[cherryteastain]

> If proper GDPR compliance can’t be guaranteed by launch, I’ll restrict access from EU/UK regions until it’s fully ready.

This is not enough. A US IP adding an EU/UK resident is also against GDPR if the added person's PII is involved. I am unsure how you can conclusively check if an added person is a UK/EU resident without committing an even worse GDPR violation, but just IP geoblocking EU/UK regions is not a solution here.

[Georgii007]

You're right: just geo-blocking by IP is not enough to reliably protect you under GDPR, especially if any user uploads potentially identifiable information about an EU/UK resident, even from outside those regions. It doesn't solve the problem. I recognize that such a system requires a much more precise mechanism for identifying and filtering data, as well as a process for handling deletion requests and protecting against re-additions.

Right now, the project is in its early stages, and these discussions help us understand exactly where the boundaries of what is acceptable and how to build in legal and ethical compliance from the start.

Here's what I plan to put in place: Strict content moderation and technical filters to exclude PII (personally identifiable information).

The right to remove and revoke, with as simple a process as possible, including the ability to auto-alert when you try to post again.

A separate legal page explaining restrictions, moderation principles and responsibilities.

As we develop, consultation with GDPR and digital rights experts before launching anything in the EU/UK.