How we handle abusive usage
Guiding principles and process for investigating abuse reports
We build our products* to give teams a better way to work. We are proud of that purpose and trust that our customers use our products for appropriate endeavors.
Sometimes, though, we discover potential abusive usage as detailed in our Use restrictions policy. When that happens, we investigate using the following guiding principles and process.

Guiding Principles

Human oversight

Who’s “we”, you ask? It’s us: folks from the HeavyMelon team. We have an internal committee who review all potential abuse cases. This committee includes our executives, Petros and Ilias, and representatives from multiple departments across the company. On rare occasions for particularly sensitive situations or if legally required, we may also seek counsel from external experts.

Balanced responsibilities

We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process.

Focus on evidence

We base our decisions on the evidence available to us: what we see and hear account users say and do. We document what we observe and ask whether that observable evidence points to a restricted use.


Every case goes through the same general process:
    Decision, sometimes with right to an appeal

How do we discover potential abuse?

From our experience, we learn about potential abuse because:
    Someone alerts us. We give abuse reports our full care and attention. Our Support team also responds to every question or comment that comes in. If we notice anything in those emails that points to a violation, we will look into it.
    We notice an anomaly in our business operations monitoring. We monitor a range of things about our products, like sign-up volume and error rates of web requests. If we see something weird with those numbers, we get to the bottom of it.
    We stumble upon public web content that links an individual or organization to a HeavyMelon product. We aren’t scouring the Internet looking for those links, but if we do come across any, we check them out.
This list is not exhaustive; there are always edge cases. We will update the list if we find regular new avenues.

How do we investigate?

We focus on the evidence:
    Language and imagery used by users on the account
    Evidence of account users’ power and/or ability to act on spoken claims
    Publicly available information about account users
We strive to balance privacy and safety for all those involved:
    We make every effort to complete our investigations without accessing a customer account. For instance, if there are screenshots or public documents available, we review those. We also consider whether it is appropriate to involve the account owner in a given investigation and seek additional evidence from them.
    As we review the evidence, we look for indications of existing negative impact. We also assess the severity of any potential negative impact, regardless of intent. When relevant, we look for and follow available guidelines from expert institutions.
    If we cannot come to a fair assessment from the information available, we may decide to access a customer account without notice. We do not make this decision lightly. Customer privacy is a big deal to us and we only pursue this course of action if the evidence we have already is very concerning, but not definitive.

What happens if someone really broke the rules?

We will terminate an account without advance notice if there is evidence it is being used for a restricted purpose that has, is, or will cause severe harm. If applicable, we will also report the incident to the appropriate authorities.
For other cases, we’ll take a case-by-case approach to clear things up.

Can you appeal a decision?

If we terminate an account without notice, the decision is final.
For other cases, we will consider good faith appeals sent to [email protected] by the account owner within 14 calendar days.
*This process applies to any product created and owned by HeavyMelon, PC. That includes Supportress.
HeavyMelon policies are open source, licensed under CC BY 4.0. Adapted from the Basecamp open-source policies / CC BY 4.0.
This page specifically adapted from policy \— April _13, 2020._
Last modified 7mo ago