AI Content Policy

About this policy

This policy describes how artificial intelligence is used within CCP, the infrastructure and providers involved, the moderation controls applied to AI features, and the data handling practices that govern user interactions with AI components.

It is provided in compliance with applicable EU regulations (in particular Regulation (EU) 2024/1689, the AI Act, including Article 50 obligations on disclosure of AI-generated content; and Regulation (EU) 2016/679, the GDPR), United States payment processor compliance requirements, and the operational requirements set out in CC Labs Srls' Privacy Policy and Terms of Service.

This policy supplements rather than replaces the Privacy Policy and Terms of Service, which are the authoritative legal documents for personal data processing and user obligations.

Summary

• CCP is a local-first desktop application. The majority of AI processing occurs on the user's own device.
• AI features in CCP produce text-only output. No image, video, or audio generation is performed by CC Labs Srls. No face swap, voice cloning, or synthetic-media generation pipelines exist in the application.
• The cloud AI path uses a CC Labs Srls proxy server that forwards requests to a third-party AI infrastructure provider. The proxy server is stateless: no AI conversation content is retained on CC Labs Srls infrastructure.
• The local AI path uses models installed and run on the user's own device. CC Labs Srls does not host inference, does not transmit local AI conversations to its servers, and does not receive local AI input or output.
• All AI-generated text shown to users is visually labeled within the application.
• A layered moderation system applies to both cloud and local AI paths, with key controls operating independently of user-editable prompts.
• User content submitted through CCP is not used to train AI models, neither CC Labs Srls' own systems nor those of third-party providers.

AI features in CCP

CCP includes the following features that involve artificial intelligence:

AI Companion (text chat). A conversational text interface where the user types a message and receives a text reply, shown as a speech bubble next to the on-screen companion character. The companion uses one of several pre-defined personality presets or a user-customized personality. The companion is text-only: it does not generate images, audio, video, or synthesized voice.

Personality Quiz. A text-based interactive quiz that asks the user a series of questions and assigns an archetype profile based on the user's responses. The quiz is text-only and produces text output.

Awareness reactions. An optional feature that allows the AI companion to react to keywords detected through local screen text recognition (OCR) or keyboard input. The reaction is a text speech bubble. The detection happens locally on the user's device using the operating system's built-in OCR engine; no screen content is transmitted to CC Labs Srls or to third-party AI providers. Only the matched keyword text is included in the reaction prompt sent for processing.

Eye tracking (gaze-based interaction). An optional feature that uses the user's webcam to detect approximate gaze direction, blink events, and basic facial gestures (mouth open) for interactive purposes. This feature uses small computer vision models (BlazeFace, FaceMesh, MediaPipe Iris) running entirely on the user's device. No webcam frames, images, biometric templates, or per-frame data are transmitted to CC Labs Srls or any third party. Only calibration coefficients (numerical regression values) are persisted locally on the user's device. The eye tracking system does not perform facial recognition or biometric identification.

What CCP's AI does not do

The following are explicitly outside CCP's AI capabilities:

• No image generation. No text-to-image, image-to-image, or generative image pipelines exist in CCP.
• No video generation. No video synthesis, lip sync, or visual avatar animation generation.
• No audio generation. No voice synthesis, voice cloning, music generation, or text-to-speech of AI-generated content.
• No deepfake capability. CCP cannot produce deepfakes by architectural design. There is no image generation pipeline, no face swap, no voice synthesis, and no model capable of producing synthetic depictions of identifiable persons.
• No real-person likeness data. CCP does not collect, store, or process likeness data of real persons. The webcam pipeline produces gaze coordinates only.
• No content distribution from CC Labs Srls servers. CC Labs Srls does not host or distribute AI-generated content as files or media to be downloaded or streamed. AI-generated content exists only as transient text shown in the application interface.

AI infrastructure and providers

Cloud AI path. When a user uses cloud-based AI features, the request is sent from CCP to a CC Labs Srls proxy server hosted on Vercel infrastructure. The proxy forwards the request to a third-party AI infrastructure provider that routes the prompt to a language model and returns the response. The provider is based in the United States.

The proxy server is stateless: AI conversation content (prompts and responses) is not stored on CC Labs Srls servers. The proxy retains only metadata necessary for rate limiting and abuse prevention (authentication token, request count, timestamp), in accordance with the Privacy Policy.

The third-party AI infrastructure provider is configured to opt out of using request data for model training. CC Labs Srls applies this enforcement at two layers. At the account level, CC Labs Srls' account with the provider is configured to disable use of request and response data for model training and logging. At the per-request level, every outbound request from the CC Labs Srls proxy server to the provider includes explicit privacy directives that override permissive defaults at the routing layer. The combined enforcement applies to all model-routing paths used by CCP.

Local AI path. When a user opts to use local AI, they install Ollama (an open-source local inference runtime) on their own device and select a language model. CCP communicates with the local Ollama instance over localhost. CC Labs Srls does not host inference for local AI, does not receive prompts or responses from local AI interactions, and does not see or store local AI conversation content.

Users who configure local AI with uncensored or safety-stripped model variants are subject to CC Labs Srls' local moderation enforcement regardless of the chosen model. A user-facing warning at activation for such models is in active development.

Eye tracking models. The ONNX models used for eye tracking (face detection, face landmarks, iris landmarks) are bundled with CCP and run on the local CPU. They are derived from publicly available MediaPipe research models. No network calls are made during eye tracking runtime.

OCR. Screen text recognition uses the Windows built-in OCR engine (Windows.Media.Ocr) on the user's device. No image or screen content is transmitted off the device.

AI-generated content labeling

In compliance with Article 50(2) of Regulation (EU) 2024/1689 (AI Act), AI-generated content shown in CCP is labeled within the application user interface. Specifically:

• All speech bubbles displayed by the AI Companion when the content is AI-generated include a visible "AI" badge in the upper-left corner of the bubble. Speech bubbles populated from pre-defined responses (not AI-generated) do not display this badge.
• The Personality Quiz includes a visible "AI-generated" disclaimer on every question screen and on the result screen.
• The Live Actions feed in the Companion settings panel (which shows AI-triggered effect commands) is labeled as AI-driven activity.
• On first launch and at activation of AI features, users are presented with a disclaimer confirming that interactions are generated by an automated system and do not constitute human interactions, professional advice, or verified content.

Moderation controls

CC Labs Srls applies a layered set of moderation controls to AI features in CCP. The architecture is designed so that key enforcement layers operate independently of user-editable prompt content.

Implemented today:

• AI content labeling as described in the preceding section. AI-generated outputs are visually distinguishable from pre-defined content.
• Age and acknowledgement gates. Personality presets that produce sexually explicit AI-generated dialogue are gated behind an acknowledgement dialog requiring confirmation of adult age and acceptance of the Prohibited Content Policy. Custom prompt editors display a content-policy notice on every save surface.
• Conservative defaults. AI-driven effects, video playback, audio playback, and haptic actions are disabled by default and require explicit user opt-in. AI cloud requests are subject to per-token caps and daily rate limits.
• Manual pre-publication review. All Deeper enhancement submissions distributed through the cclabs-web marketplace are reviewed by CC Labs Srls before publication. Submissions failing review are not published.
• Submission validation. Deeper enhancement file validation rejects bidirectional control characters, oversized text fields, paths outside the user's assets directory, and other patterns associated with content injection or evasion.
• Stateless proxy infrastructure. AI cloud requests are forwarded by a stateless proxy server that does not retain AI conversation content. Local AI runs entirely on the user's device.
• Provider-level moderation. The third-party AI infrastructure provider used for the cloud AI path applies its own model-level content moderation in addition to CC Labs Srls' own controls.
• System prompt deflection. The pre-defined personality presets included with CCP incorporate refusal and deflection instructions for content categories outside the user's stated experience scope.

Implemented in the current release cycle:

• In-process content filtering. Input and output content filtering executes around every AI call (cloud and local) in the application code, immediately before transmission and immediately after response. A hardcoded categorized blocklist covers the prohibited content categories described in the Prohibited Content Policy. Detected matches result in the request being blocked or the response being discarded before display. This layer operates at the HTTP boundary and cannot be bypassed through prompt customization. Content normalization includes handling of l33t-speak substitution, Unicode fullwidth and zero-width characters, and equivalents across the application's eight non-English locales.
• Non-editable safety floor. A safety instruction block defined in CCP's compiled code is applied at runtime to every assembled system prompt. The block is structured as a preamble enumerating prohibited categories (prepended before user-customized content) and a floor instructing the model to refuse those categories regardless of preceding instructions (appended after user-customized content). Neither portion is stored in user-editable settings or exposed through the prompt customization interface. The floor applies to both cloud and local AI paths.
• Edit-time prompt validation. Custom personality prompts, custom awareness trigger templates, and custom quiz category templates are scanned at save time for known bypass patterns (instructions to ignore previous rules, requests for verbatim system prompt disclosure, known jailbreak markers) and for prohibited category indicators. Detected matches generate a non-blocking warning to the user and are logged for compliance review. Validation also applies to community-shared prompt activation.

In active development:

• Uncensored model detection. Local AI activation will probe model metadata for safety-stripped variants and present a user-facing warning at activation indicating that the local model lacks safety training and that CCP's local moderation controls apply regardless of the chosen model.
• Server-augmented blocklist. The hardcoded blocklist will be augmented at runtime with server-side updates to enable rapid response to emerging evasion patterns, while preserving the hardcoded baseline as a fallback.

Logging. Detected attempts to generate prohibited content are logged as metadata only: timestamp, category, and feature surface. The content of the attempted prompt or output is not stored. Logs are retained for the period necessary to respond to compliance requests from payment processors and regulatory authorities, and are deleted in accordance with the Privacy Policy.

User consent and age verification

CCP is intended exclusively for adult users aged 18 or older.

First-launch age gate. Before any access to CCP features, users are presented with a dedicated age verification screen requiring separate (not cumulative) acknowledgements: (a) declaration of adult age; (b) acceptance of the Terms and Conditions; (c) acceptance of the Privacy Policy; (d) acknowledgement of the automated and probabilistic nature of AI interactions.

Explicit content acknowledgement gate. Personality presets that produce sexually explicit AI-generated dialogue are gated behind a separate acknowledgement dialog requiring confirmation of adult age and acknowledgement of the Prohibited Content Policy.

Prompt editor acknowledgement. Custom personality prompts, custom awareness trigger templates, and custom quiz category templates each present a content-policy notice before saving, requiring acknowledgement that the Prohibited Content Policy applies to all custom prompts.

Cloud feature consent. Use of cloud AI features requires authentication through a CC Labs Srls cloud identity or a linked Patreon account. Age and identity verification are inherited from the payment processor or the cloud account onboarding flow.

For details on age assurance methodology, refer to the Privacy Policy (section on Minors) and to the Terms and Conditions.

Data handling for AI

For data handling generally, refer to the Privacy Policy. Specific to AI features:

• Cloud AI prompts and responses are processed in real time and are not stored on CC Labs Srls infrastructure.
• Local AI prompts and responses are processed entirely on the user's device. Local chat history is persisted locally in the user's application data directory, subject to a retention cap and a user-accessible reset function. CC Labs Srls does not access this data.
• User-created content (custom prompts, custom triggers, custom quiz categories) is stored in the user's local settings file and synchronized to CC Labs Srls cloud only if the user has enabled cloud synchronization features. It is not used for AI training.
• Webcam frames are processed entirely in-device memory and discarded after each frame. They are not written to disk, not transmitted, and not associated with the user's identity.
• Calibration data is persisted locally as numerical regression coefficients only. No images, no biometric templates.
• Moderation event metadata (timestamp, category, surface) is logged as described above. No content is stored in moderation logs.

Detection and response procedures

When a detection event fires, CC Labs Srls' response is graduated by severity:

Routine detection. A user prompt or AI response matches a prohibited category blocklist. The request is blocked or the response is suppressed. A refusal notice is shown to the user. A metadata-only log entry is recorded. No external action is taken at this level.

Repeated detection. Multiple detections from the same user account within a short period trigger account-level action: temporary suspension of cloud AI access, escalating to account termination on continued violations.

Severe detection (CSAM or near-CSAM patterns). Detection patterns indicating attempts to generate content depicting minors trigger immediate account termination, coordinated termination across CC Labs Srls services (Discord, cclabs-web), and reporting to the National Center for Missing and Exploited Children (NCMEC) in the United States and to Stop-IT (the INHOPE network member for Italy, operated by Telefono Azzurro). Reports include the metadata of the detection event.

Law enforcement cooperation. CC Labs Srls cooperates with valid legal process from competent authorities. Procedures for handling such requests are described in the Privacy Policy and Terms of Service.

Reporting AI-related concerns

To report a concern about AI-generated content, suspected misuse of CCP's AI features by another user, or a defect in moderation controls, contact support@cclabs.app. Response timing follows the SLA described in the Prohibited Content Policy: acknowledgement within 48 business hours, resolution or substantive update within 10 business days.

For copyright concerns specifically related to AI training data or AI-generated outputs, contact legal@cclabs.app and refer to the Copyright Policy.

Related policies and documents

• Terms of Service: https://cclabs.app/terms-of-service.html
• Privacy Policy: https://cclabs.app/privacy-policy.html
• Prohibited Content Policy: cclabs.app/policies/prohibited-content
• Copyright Policy: cclabs.app/policies/copyright
• Complaints Policy: cclabs.app/policies/complaints
• Content Removal Policy: cclabs.app/policies/content-removal

Updates to this policy

CC Labs Srls may update this policy from time to time, in particular as AI features, infrastructure providers, or moderation controls evolve. Material changes will be communicated through the application and on cclabs.app. The current version and effective date are shown at the top of this page.