karta
Sign in Join the waitlist
// trust-safety

Trust & Safety Policy.

Last updated: 2026-06-25

This Trust & Safety Policy ("Policy") describes how Karta receives reports, investigates suspected abuse, enforces the Karta Acceptable Use Policy ("AUP"), and allocates responsibility between Karta and Customers. It is incorporated into, and supplements, the Karta Terms of Service and the AUP. Capitalized terms not defined here (including Customer, Authorized User, Agent, Agent Action, Release, Customer Content, End-User Data, Model Provider, and Credits) have the meanings given in the Terms of Service and the AUP; terms defined in this Policy (including "CSAM" and "minor") have the meanings given here. In the event of a conflict between this Policy and the Terms of Service, the Terms of Service control. This Policy is operated by LifeSage LLC, a Washington limited liability company, doing business as "Karta" ("Karta," "we," or "us").

This Policy describes Karta's discretionary practices. Except where applicable law expressly requires otherwise, nothing in this Policy creates a duty, service level, contractual obligation, or third-party-beneficiary right, and Karta's practices may evolve without notice. The prohibited conduct that gives rise to enforcement is defined in the AUP; this Policy does not restate it.

1. Platform Role

Karta hosts and executes Customer Agents. Karta does not exercise editorial control over, and does not pre-screen, Customer Content, and is not the first-line controller of a Customer's relationship with its end users. Customers operate their own Agents and are solely responsible for their Agents, Agent Actions, Authorized Users, end users, Customer Content, notices, consents, moderation, output validation, and product and regulatory compliance, as further set out in the AUP and the Terms of Service. The Karta Services are made available for business and developer use only, to Authorized Users who are 18 or older, and are not directed to or intended for consumers or for personal, family, or child-directed use; nothing in this Policy creates any consumer guarantee or warranty.

For End-User Data processed through a Customer Agent, Customer is the controller and Karta is the processor/service provider, governed by the Data Processing Addendum. Karta has no direct relationship with, and owes no direct duty to, any Customer's end users; this Policy does not make any end user a party to or a third-party beneficiary of any agreement with Karta.

Karta has no obligation to monitor, pre-screen, filter, or review Agents, Customer Content, sessions, or outputs, and does not do so as a general practice. Any review Karta does perform is at its discretion and does not create a duty to perform further review or to detect, prevent, or remove any particular content or conduct.

Any monitoring, screening, filtering, blocking, removal, or other enforcement action Karta voluntarily takes is undertaken as a good-faith effort to restrict objectionable material and does not waive, diminish, or otherwise affect any immunity, safe harbor, or defense available to Karta, including under 47 U.S.C. § 230(c) and any analogous intermediary-liability protection.

2. Reportable Issues

Anyone may report suspected violations of the AUP or applicable law. Reportable issues include:

  • child sexual abuse or exploitation;
  • threats, harassment, doxxing, hate, or non-consensual intimate imagery;
  • scams, phishing, fraud, malware, or credential theft;
  • unauthorized scraping, spam, or platform abuse;
  • privacy or data exfiltration concerns;
  • intellectual-property infringement;
  • Agents causing harmful autonomous actions;
  • illegal content or conduct; and
  • violations of the AUP or Model Provider policies.

This list is illustrative, not exhaustive; the controlling list of prohibited conduct is in the AUP. Karta decides in its sole discretion whether a report describes a violation and what action, if any, to take. Copyright complaints are handled exclusively under the Karta DMCA / Copyright Policy and should be submitted to dmca@karta.sh.

3. Reporting Channels

Abuse and Trust & Safety reports: security@karta.sh

Security vulnerabilities: security@karta.sh

Copyright/DMCA: dmca@karta.sh

Privacy: privacy@karta.sh

Legal: legal@karta.sh

General support: legal@karta.sh

Karta may also make web-based intake forms available and may designate or update reporting channels from time to time.

4. What To Include

Reports should include the relevant Agent URL, hosted-chat link, organization/Customer name if known, screenshots or request IDs where available, a description of the issue, and whether there is imminent risk. Do not send full secrets, credentials, or API keys; provide prefixes or redacted evidence. Karta may decline to act on reports that are incomplete, unverifiable, abusive, automated, submitted in bad faith, or used to harass another person, and Karta has no obligation to respond to, acknowledge, or report back on any individual report. By submitting a report or supporting material, you grant Karta a non-exclusive, royalty-free, worldwide, perpetual, irrevocable, and sublicensable license to retain, store, reproduce, process, and act on the report and supporting material solely for trust-and-safety, security, legal-compliance, and enforcement purposes. You represent that you have the right to submit the material and that doing so does not violate any third-party right or applicable law. Karta owes no duty of confidentiality with respect to a report or its contents except as required by applicable law, and a report does not entitle you to any compensation, acknowledgement, or response.

5. Investigation

Karta may, in its discretion and as it deems appropriate, review account data, operational logs, Agent configuration, session metadata, and, where Karta determines it is necessary and permitted, session or transcript content. Such access is limited to what Karta reasonably needs to investigate a suspected violation, stop or mitigate harm, provide support, comply with law or legal process, satisfy upstream Model Provider obligations, or enforce the AUP, this Policy, or the Terms of Service. Karta accesses End-User Data only as a processor consistent with the Data Processing Addendum and applicable law.

Karta may preserve relevant evidence, including content, logs, and metadata, beyond ordinary retention periods where Karta believes preservation is reasonably necessary for a pending or anticipated investigation, dispute, legal hold, or legal or regulatory request. To the extent such preservation involves End-User Data for which Customer is the controller and Karta is the processor, Karta preserves that data only as permitted by the Data Processing Addendum and applicable law; where Karta preserves controller End-User Data on the basis of a legal obligation, Karta will inform the Customer of that requirement unless legally prohibited from doing so.

To the extent permitted by the Terms of Service and the Data Processing Addendum, Customer will reimburse Karta's reasonable costs (including legal, engineering, and vendor costs) of investigating, preserving, and responding to abuse reports, legal process, or regulatory inquiries arising from violations of the AUP, this Policy, or the Terms of Service by Customer, its Authorized Users, or its end users.

Karta has no obligation to monitor, screen, or review all content or activity and does not promise to detect or prevent every violation. The existence of this Policy does not make Karta liable for content or conduct it did not create. Customer remains responsible for monitoring and moderating its own Agents, Authorized Users, and end users.

6. Enforcement Ladder

Karta may take one or more of the following actions, in any order and in its sole discretion, with or without prior notice:

  1. warn the Customer;
  2. request remediation;
  3. throttle or rate-limit traffic;
  4. block specific outputs, Agent Actions, tools, keys, embeds, or origins;
  5. suspend an end-user access path, session, workspace, Agent, Release, API key, or organization;
  6. suspend or terminate the account in whole or in part;
  7. preserve evidence;
  8. notify or restrict upstream Model Providers; and
  9. report to, and disclose information to, law enforcement, regulators, NCMEC, or other authorities where Karta is required or permitted to do so.

The enforcement actions above are not sequential and are not a contractual escalation guarantee. Karta generally tries to act at the smallest effective scope, but is not obligated to do so and may act immediately, broadly, and at any scope where Karta determines it appropriate. Karta's choice of, or decision not to take, any enforcement action is without prejudice to any other right or remedy and does not waive any breach.

Customer is not entitled to any refund, credit, service-level relief, or other compensation for any suspension, throttling, blocking, termination, or other enforcement action taken under this Policy or the AUP. Except to the extent caused by Karta's gross negligence, willful misconduct, or fraud, and subject in all cases to the limitations, exclusions, and allocations of liability in the Terms of Service, Karta is not liable for any loss arising from such action. This Section does not expand or contract the liability framework of the Terms of Service, which governs.

Following suspension or termination for cause, Karta has no obligation to preserve, maintain, or make available any Customer Content, workspace, Agent, or data, and may delete or render inaccessible such materials in accordance with the Terms of Service and the Data Processing Addendum; Customer is solely responsible for exporting its data within any window provided under the Terms of Service. The treatment, application, expiry, and refundability of Credits remain governed by the Refund & Billing Policy.

7. Emergency Action

Karta may immediately, and without prior notice, disable, suspend, isolate, quarantine, or remove content, Agents, sessions, workspaces, keys, embeds, or accounts for child-safety issues, imminent or actual harm to any person or system, security incidents, active fraud, malware, attacks on platform integrity or tenant isolation, legal or regulatory risk, upstream Model Provider requirements, or ongoing or serious abuse. Karta will endeavor to limit emergency action to what it reasonably believes is necessary and, where practicable and lawful, to notify the affected Customer, but Karta is not required to do so before acting. Emergency action under this Section does not entitle Customer to any refund, credit, or service-level relief, and, except to the extent caused by Karta's gross negligence, willful misconduct, or fraud and subject to the limitations and exclusions of liability in the Terms of Service, is taken without liability to Karta.

8. Child Safety

Karta has zero tolerance for child sexual abuse material ("CSAM"), child exploitation, grooming, sextortion, or sexual content involving minors, including synthetic, fictional, or AI-generated material. For purposes of this Policy, a minor is any individual under 18 years of age, regardless of jurisdiction. The Karta Services are for business and developer use by Authorized Users who are 18 or older and are not intended for personal, family, or child-directed use.

Where Karta obtains actual knowledge of apparent CSAM, Karta will report it to the National Center for Missing & Exploited Children ("NCMEC") via the CyberTipline as required by 18 U.S.C. § 2258A, and will preserve the related report and contents for the period required by 18 U.S.C. § 2258A(h) (currently 90 days, extendable as provided by law). In addition, on confirmed or strongly suspected CSAM or child sexual exploitation, Karta may immediately disable the affected content, sessions, Agents, and accounts, terminate the responsible Customer, preserve relevant evidence beyond the statutory minimum, and report to other authorities, in each case to the extent required or permitted by applicable law. Karta may preserve and disclose related account, content, and metadata to NCMEC and law enforcement consistent with applicable law. Customer must promptly report to Karta any actual or suspected CSAM or child exploitation involving its Agents or end users that comes to its attention. Action under this Section is not subject to the appeal process in Section 10 and, except to the extent caused by Karta's gross negligence, willful misconduct, or fraud and subject to the limitations and exclusions of liability in the Terms of Service, is taken without liability to Karta.

9. Customer Remediation

For non-emergency issues, Karta may notify the Customer and request remediation. Customer must promptly, and in any event within any timeframe Karta reasonably specifies, investigate and remediate issues with its Agents, Authorized Users, end users, tools, integrations, and data flows, and confirm the remediation to Karta. Customer is responsible for taking corrective action across its own end-user base, including terminating offending end users and updating its product controls. Failure to remediate adequately or on time, or repeated or recurring violations, is a material breach of the Terms of Service and may lead to further enforcement up to and including suspension or termination for cause, without further notice. Customer's indemnification obligations under the Terms of Service apply to third-party claims (including claims by end users and actions by regulators) arising from Customer Agents, Agent Actions, Customer Content, or the conduct of Customer's Authorized Users or end users. Remediation by Customer does not waive Karta's other rights or remedies for the underlying violation.

10. Appeals

A Customer that believes an enforcement action was mistaken may appeal by replying to the enforcement notice or contacting legal@karta.sh within 30 days of the action, identifying the affected account and the basis for the appeal. Karta will review timely appeals in good faith, but Karta's determination is final and made in its sole discretion, except where applicable law provides a non-waivable right of review, complaint, or statement of reasons, in which case that right applies notwithstanding this Section. Appeals are available to Customers only and not to end users; an end user's recourse is to the Customer that operates the relevant Agent.

Filing an appeal does not stay, suspend, or reverse any enforcement action, and Karta is not required to restore access while an appeal is pending. Karta is not obligated to provide an appeal where the action was based on child-safety grounds, legal or regulatory requirement, court or government order, upstream Model Provider requirement, fraud or payment abuse, or an imminent threat to security, persons, or platform integrity, or where review is prohibited by law.

11. Legal Requests and Disclosure

Karta may preserve, access, and disclose account data, Customer Content, End-User Data, logs, and metadata where Karta believes in good faith that doing so is reasonably necessary to comply with applicable law, regulation, legal process, or an enforceable governmental or court request; to enforce the AUP, this Policy, or the Terms of Service; to detect, prevent, or address fraud, security, abuse, or technical issues; to protect the rights, property, or safety of Karta, its users, or the public; or as otherwise permitted by law. Where Karta is legally permitted and it is practicable to do so, Karta may, but is not required to, notify the affected Customer of a legal request relating to its account. Where Karta is subject to a court order, statute, or other legal obligation prohibiting disclosure of a legal request (including a non-disclosure or "gag" order), Karta will withhold notice to the extent required by that obligation. Karta may also make a voluntary emergency disclosure of information to law enforcement or other appropriate parties where Karta believes in good faith that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay, including as permitted under 18 U.S.C. § 2702. Disclosures relating to End-User Data are handled consistent with the Data Processing Addendum. Nothing in this Policy limits Karta's ability to respond to lawful demands.

12. Transparency

Karta may, at its discretion, publish transparency reporting in the future covering abuse categories, enforcement volumes, appeals, child-safety reports, and legal requests. Karta has not committed to any reporting, content, format, or cadence, and any such reporting is voluntary except to the extent required by applicable law. Nothing in this Section creates an obligation, commitment, or reliance interest.

13. Changes

Karta may update this Policy from time to time as risks, laws, technology, and upstream Model Provider policies evolve. Material changes will be notified, and take effect, in accordance with the amendment and notice provisions of the Terms of Service, including any opportunity to decline or terminate provided there. The version in effect at the time of the relevant conduct or enforcement action governs. Subject to those provisions, continued use of the Services after a change takes effect constitutes acceptance of the updated Policy.

14. Online Intermediary Obligations

To the extent the EU Digital Services Act, the UK Online Safety Act, or any analogous online-intermediary law applies to a Karta-hosted surface serving end users in the relevant jurisdiction, the notice-and-action, statement-of-reasons, internal complaint-handling, and point-of-contact requirements of that law apply to that surface and prevail over any inconsistent term of this Policy, including the no-obligation-to-respond and sole-discretion-appeal provisions, solely to the extent of the inconsistency and solely for the in-scope surface and end users. Karta's broader discretion under this Policy is otherwise unaffected.

15. Survival

The provisions of this Policy that by their nature should survive termination or expiration of the Terms of Service survive, including the license grant and representations in Section 4, the preservation, cost-reimbursement, and disclosure provisions of Sections 5 and 11, the Customer reporting obligation in Section 8, the remediation and indemnity provisions of Section 9, the liability allocations in Sections 6, 7, and 8, and Sections 15 and 16.

16. Severability and Savings

Each provision of this Policy applies only to the maximum extent permitted by applicable law. If any provision is held invalid, illegal, or unenforceable, that provision will be enforced to the greatest extent permitted and the remaining provisions will continue in full force and effect. This Policy supplements, and does not replace, the limitation-of-liability, indemnification, and other terms of the Terms of Service; in the event of a conflict, the Terms of Service control.