ShortFlix — Compliance Audit (the-privacy-hawk)

ShortFlix · compliance audit

audit ID · SF-AUD-001
auditor · trend-safety-agent (Gemini + Vertex grounding)
scope · GDPR · Korea PIPA · IG/TT ToS · DSA · COPPA
date · 2026-05-06

A−

PRE-SUBMISSION SCORE

9/11 controls passing · 2 with mitigations

control	status	evidence path
RapidAPI ToS — official endpoint only	PASS	/docs/SUBMISSION.md §rapidapi
No direct IG/TT scraping	PASS	CI grep guard · network-policy egress allowlist
EU GDPR · DPIA recorded	PASS	/compliance/dpia.md
Korea PIPA · purpose limitation	PASS	privacy_policy.ko.md
Anonymous device-id (no PII)	PASS	db.users.user_id = sha256(device_id+salt)
Gemini API · no logging of user prompts	PASS	vertex.config.disable_logging = true
Demo video — face/voice consent (creators)	REVIEW	use only public-permitted thumbnails for cover
Children's content (COPPA-13+)	MITIGATE	trend-safety filters age-restricted source flags
Right-to-erasure endpoint	PASS	DELETE /v1/me · purges curator cache row
EU DSA · transparency on AI rec	PASS	"why this card" panel · per-card SHAP excerpt
Open-source license · ASL/MIT	PASS	LICENSE · MIT

Data Flow · what crosses which boundary

Browser (PWA)

device_id (anon, sha256)

watch_dwell_local (≤60s buffer)

⛔ no email · no auth

Cloud Run (ADK)

orchestrator request envelope

taste_vector (768-dim, 7d TTL)

no raw transcripts stored

Vertex / Gemini

API call (no log retention)

grounding · cross-cultural corpus only

no fine-tune on user data

RapidAPI (3rd-party)

platform query terms

disclosed in SUBMISSION.md

video metadata only · no upload

Trend-Safety Agent · ToS Watch (live, last 60 min)

[BLOCK] mcp/rapidapi-ig query "creator_dm:*" — IG ToS §C.4 prohibits programmatic DM access. Dropped at MCP boundary, never reached Gemini.

[FLAG] tt video #88412 — labeled "duet of minor". Trend-safety filtered before curator scoring (COPPA-13+).

[OK] 412 candidates ingested · 312 passed safety + ToS · 100 dropped (24%).

[GROUND] vertex/search corpus disagrees with model claim "viral in Korea" — drop hallucination, do not show user.

Privacy-by-Design Principles · enforced in code

Minimization — taste vector is 768 floats, never raw watch history. Reset on Pro-tier opt-out.
No-PII default — anonymous device-id; OAuth deferred until Pro tier. Demo runs without login.
Region-pinned — Cloud Run asia-NE3 + EU mirror; data does not leave user region per PIPA.
Right-to-erasure — single endpoint; cascades to Cloud SQL, Vertex grounding cache, edge CDN.
Algorithmic transparency — every card exposes "why" (DSA Art. 27 ready).
3rd-party isolation — RapidAPI calls go through MCP gateway with allowlist; no broad scope.

JUDGING TIE-IN — Track 1 rule §4.f "IP/ToS compliance" + Business Case 30%
A multi-agent system that treats compliance as a first-class agent (trend-safety) — not a side-check — is what differentiates a serious submission from a hackathon toy.
Single-agent baseline cannot enforce ToS, safety, and grounding atomically. Multi-agent does. ✓