Abuse Handling Policy [HK]

1. Purpose

This Policy establishes a framework for handling abuse reports related to the use of the Services provided by Astraform Limited, a company incorporated in Hong Kong (the “Company”).

The Company is committed to addressing abuse reports in a timely, fair, and consistent manner while protecting the legitimate interests and rights of all parties involved. Abuse handling processes are designed to support the integrity, security, and lawful operation of the Services and to ensure compliance with applicable laws and internal policies.

2. Scope

This Policy applies to all users, customers, and third parties engaging with the Services. It governs the procedures for reporting, reviewing, investigating, and addressing abusive or prohibited activities related to the use of the Services.

3. Definitions

For the purposes of this Policy:

Abuse means activities that violate the Terms of Use or any related policies or agreements, including but not limited to spam, phishing, malware distribution, denial-of-service attacks, copyright infringement, or other unauthorized, harmful, or disruptive uses of the Services.
Abuse Report means a formal complaint or notification regarding alleged abusive activity.
Reporter means an individual or entity submitting an Abuse Report.
Respondent means the individual or entity whose activities are the subject of an Abuse Report.

4. Reporting Abuse

4.1 How to Report Abuse

Abuse Reports must be submitted through the Company’s designated abuse reporting channel.

Reports should include, where applicable:

A detailed description of the alleged abusive activity;
Relevant supporting evidence (such as logs, URLs, timestamps, or other technical data);
Contact information for follow-up communication;
Any relevant legal documentation or notices, if available.

4.2 Improper or Incomplete Reports

Abuse Reports that lack sufficient information or supporting evidence may not be processed until adequate details are provided.

Reporters should avoid submitting personal data of third parties unless strictly necessary for the purposes of the report and should ensure that any submitted information is provided lawfully.

4.3 Confidentiality

Abuse Reports are handled confidentially. Information relating to a Reporter will not be disclosed to third parties unless required to do so by applicable law or a valid legal request.

5. Processing Abuse Reports

5.1 Acknowledgment of Reports

Upon receipt of an Abuse Report, the Company will make reasonable efforts to acknowledge the report within 24 hours.

Acknowledgment may be provided through the same channel by which the report was submitted.

5.2 Review and Investigation

Abuse Reports are reviewed and assessed within a reasonable timeframe, generally not exceeding 7 business days from acknowledgment, subject to the complexity of the case.

If additional information is required, the Company may request clarification or supplementary materials from the Reporter.

Investigations may include:

Verification of the evidence provided;
Review of relevant account activity and technical data;
Assessment against the Terms of Use and applicable policies.

5.3 Resolution Actions

Based on the outcome of the investigation, the Company may take actions including, but not limited to:

Issuing warnings;
Restricting or suspending access to the Services;
Terminating services in severe or repeated cases.

Where permissible and appropriate, the Company may notify the Reporter and the Respondent of the outcome, including a general summary of actions taken.

5.4 Intermediary Role

The Company acts as an intermediary service provider and does not determine, on its own authority, whether any activity constitutes a violation of law.

In handling Abuse Reports, the Company may:

Forward relevant information or complaints to the Respondent for review or response;
Allow the Reporter and the Respondent to attempt to resolve the matter directly.

The Company will generally take further enforcement action only where:

A mutually agreed resolution or settlement is reached and confirmed; or
The Company is required to act pursuant to a valid legal order, court decision, or regulatory directive.

5.5 Limitation of Liability

The Company does not assume liability for the content, data, or actions of its users or customers.

Decisions involving content removal, service suspension, or other enforcement measures will be taken only where there is a clear contractual or legal basis. The Company is not responsible for actions or decisions taken by third parties, including law enforcement or regulatory authorities.

6. Timelines for Processing Reports

Abuse Reports are generally resolved within a maximum of 30 calendar days, except in exceptional circumstances.

More complex cases involving third-party providers, legal authorities, or cross-border considerations may require additional time. Where appropriate, reasonable updates may be provided to the Reporter.

7. Prevention Measures

7.1 Proactive Monitoring

The Company may implement technical and organizational measures designed to detect, prevent, or mitigate abusive activities, including automated monitoring systems and security controls. Additional details may be outlined in the Security Policy.

7.2 Customer Awareness

The Company may provide guidance, notifications, or resources to help customers understand their responsibilities and reduce the risk of abusive or unauthorized use of the Services.

8. Legal and Regulatory Compliance

Abuse handling activities are conducted in accordance with applicable laws and regulations and the Company’s internal policies.

Personal data processed in connection with Abuse Reports is handled in a lawful, proportionate, and secure manner, consistent with applicable data protection and privacy requirements.

9. Revisions and Updates

This Policy may be reviewed and updated periodically to reflect changes in operational practices, legal requirements, or risk management considerations. Material changes may be communicated through appropriate channels.