The compact shared footer links Terms, Privacy, and the full Compliance checklist for child-safety, AI, audit, accessibility, security, and copyright notices.
Public notice / live development checklist
Compliance & Trust Notice
This page is the public map of the controls Yawn Company is building into Nestheads Homebase. It is not a legal certification or legal advice; it is the live checklist that keeps terms, privacy, child-safety, AI, audit trails, accessibility, security, and copyright obligations visible while the codebase develops.
Paid AI, embeddings, database mutation, GitHub mutation, publishing, external email, and real yawn.ai execution require approval.
Every core yawn change keeps coordinates, lacuna, axis, transformation, proof, risk, changed files, and review state visible.
Public yawn.bot play stays text-first and kid-safe; saved child profiles, uploads, and custom generation stay gated.
Expected data categories
What the audit trail may hold
- Account email, username, role, and auth/session state.
- Yawn content: prompts, axes, lacunas, proof, approvals, feedback, and world coordinates.
- Uploaded references or media metadata when Dave explicitly invokes media intake.
- Local telemetry signals that become owner-gated improvement candidates, not silent public profiling.
- AI traces when used: prompt, model/version, source references, output, selection, rejection, proof, and final action.
Checklist section
Terms and operating boundaries
Yawn Company is currently an owner-operated, approval-gated creative system. Public entry points explain that account creation, paid compute, publishing, external execution, and destructive changes are not automatic.
Checklist section
Privacy notice and data-minimization loop
The system should tell users what is collected at or before collection, why it is used, and how the data supports the yawn proof trail. The live checklist keeps that notice tied to implementation work.
Checklist section
Children's privacy and parent gates
The first yawn.bot experience is child-friendly, but persistent child accounts, saved profiles, personal uploads, or paid custom character generation require parent/adult gating before launch.
Checklist section
AI use, claims, and audit notice
AI may help map lacunas, draft options, generate art, and evaluate proof, but the system must disclose that AI assistance is bounded by human approval, test evidence, and audit records.
Checklist section
Audit trails and proof receipts
The codebase treats compliance as a live proof loop: every important transformation should preserve what changed, why, who approved it, what proof was run, and what remains risky.
Checklist section
Security and access boundaries
Security work is treated as a launch blocker rather than a finishing touch. Secrets, auth, storage, mutations, and destructive actions must stay gated and inspectable.
Checklist section
Accessibility and verification
Nestheads should target WCAG 2.2 AA patterns where practical: semantic controls, visible focus, keyboard paths, readable text, sufficient contrast, and route-level browser proof.
Checklist section
Copyright, uploads, and takedown readiness
Uploads and generated assets must preserve ownership, source, license, and proof metadata. Public user-generated storage needs a DMCA/takedown contact path before broad launch.