Dear Mr. Kamenski,
We write in response to the Procedural Notice and Request for
Assistance to Counter the Threat dated 17 April 2026, reference no.
2.1-3/13719-1.
UndressMe AI takes any indication of child sexual abuse material,
sexualized depictions of minors, or other unlawful content involving
minors
extremely seriously. Our service does not permit users to upload,
request, generate, or distribute content involving minors in sexual or
suggestive contexts. Our published terms also prohibit fictional
sexualized depictions of minors and non-consensual intimate imagery, and
our
privacy notice states that the service is not intended for persons
under 18 years of age.
By way of background, our current application design includes
authenticated access to core upload and task-creation functions. The
application
also maintains task-level metadata associated with processing activity,
including user identifiers, task type/provider, source URL, result URL,
and timestamps. In addition, the application maintains
account/session-related records, including session IP address and
user-agent fields where
available, user analytics records including fingerprint and IP-related
fields where available, and payment-order records associated with Gem
purchases. These records may assist with targeted review and lawful
cooperation with competent authorities.
We have also implemented a supplemental technical safeguard for
uploaded source images. In particular, AI reviews recent task source
images using automated face-age estimation and can automatically ban
accounts when an uploaded image appears clearly underage. A resulting ban
reason is recorded on the account, and active sessions are revoked.
This safeguard is intended as a preventative screening measure for
uploaded
reference images and should not be understood as a substitute for
case-specific review or as a conclusive legal age determination.
In response to the specific questions raised in your notice:
1. Whether we have detected attempts to generate images depicting
minors in sexual or suggestive contexts:
We have already banned 325 accounts in connection with child sexual
content-related misuse.
2. What technical measures are implemented in the Program to prevent
such content:
Our current measures include contractual prohibitions in our Terms of
Service, adult-only service positioning, authenticated access to core
generation endpoints, retention of task, account, and session metadata
for review, and a supplemental uploaded-image age-estimation safeguard as
described above.
3. Whether any content moderation or automated detection mechanisms are
used to identify prompts or generated images involving minors:
Based on the codebase we reviewed, we can confirm an automated review
mechanism for uploaded source images.
4. Whether we retain logs, metadata, or other information regarding
generated content that could assist in identifying such misuse:
We are able to preserve and review relevant task metadata, account and
session data, user analytics data, and payment-order records that may
assist with targeted review and lawful cooperation.
5. Whether we have previously reported similar incidents to competent
authorities:
Not yet.
6. Whether the generation of content through the Program requires Gems
or other paid tokens and whether records of such transactions are
retained:
Generation through the web application requires Gems. Our application
maintains payment-order records associated with Gem purchases.
7. Whether the Program stores generated content or corresponding hash
values that could be used for identification:
Our reviewed application schema shows storage of content URLs and
related task metadata. We did not identify a dedicated content-hash field
in
the reviewed application database schema.
Our public service documentation states that uploaded or processed
content is stored temporarily for up to 24 hours, after which it is
intended
to be deleted, and that browser-side copies may persist locally on the
user’s device.
We are conducting an internal review and preserving relevant records.
At present, the notice does not include sample URLs, image hashes, account
identifiers, timestamps, or other technical indicators for the three
reported cases. Without such indicators, our ability to perform a targeted
match is limited. If available, please provide any of the following so
that we can search more precisely: URLs, screenshots, image hashes,
timestamps and time zone, relevant user or account identifiers, or any
other technical indicators linked to the reported material.
Yours sincerely,
admin
On Fri, Apr 17, 2026 at 7:31 AM Politsei- ja Piirivalveamet
wrote:
Please be informed that we are sending you a digitally signed document
"Procedural notice and request for assistance to counter the
threat", which was registered in the document register of the Police
and Border Guard Board on 17.04.2026 under number 2.1-3/13719-1. The
necessary software and technical support for opening the digitally signed
document can be found on the ID-help page.
Police and Border Guard Board
Pärnu mnt 139
15060 Tallinn
Estonia
[email protected]
www.politsei.ee