Staff Code of Conduct
Professional rules for Vuplore staff.
This public Code defines the professional standard users may expect from Vuplore staff. Internal playbooks, restricted workflows, and role-specific instructions live in protected staff guides and department workspaces.
1. Purpose and standard
This Code defines how staff must handle user trust, official systems, support cases, moderation, privacy, security, documents, staff records, and official communication. It exists to protect users, staff, Vuplore services, and Vuplore's legal, operational, and security posture.
Staff authority is a trust position, not a personal privilege. Every staff member must act professionally, proportionately, honestly, carefully, and within the limits of their role. Staff must be able to explain why they accessed data, took action, delayed action, escalated a case, or declined a request.
2. Who this Code applies to
This Code applies to all staff, applicants after acceptance, trainees, interns, volunteers, contractors, department leads, executive roles, and any person with access to staff systems or privileged information. Department-specific guides may add stricter requirements for a role, queue, tool, or workflow.
Staff remain bound by confidentiality, privacy, security, and evidence-handling obligations after leaving Vuplore where the information was obtained during their role.
3. Core conduct
Staff must not abuse access, threaten users, retaliate, leak information, misuse moderation authority, falsify time records, conceal mistakes, manipulate tickets, bypass controls, use Vuplore systems for personal disputes, or pressure another staff member into an improper action.
Harassment, discrimination, sexual misconduct, corruption, favoritism, credential sharing, deliberate false reports, evidence tampering, doxxing, impersonation, misuse of confidential information, and staff-to-user intimidation are serious violations.
4. Official systems only
Vuplore-related internal information, user records, ban reasons, evidence, account data, reports, appeals, tickets, staff records, security events, platform links, and operational decisions must be handled only through approved Vuplore systems. Staff must not move private cases into Discord DMs, personal messages, unofficial groups, personal accounts, unapproved cloud storage, or third-party systems not approved for that content.
Public statements, announcements, support replies, staff notices, and user-facing case messages must use approved communication workflows. Staff must not create unofficial "side channels" for case decisions, private user data, ban explanations, or staff instructions.
5. Confidentiality and privacy
Staff may access user data only for a legitimate task, assigned role, active case, approved review, operational duty, legal duty, or security reason. Curiosity access is prohibited. Staff must minimize data exposure, avoid unnecessary screenshots, avoid copying raw records into unofficial locations, and redact data before sharing where full detail is not required.
Private account information, emails, IP data, platform identifiers, staff records, personnel documents, moderation records, evidence, security events, legal correspondence, and internal discussions are confidential unless Vuplore has approved disclosure or law requires it.
6. Role boundaries and clearance
Access is based on role, department, need-to-know, active authorization, and audit requirements. Staff must not use a role, legacy permission, old session, direct URL, cached access, or another person's device to reach tools they are not assigned to use.
Department Leads are responsible for keeping role assignments accurate. Staff who notice excessive access, missing access, stale roles, or unsafe permission overlap must report it instead of exploiting it.
7. Tickets and cases
Tickets must be handled in the correct department queue. Staff claim work they are responsible for, document decisions, provide clear reasons, communicate respectfully, and reassign cases when another department owns the issue. High-risk, privacy-sensitive, legal, child-safety, personnel, and security cases require stronger notes and stricter evidence handling.
Staff must not close tickets to hide work, manipulate queues, delay disliked cases, provide knowingly incomplete answers, or promise outcomes that Vuplore has not approved. If a ticket needs a policy change, tool fix, legal review, or executive decision, it must be escalated instead of improvised.
8. Moderation and safety
Moderation must be consistent, proportionate, and documented. Staff consider context, user history, platform rules, evidence quality, intent, severity, repeat behavior, linked identities, evasion signals, and safety risk. Staff must separate personal feelings from enforcement decisions.
Child-safety, credible threat, evasion, fraud, illegal content, platform abuse, staff misconduct, and security cases must be escalated through the appropriate protected channels. Staff must not redistribute suspected illegal content or expose it to people who do not need to review it.
9. Protected communications and TE2EE
Staff must respect encryption boundaries. Direct messages protected by true end-to-end encryption must not be accessed, recovered, reconstructed, exported, or scanned by staff or AI systems. If a participant reports protected content, staff may review only what the participant lawfully provides as evidence.
Public channels and standard uploads may be scanned or reviewed where permitted by policy and law. Staff must not misrepresent encryption status to users or imply that Vuplore can read protected message bodies when it cannot.
10. Security conduct
Staff must use strong passwords, required 2FA, approved devices, secure networks where required, and separate privileged sessions where required. Staff must never share tokens, cookies, private keys, service secrets, API keys, backup codes, authenticator seeds, restricted page access, or screenshots of sensitive systems without approval.
Suspicious logins, leaked credentials, lost devices, unexpected access, phishing, malware, unexplained session behavior, or possible data exposure must be reported immediately. Staff must not "test" security controls outside approved testing scopes.
11. AI and automation
AI assistance may support review, summaries, response drafting, moderation triage, technical analysis, translation, and quality checks where permitted. Staff remain responsible for decisions. AI output must not be treated as final authority, and staff must verify facts before acting on AI-generated conclusions.
Staff must not enter secrets, private keys, passwords, protected DM bodies, unnecessary personal data, or classified internal material into an unapproved AI system. AI tools must not be used to bypass permissions, expose restricted records, or weaken policy boundaries.
12. Records and audits
Privileged actions must be auditable. Records may capture actor, target, reason, area, timestamp, outcome, route, field viewed, ticket, case, document, and approval state. Staff must not delete, alter, hide, or falsify audit records except through approved retention, correction, or legal procedures.
When a staff action affects a user, staff member, record, access restriction, document, or platform integration, the action should be traceable to a legitimate task or case reason.
13. Document control
Contracts, applications, warnings, promotions, training documents, policy notices, personnel letters, termination records, and staff acknowledgements must be issued through the Document Hub, mailbox, or approved staff systems. Local copies, screenshots, informal edits, and unsanctioned templates are not official records.
Documents requiring signature must use the approved signature and archive flow. Staff must not backdate documents, reuse signatures, alter signed PDFs, or issue personnel documents without the correct department authority.
14. Time records and work status
Staff must record time truthfully where a time account is required. Corrections must include a reason and approval trail. Paid work, training, internships, volunteer work, contractor work, and internal training positions require the correct document type before payment entitlement, role entitlement, or privileged access is activated.
Staff must not clock time for work not performed, pressure another person to alter time records, or use manual corrections to hide inactivity, errors, or unauthorized work.
15. Minors and guardian consent
Under-18 staff access is exceptional and requires the correct eligibility review, guardian acknowledgement where required, and role limitations. Staff under 18 must not be assigned workflows that are legally restricted, unsuitable, or classified beyond their approved clearance.
Department Leads must consider age, maturity, legal restrictions, content exposure, working-time expectations, and training status before assigning sensitive work to an under-18 staff member.
16. Conflicts of interest
Staff must disclose personal involvement, friendships, disputes, financial interest, competitive interest, platform rivalry, outside pressure, or prior involvement before handling a case. A conflicted staff member must not decide, resolve, or privately influence the outcome unless an authorized reviewer documents an exception.
Gifts, favors, paid boosts, off-platform benefits, threats, or promises must never influence moderation, support, hiring, promotion, vendor selection, or access decisions.
17. Department ownership
Every department owns its workflows, documents, training material, queue quality, and operational standards. Department Leads keep responsibilities clear, maintain useful guides, review tool gaps, and escalate legal, privacy, personnel, security, or product issues to the owning department.
Staff must not treat department tools as personal sandboxes. Tool changes, automation changes, AI behavior changes, and policy changes require the approved request, review, and deployment path.
18. Training and acknowledgement
Staff must read and acknowledge all required guides for their department, rank, and capabilities. Acknowledgement records are part of the staff file. New guide versions may block affected actions until the staff member acknowledges the update.
Staff must ask for clarification when a policy, tool, or case instruction is unclear. Guessing is not acceptable where user privacy, safety, legal rights, staff records, or enforcement outcomes are affected.
19. Public representation
Staff must not present personal opinions as official Vuplore positions. Staff may not announce policy changes, enforcement priorities, partnerships, incidents, hiring decisions, or internal disputes unless authorized. Staff must avoid public arguments that damage user trust or expose internal information.
20. Reporting misconduct
Staff must report security incidents, privacy breaches, staff misconduct, corruption, evidence tampering, abuse of authority, unsafe workflows, and suspected illegal activity through the correct department system. Retaliation against a person who reports in good faith is prohibited.
Reports should include the facts known to the reporter, relevant records, timestamps, and why the issue creates risk. Staff must not investigate beyond their role if doing so would expose data unnecessarily or interfere with an official investigation.
21. Offboarding and violations
When staff leave, lose a role, change department, or become inactive, privileged access must be reviewed and removed promptly where no longer needed. Devices, credentials, documents, and pending cases must be returned, transferred, or closed through the approved process.
Breaches may lead to coaching, warning, training reset, temporary restriction, reassignment, demotion, role removal, account restrictions, platform bans, evidence retention, civil claims, or legal escalation depending on severity, intent, harm, and recurrence.
22. Relationship to internal guides
This public Code sets the common standard. Internal staff guides explain exact procedures, tool steps, department-specific rules, escalation paths, evidence handling, and restricted details. If a protected guide sets a stricter standard, staff must follow the stricter standard.
Department-specific procedures live in protected staff guides and department systems. This Code sets the common standard that applies to every staff member and explains the level of professionalism users may expect from Vuplore staff.