hello.iohello.iovault

18 U.S.C. § 2257 Compliance Statement

Effective June 9, 2026

Last updated: June 9, 2026.

This statement explains how Hello.Vault (operated by Deep Creator Inc., DBA Hello.io, Texas, USA) and the creators who sell through it comply with the federal record-keeping requirements of 18 U.S.C. § 2257, 18 U.S.C. § 2257A, and 28 C.F.R. Part 75 for sexually explicit content.

1. Platform statement

Deep Creator Inc. is not the “producer” (as that term is defined in 18 U.S.C. § 2257 and 28 C.F.R. § 75.1) of any content uploaded by users of Hello.Vault. Deep Creator Inc.'s activities with respect to user content are limited to transmission, storage, retrieval, hosting, formatting, and payment processing, and it therefore falls within the exemptions of 18 U.S.C. § 2257(h)(2)(B)(v) and 28 C.F.R. § 75.1(c)(4). All content on Hello.Vault is uploaded by independent third-party creators.

2. Creators are primary producers

Every creator who uploads sexually explicit content to Hello.Vault is the primary producer of that content under 28 C.F.R. § 75.1(c). The legal obligation to create and maintain age-verification records rests with the creator, not with Hello.Vault. This obligation cannot be delegated to the platform.

3. Records every creator must keep

As a primary producer, each creator must maintain, for every performer appearing in sexually explicit content:

  • A legible copy of a government-issued photo identification document showing the performer's legal name and date of birth (for example, a passport or driver's license).
  • Every name the performer has ever used, including maiden names, aliases, stage names, and professional names.
  • A signed release confirming the performer's consent to be recorded and to the commercial distribution of the content.
  • The date of production of each depiction, and records organized and cross-referenced as required by 28 C.F.R. § 75.2.

Records must be kept for as long as the regulations require — at least seven years after the records are last amended, and at least five years after the producer ceases business — and must be available for inspection as provided in 28 C.F.R. § 75.5.

4. Custodian of records

Each creator, as primary producer, is the custodian of records for their own content (or must designate a custodian) and must maintain those records at their own place of business. Hello.Vault does not hold creators' § 2257 records. Inquiries regarding the records for any specific content on Hello.Vault should be directed to legal@itshello.io, and we will route the request to the responsible creator's designated custodian of records.

5. Age verification required before upload

Before any sexually explicit content may be sold on Hello.Vault:

  • The uploading creator must be at least 18 years old and must complete identity verification (KYC) through Stripe Connect.
  • The creator must verify, with government-issued photo ID, that every individual depicted was at least 18 years old on the date of production.
  • The creator must obtain written consent from every individual depicted for both recording and commercial distribution.

6. Mandatory attestation

When uploading content marked 18+, creators are required to attest that: (a) they are the primary producer of the content; (b) every person depicted was at least 18 at the time of production; (c) complete § 2257 records exist for the content and are held by the creator or their designated custodian; and (d) the records will be produced to Deep Creator Inc. or to authorized inspectors on request. False attestations result in immediate content removal and permanent account termination.

7. Platform verification and audits

Deep Creator Inc. may at any reasonable time require a creator to produce evidence of § 2257 compliance, including performer IDs and releases, for any content sold through the platform. Failure to produce records promptly results in removal of the affected content, suspension of selling privileges, and — for repeated or willful failures — account termination. We also run automated and human review to flag content that appears to violate age requirements.

8. Zero tolerance for CSAM

Hello.Vault has zero tolerance for child sexual abuse material. We scan uploads against known-CSAM hash databases and use additional automated detection. Any apparent CSAM is removed immediately, preserved as legally required, and reported to the National Center for Missing & Exploited Children (NCMEC) under 18 U.S.C. § 2258A, and the account is permanently terminated. We cooperate fully with law enforcement.

9. Payment-card compliance

Hello.Vault uses Stripe for all card processing. We do not store full card numbers, CVVs, or magnetic-stripe data on our servers; our use of Stripe falls under PCI DSS SAQ A. We also comply with the card networks' rules for adult-content merchants, including content-review and complaint-handling requirements.

10. Data protection

  • Encryption at rest: AES-256 (Vercel Blob)
  • Encryption in transit: TLS 1.3
  • Password storage: PBKDF2-SHA256, per-account salt
  • API key storage: SHA-256 hashed, never stored in plaintext

11. Inspection requests and reporting

Compliance inquiries and records-inspection requests under 18 U.S.C. § 2257: legal@itshello.io. Security disclosures: security@itshello.io. Abuse and illegal content reports: abuse@itshello.io — or use our Content Removal process.

12. Updates

We update this statement when the law or our procedures change. The date at the top reflects the most recent revision. Deep Creator Inc., Texas, USA.