rate limiting on all public API endpoints and profile visits
• Monitoring for abnormal traffic spikes that may indicate coordinated view inflation

Because links are what LinkStacked is all about, we invest heavily in ensuring every link on the platform is safe:

• Google Safe Browsing API — every URL submitted to LinkStacked is checked against Google Safe Browsing before being stored. This detects known malware, phishing, and social engineering sites.
• Re-scanning — stored URLs are re-verified periodically against Safe Browsing and our own blocklist. If a previously-safe link becomes malicious (domain hijacking, content change), it is automatically disabled.
• Redirect detection — we check for multi-layer redirect chains and domain spoofing.
• Blocklist — we maintain a platform-specific blocklist of domains and URLs known to be used for spam, fraud, or abuse.
• User reporting — visitors can report any link as suspicious directly from a profile.

We monitor for signals of inauthentic activity including:

• Abnormal profile view counts relative to account age and social footprint
• Sudden spikes in link click rates inconsistent with organic traffic patterns
• Multiple accounts sharing the same payment method, device fingerprint, or IP range
• Account creation patterns matching mass-registration toolkits
• Coordinated behaviour across accounts (identical bios, same-time activity, shared links)

Accounts found to be artificially inflating metrics or engaging in coordinated inauthentic behaviour have their analytics data corrected, their engagement zeroed, and face suspension or termination depending on severity.

We protect your account with multiple layers of security. Our technical security measures are documented in the Privacy Policy — Security section. Key user-facing security features include:

• Two-factor authentication (TOTP) — enable at Settings → Security → Two-factor authentication
• Active session management — view and revoke any active session at Settings → Security → Sessions
• Login notifications — receive an email alert when a new device logs in to your account
• Password breach detection — we check passwords against known breach databases at login
• Security headers and HTTPS enforcement on all pages and API endpoints

Our safety enforcement activities involve processing personal data (reports, account data, moderation logs). We process this data under our legitimate interest in maintaining a safe platform (GDPR Article 6(1)(f)).

• Moderation records are retained for up to 3 years to document enforcement decisions and support appeals
• We share data with law enforcement only where legally required or where we have a good-faith belief it is necessary to prevent serious harm
• We do not sell safety-related data to any third party
• We may share anonymised, aggregated safety statistics in transparency reports