CITIZEN RIGHTS &
PROTOCOL MANDATE

MyCitadel was built on a single, uncompromising belief:

"If you do not pay for a product,
YOU are the product."

Every major social network currently operating generates its revenue by harvesting your behavioral data, building psychographic profiles, and selling access to your attention to the highest bidder. Your photos, your political opinions, your private messages, your relationships, your location history — all of it is aggregated, packaged, and sold. You are not a user. You are inventory.

MyCitadel refuses this model entirely. You pay a modest subscription — or use a free tier with meaningful functionality — and in exchange, we owe you complete transparency and architectural accountability. We do not run ads. We do not sell data. We do not partner with analytics brokers. We do not cooperate with surveillance programs. We build tools that make it cryptographically impossible for us to betray you, because the architecture itself prevents it.

When you register on MyCitadel, you do not become a user account in a corporate database. You become a Citizen — a sovereign node within the Citadel network. These rights are guaranteed to you unconditionally and cannot be waived by us or revoked without just cause under our Conduct Code.

• Right to Pseudonymity You may register using any alias you choose. We do not require your legal name, government ID, phone number, or any personally identifying information. Your Alias is your Citadel identity.
• Right to Cryptographic Sovereignty Your encryption keys are derived from your passphrase on your device. We do not hold, store, or have access to your master key. You own your data layer.
• Right to Data Portability We can not just hand over any data of any specific user. We can manage to search by alias name, however, without their unique identification phrase, decrypting the information is impossible to crack.
• Right to Complete Erasure Deleting your account triggers a full cascade wipe: profile, posts, comments, connections, messages, and media are all permanently destroyed. When a connection is severed between two Citizens, all shared communications are mutually destroyed. No backups are retained after 72 hours.
• Right to Know What We Know At any time, you may request a transparency report detailing exactly what information MyCitadel holds about you in plaintext form. Spoiler: it is minimal by design.
• Right to Appeal If your account is actioned by our moderation system, you have the right to appeal the decision via appeals@mycitadel.lol. Appeals are reviewed by a human administrator within 72 hours. Please ensure you do so PRIOR to account deletion or other abrasive actions.

MyCitadel is a sovereign network, not a free-for-all. The Citadel's strength is its community. The following code governs all Citizen activity across all surfaces — posts, comments, messages, profile content, group activity, and any other interaction vector.

 AUTHORIZED OPERATIONS — WHAT YOU CAN DO

• Express Yourself Freely Share opinions, ideas, creative works, commentary, news, art, and discourse on any topic that does not violate the prohibited vectors below. MyCitadel does not censor political viewpoints, ideological perspectives, or unpopular opinions.
• Build & Manage Connections Send connection requests to any Citizen. Accept or decline freely. Sever connections at any time with full mutual data destruction. Block any Citizen without explanation required.
• Use Encrypted Messaging All direct messages between connected Citizens are end-to-end encrypted using a unique connection key pair. Use this channel freely and privately for personal communications.
• Report Violating Content If you encounter content that violates this Conduct Code, use the in-platform report function. Reports are reviewed by our moderation system and human administrators.
• Use Multiple Alias Accounts Citizens may maintain separate alias identities for different contexts (personal, professional, creative). Each account must independently comply with this Conduct Code.

 PROHIBITED VECTORS — WHAT YOU CANNOT DO

• Hate Speech & Targeted Harassment Content that incites violence, dehumanizes individuals or groups based on protected characteristics (race, ethnicity, religion, gender, sexual orientation, disability, national origin), or constitutes targeted harassment, doxxing, or coordinated abuse campaigns.
• Child Sexual Abuse Material (CSAM) & Child Exploitation Any content that sexualizes minors, facilitates grooming, or endangers children in any capacity. This is an absolute zero-tolerance prohibition. All confirmed instances are reported to NCMEC and relevant law enforcement immediately — this is the one area where our N-NZK model yields to legal obligation without exception.
• Incitement to Violence or Terrorism Content that plans, promotes, glorifies, recruits for, or provides material support to acts of terrorism, mass violence, or organized criminal enterprises targeting individuals or groups.
• Fraud, Scams & Impersonation Impersonating another Citizen or real-world person for deceptive purposes, operating financial scams, phishing campaigns, or cryptocurrency fraud schemes targeting other Citizens.
• Spam & Automated Abuse Operating bots, running automated posting scripts, mass-messaging Citizens without consent, or artificially inflating engagement metrics using non-human methods.
• Infrastructure Attacks Attempting to compromise the Citadel server, exploit vulnerabilities for unauthorized access (rather than responsible disclosure), launch DDoS attacks, or tamper with other Citizens' encrypted data streams. See Article IX for the authorized research path.
• Non-Consensual Intimate Imagery Sharing, distributing, or threatening to distribute intimate imagery of any person without their explicit, documented, ongoing consent.

MyCitadel provides the infrastructure for anonymity — but anonymity is a practice, not just a feature. The following guidance will help you maximize your operational security as a Citizen.

 RECOMMENDED SECURITY PRACTICES

• Use a Strong, Unique Passphrase Your Citadel passphrase is used to derive your encryption keys locally. This means it never leaves your device — but it also means we cannot recover it. Use a passphrase you will remember. A minimum of 20 characters combining random words, numbers, and symbols is strongly recommended. Consider a password manager. If you lose your passphrase, your encrypted data is unrecoverable.
• Enable Two-Factor Authentication (2FA) MyCitadel supports TOTP-based 2FA via any authenticator app (Aegis, Bitwarden Authenticator, etc.). Enabling 2FA earns you a Reputation badge and significantly hardens your account against credential attacks.
• Use a Dedicated Anonymous Email Do not register with your primary personal email address. Consider a privacy-focused email provider (ProtonMail, Tutanota, SimpleLogin) or a purpose-created alias for your Citadel registration.
• Layer Your Network Anonymity MyCitadel does not log IP addresses beyond rate-limiting requirements. However, for maximum network anonymity, consider accessing the Citadel via a trusted VPN or Tor Browser. Be aware that Tor may impact performance on media-heavy pages.
• Audit Your Media Before Uploading Photos taken on modern smartphones embed EXIF metadata — including GPS coordinates, device model, and timestamp. Strip EXIF data before uploading sensitive imagery. Tools like ExifTool (free, open-source) or your phone's built-in privacy settings can do this automatically.
• Be Mindful of Writing Style Fingerprinting Sophisticated adversaries can de-anonymize writers based on unique linguistic patterns, vocabulary choices, and sentence structure. If your threat model requires high-assurance anonymity, be conscious of how you write.
• Log Out on Shared Devices MyCitadel sessions are cryptographically secured, but session tokens stored in a browser on a shared or compromised device remain a physical access risk. Always log out fully when using non-personal devices.

Transparency is foundational. Here is a precise accounting of what MyCitadel stores, why, and how it is protected.

PLAINTEXT — WHAT WE CAN SEE

• Your Alias Name Stored in plaintext to enable Citizens page search, public profiles, and connection requests. Choose your alias carefully — it is the only truly public piece of your identity.
• Generic Profile Dropdown Selections Non-sensitive categorical fields (relationship status, etc.) that you opt in to displaying on your public profile card. These are voluntary and can be left blank.
• Account Creation Timestamp & Last Active (Approximate) Stored for account health and moderation purposes. Last Active is granular to the day, not the hour.
• Email Address (Hashed) Your registration email is stored as a bcrypt hash — we can verify it for password reset flows, but we cannot read it, export it, or use it for marketing purposes.

ENCRYPTED — WHAT WE CANNOT SEE

• [MISSING_TOKEN: terms.post]
• All Direct Messages End-to-end encrypted per connection key pair. Neither MyCitadel nor any third party can intercept message content.
• All Media Uploads Photos, videos, and file attachments are encrypted before upload. Stored in an out-of-web-root directory as encrypted blobs.
• Profile Bio & Extended Personal Details All freeform text fields in your profile are encrypted. Only connected Citizens with the appropriate connection key can read them.
• Comments & Reactions Encrypted at submission alongside the post they reference.