BUZZKIKI — DEVELOPER SAFETY COMPLIANCE GUIDE

Requirements and standards for all third‑party apps, integrations, and developer tools operating within the Buzzkiki ecosystem.

1. Purpose & Scope

This guide defines the safety, privacy, and compliance obligations for all developers building apps, bots, integrations, or tools using the Buzzkiki API.

It applies to:

• Independent developers

• Businesses and brands

• Creator‑built tools

• Third‑party marketplaces

• Moderation apps

• Analytics platforms

All developers must comply with this guide to maintain API access.

2. Core Safety Principles

Buzzkiki requires all developer apps to follow these principles:

• User‑first safety — protect users from harm, abuse, and exploitation.

• Transparency — users must know what your app does and why.

• Minimal data access — request only what you need.

• Consent‑driven — users must explicitly approve all permissions.

• No hidden behaviour — no scraping, shadow actions, or silent data collection.

• Compliance with UK Online Safety Act — mandatory for all apps.

3. Allowed vs Prohibited App Types

Allowed

• Creator analytics tools

• Marketplace seller tools

• Group management apps

• Moderation bots

• Editing and content tools

• Event/community apps

• Business integrations

Prohibited

• Apps that scrape data

• Apps that impersonate users

• Apps that promote harm or illegal activity

• Apps that bypass Buzzkiki safety systems

• Apps that collect data without consent

• Apps that enable harassment, spam, or manipulation

4. User Consent & Permissions

A. Mandatory Requirements

• All permissions must be granted through Buzzkiki’s OAuth flow.

• Apps must clearly explain what data they access and why.

• Apps must not request unnecessary permissions.

• Apps must provide a way for users to revoke access at any time.

B. Prohibited Practices

• Pre‑ticked consent boxes

• Hidden data collection

• Forced permissions

• Dark patterns

5. Data Access & Storage Rules

A. Data Access

Developers may only access:

• Public profile data

• User‑approved private data

• Marketplace data (with permission)

• Group data (with permission)

• Creator analytics (with permission)

B. Data Storage

If storing user data:

• Encrypt data at rest and in transit

• Store only what is necessary

• Delete data when access is revoked

• Provide a clear data retention policy

C. Prohibited Data Handling

• Selling or sharing user data

• Storing sensitive data (DOB, payment info, private messages)

• Building shadow profiles

• Using data for advertising without consent

6. Content Safety Requirements

Apps must not:

• Generate harmful content

• Promote hate, violence, or harassment

• Enable adult content for under‑18s

• Spread misinformation

• Facilitate bullying or abuse

• Encourage self‑harm or dangerous behaviour

Apps that publish or modify content must:

• Use Buzzkiki’s content classification tools

• Respect age‑gating

• Follow community guidelines

• Provide reporting mechanisms

7. Marketplace Safety Requirements

Apps interacting with the Marketplace must:

• Verify seller identity where required

• Prevent counterfeit or illegal goods

• Detect suspicious listing behaviour

• Support dispute resolution

• Respect payout and refund rules

Apps must not:

• Auto‑generate fake listings

• Manipulate prices or reviews

• Enable fraud or evasion of safety checks

8. Group & Community Safety

Apps managing groups must:

• Enforce group rules

• Support moderation tools

• Prevent spam and raids

• Detect harmful behaviour

• Respect admin permissions

Apps must not:

• Auto‑add users to groups

• Mass‑message users

• Create unmoderated high‑risk spaces

9. Moderation & Reporting Requirements

Apps must:

• Provide a way for users to report harmful behaviour

• Forward all safety reports to Buzzkiki

• Log moderation actions

• Prevent automated abuse

Apps must not:

• Ignore user reports

• Delete evidence of violations

• Override Buzzkiki enforcement

10. Security Requirements

Developers must:

• Secure API keys

• Use HTTPS for all requests

• Implement rate‑limit handling

• Protect against injection attacks

• Use secure authentication flows

Apps must not:

• Expose API keys in client‑side code

• Allow unauthorised access

• Use outdated libraries or insecure endpoints

11. Incident Response Obligations

If an app is involved in a safety or security incident, developers must:

1. Notify Buzzkiki immediately

2. Revoke compromised tokens

3. Provide logs and evidence

4. Cooperate with investigations

5. Patch vulnerabilities promptly

Buzzkiki may:

• Suspend the app

• Revoke API access

• Notify affected users

• Report to regulators

12. Compliance Review & Audits

Buzzkiki may conduct:

• Random audits

• Permission reviews

• Data handling checks

• Security assessments

• Marketplace integrity checks

Non‑compliance may result in:

• API restrictions

• App suspension

• Permanent ban

• Legal escalation

13. Developer Transparency Requirements

Developers must provide:

• A public privacy policy

• A clear description of app functionality

• Contact information for support

• A data deletion request process

14. Termination & Enforcement

Buzzkiki may terminate API access if:

• Safety rules are violated

• Data is misused

• Fraud is detected

• Users are harmed

• Legal obligations are breached

Severe violations may result in:

• Permanent developer ban

• Device bans

• Legal action

15. Continuous Improvement

Buzzkiki will:

• Update safety rules regularly

• Provide developer education

• Publish safety updates

• Improve API safety tooling

• Share best practices

Developers are expected to:

• Stay updated

• Maintain compliance

• Improve safety features

• Respond to new risks