Open, transparent and responsible by design.

Acceptable Use Policy

Clear rules for safe, lawful and constructive use of the OpenThoughts platform

OpenThoughts

Version 1.0

OpenThoughts Acceptable Use Policy

Document owner: OpenThoughts Founder / Platform Owner Applies to: members, prospective members, visitors, contributors, moderators, suppliers, advertisers and anyone using OpenThoughts Recommended status: standalone public policy, incorporated by reference into the Terms of Use, membership rules, upload rules and supplier/advertiser terms Review cycle: at least annually, and sooner after significant incidents, legal changes or platform changes Important note: this document is a practical governance policy and website wording draft. It is not legal advice.

1. Recommended decision

OpenThoughts should adopt a standalone public Acceptable Use Policy as a launch-critical control. The rules should not be hidden only inside the Terms. They should be visible at sign-up, on forum pages, on upload pages, in supplier and advertiser areas, in the footer and beside the Report this function.

This is the best solution for the site’s ambition because OpenThoughts is built on trust, shared resources, professional conversation and open-source thinking for the social housing sector. That model only works if members know what is welcome, what is not allowed, and what OpenThoughts can do when the platform is misused.

The policy should be strong but still sound like OpenThoughts:

open, generous and practical;

clear about resident and member safety;

firm on privacy, copyright, confidentiality and commercial misuse;

fair in how moderation and account actions are handled;

easy to point to when removing content, restricting accounts or responding to reports.

2. Plain-English policy position

OpenThoughts is built for constructive sharing, learning and collaboration. Use it generously, lawfully and respectfully.

Do not use OpenThoughts to scrape data, spam people, harass others, upload unlawful or confidential material, share resident-identifiable information, harvest supplier leads, impersonate someone else, upload malware, advertise without permission, misuse logos or commercially exploit resources shared by the community.

OpenThoughts may remove content, restrict features, reject uploads, suspend accounts, end membership, refuse advertising, terminate supplier access or take other reasonable action where these rules are breached.

3. Scope

This policy applies to all use of OpenThoughts, including:

public pages, member areas, forums, groups, comments, replies and direct engagement features;

resource uploads, templates, guides, images, presentations, documents, AI-assisted content and adapted materials;

supplier directories, supplier profiles, advertising pages, sponsored content and commercial listings;

contact forms, membership forms, event forms, newsletter forms and enquiry routes;

the Report this function and any complaint, appeal, takedown or moderation process;

use by members, prospective members, guests, suppliers, advertisers, moderators, administrators and platform partners.

4. Core acceptable use principles

5. Prohibited uses

The following uses are not allowed. This list is not exhaustive. OpenThoughts may act where behaviour undermines the purpose, safety, legality or reputation of the platform.

6. Resource upload rules

Because the resource library is central to OpenThoughts, upload rules should be strict, clear and enforced consistently.

Members, suppliers and contributors must not upload resources unless they can confirm that the content is lawful, safe, shareable and suitable for the platform.

Upload rules:

only upload resources you created, own, are authorised to share, or can lawfully licence for reuse under the relevant OpenThoughts terms;

do not upload documents containing personal data, resident data, live case details, confidential employer information or commercially sensitive information;

remove hidden metadata where appropriate, including author names, tracked comments, internal file paths and embedded personal information;

do not upload executable files, macros, scripts, password-protected files, infected files or files designed to evade scanning;

do not upload branded or adapted documents unless you have the right to share them and the branding does not mislead others about endorsement or approval;

first uploads, sensitive categories and branded resources may be held for moderation before publication;

OpenThoughts may remove, quarantine, edit labels, restrict reuse wording, ask for proof of permission or reject uploads where risk is identified.

7. Forum and group posting rules

Forum and group pages should encourage practical learning while preventing harm, legal risk and misuse.

Members should:

discuss themes, learning, processes, policy, practice and improvement ideas, not identifiable residents or named staff members;

avoid posting urgent safeguarding concerns, domestic abuse risks, ASB case details, homelessness cases, fire safety emergencies, damp and mould live cases, repairs casework or health/vulnerability information;

avoid asking other members to share confidential policies, restricted documents, procurement details, personal data or internal screenshots;

not use groups to sell, solicit leads, promote services, recruit members to paid activity or redirect users to commercial offers unless approved;

use neutral, professional wording and challenge ideas and processes, not people;

report concerns using the Report this route rather than escalating arguments in public threads.

8. Supplier, advertiser and commercial-use rules

Suppliers and advertisers may be part of the OpenThoughts ecosystem, but commercial activity must be transparent and controlled.

9. Membership and identity rules

Members must:

provide accurate registration information and not misrepresent their identity, organisation, role or authority;

use only approved membership routes and not bypass verification checks;

not share accounts, transfer access, sell access, invite unauthorised people into member-only areas or use another person’s login;

keep login details secure and notify OpenThoughts if they suspect unauthorised access;

accept that OpenThoughts may reject, suspend or close accounts where identity cannot be verified or where access is being misused.

Housing-sector member access may be limited to approved and verified housing association, local authority, ALMO or relevant professional email addresses, depending on the membership rules in force.

10. Content standards

OpenThoughts may remove, edit labels on, restrict, demote or review content that falls below the following standards.

Content should:

be accurate to the best of the contributor’s knowledge, or clearly labelled as an opinion, draft, example, AI-assisted output, learning prompt or discussion starter;

not present unverified legal, safeguarding, medical, financial, procurement or professional advice as fact;

use inclusive, professional and accessible language;

not be deliberately misleading, manipulated, fabricated or presented without relevant context;

include attribution where required and not remove attribution from another creator’s work;

not include tracking links, hidden advertising, hidden affiliate arrangements or undisclosed commercial interests.

11. “Do not post” quick list

This quick list should be placed near upload and forum-posting screens:

do not post resident names, addresses, photos or case details;

do not post confidential employer documents or internal screenshots;

do not post urgent safeguarding, emergency, ASB, repairs, homelessness or domestic abuse concerns;

do not post unverified allegations about people or organisations;

do not post material you do not own or have permission to share;

do not post supplier adverts or sales messages unless approved;

do not post malware, scripts, executable files or password-protected files without approval;

do not post AI-generated content without saying it has been AI-generated or AI-assisted;

do not post logos or branding in a way that suggests endorsement without permission.

12. Upload and posting declaration wording

OpenThoughts should require members to confirm the following before uploading resources or posting in higher-risk areas.

13. Moderation and enforcement

OpenThoughts should reserve the right to act proportionately, quickly and consistently. The action taken should depend on risk, seriousness, intent, repeat behaviour and potential harm.

14. Report this route

Every member-generated page should include a visible report route. Members should be encouraged to report concerns rather than arguing publicly or copying sensitive information into new posts.

The Report this function should allow people to report:

personal data or resident-identifiable information;

copyright, attribution or licence concerns;

abusive, discriminatory or harassing content;

confidential information or employer documents;

spam, supplier misuse, lead harvesting or unauthorised advertising;

broken attribution, misleading use of logos or false endorsement;

accessibility issues or unusable content;

urgent-risk content so OpenThoughts can remove or redirect it, while making clear the platform is not the emergency response route.

15. Complaints and appeals

Members, suppliers and contributors should have a fair way to challenge moderation decisions, content removals, upload rejections, membership restrictions or advertising decisions. The Complaints and Appeals Policy should apply.

OpenThoughts should look at genuine concerns properly, but does not need to enter circular arguments about obvious breaches or repeated misuse.

Recommended stages:

Initial review: review by OpenThoughts or the moderator responsible for the decision.

Escalated review: review by the platform owner or a separate reviewer where reasonably possible.

Final platform decision: decision recorded with reasons. OpenThoughts may refuse repeated appeals that raise no new information.

16. Public website wording

The following wording can be used on the public policy page.

Page title

Acceptable Use Policy

Opening wording

OpenThoughts is a place for constructive sharing, learning and collaboration across the housing sector. To keep it useful, safe and fair, everyone using the platform must follow these acceptable use rules.

Main rule

Use OpenThoughts lawfully, respectfully and transparently. Do not use it to scrape data, spam people, harass others, upload unlawful or confidential material, share resident-identifiable information, harvest leads, impersonate others, upload malware, advertise without permission, misuse logos or commercially exploit shared resources.

Platform action

We may remove content, restrict features, suspend accounts, end membership, reject uploads, refuse advertising or take other reasonable action where these rules are breached.

Community wording

OpenThoughts works because members help protect the space. If you see something that looks wrong, use the Report this function rather than copying, reposting or escalating the concern publicly.

17. Where this policy should appear

18. Internal register and evidence requirements

OpenThoughts should keep a simple internal Acceptable Use enforcement register. This helps demonstrate consistency, identify repeat misuse and evidence decisions if challenged.

19. Recommended implementation plan

20. Launch checklist

☐ Publish public Acceptable Use Policy page.

☐ Add footer link to the policy.

☐ Add sign-up agreement checkbox.

☐ Add upload declaration checkbox.

☐ Add AI declaration checkbox where relevant.

☐ Add commercial interest declaration where relevant.

☐ Add “do not post resident data” reminder to upload and forum pages.

☐ Add Report this button to member-generated content.

☐ Create moderation register.

☐ Train moderators and administrators on enforcement thresholds.

☐ Cross-reference policy in Terms, Supplier / Advertiser Terms, File Upload Controls, AI Usage Policy, Copyright and Takedown Process, Complaints and Appeals Policy and Safeguarding / Urgent Risk wording.

☐ Review after launch incidents or within 90 days of go-live.

21. Final decision wording

OpenThoughts should publish a standalone Acceptable Use Policy and treat it as enforceable platform rules. This is the best solution because the site will rely on member-generated discussion, resource uploads, supplier participation, advertising, AI-assisted content, Creative Commons sharing and trusted professional exchange.

The policy should protect the open-source ethos without making the platform feel closed or overly corporate. It should say clearly: share generously, challenge constructively, credit properly, protect residents, respect confidentiality, do not commercially exploit the community, and use the right route for urgent or sensitive matters.

This gives OpenThoughts a fair and transparent basis for removing content, refusing uploads, limiting supplier misuse, closing accounts and protecting the resource library that gives the platform its value.

Moderation Policy

Full strengthened policy and implementation decision

Important note: This policy explains how OpenThoughts manages moderation, safety and platform standards. It is published for transparency and should be read alongside the wider OpenThoughts governance pack.

1. Purpose of this policy

OpenThoughts exists to support open, practical and generous knowledge-sharing across the social housing and local authority housing arena. The value of the platform depends on people being able to share ideas, resources, reflections, questions and learning safely. This policy turns the existing “respect and removal” approach into an operational moderation framework.

protect members, residents, organisations, suppliers, advertisers and the platform;

keep discussions focused on learning, practice improvement and lawful sharing;

prevent the platform being used for abuse, spam, scraping, harassment, unlawful uploads, confidential disclosure, resident-identifiable data, supplier lead harvesting or reputational attacks;

provide a clear route for reports, decisions, appeals and repeat-breach action;

support legal and regulatory accountability, including data protection, copyright, defamation, safeguarding-style risk and online safety considerations.

2. Best decision for OpenThoughts

2.1 Recommended position

The best solution for OpenThoughts is to publish a clear standalone Moderation Policy and use it as the operating basis for all user-generated, supplier-generated and advertiser-generated content. It should not be hidden inside long Terms only. Members need to understand the rules before they post, upload, comment, advertise or report content.

Standalone public page: Publish as “Moderation Policy” under the Nitty Gritty / Trust / Safety area.

Short notices at the point of risk: Add short moderation notices on forum posting pages, upload pages, supplier profile submissions, advert booking pages and group pages.

Report-driven safety model: Use the “Report this” function on every member-generated page so members help identify risk.

Human oversight: Use human review for reported, sensitive, branded, personal-data, safeguarding-style, reputational, legal, copyright, advertiser and supplier misuse concerns.

Clear enforcement ladder: Use warnings, content edits, temporary restrictions, suspension and permanent removal depending on risk, intent and repetition.

Evidence retention: Keep proportionate records of reports, decisions, edits, removals, appeals and repeat misuse.

2.2 Why this is the best fit

OpenThoughts is not a generic social media site. It is a professional learning and resource-sharing platform for housing people.

The platform’s strength is open thinking, but that creates risk where people upload files, talk about sensitive themes or discuss organisations.

A visible, fair and firm moderation policy strengthens trust without killing the open-source ethos.

It gives the founder and administrators a defensible basis for action when content needs to be removed quickly.

It supports supplier neutrality by preventing advertisers from using the platform as an unmoderated sales or lead-harvesting route.

It supports data protection by making it clear that resident-identifiable, confidential and employer-sensitive information must not be posted.

3. Scope

4. Moderation principles

Open thinking, not unsafe posting: The platform encourages challenge, debate and practical learning, but not unlawful, unsafe, abusive or confidential disclosure.

Discuss issues, not attack people: Posts should focus on learning, process, practice, evidence and ideas rather than personal attacks or unverified allegations.

Residents first: Do not post live cases, urgent risks, resident-identifiable information or details that could identify a household.

Professional honesty: Members should declare AI-generated or AI-assisted work, copyright status, adaptations and supplier interests where relevant.

Proportionate action: Moderation action should match the risk, severity, urgency, intent and history of the issue.

Fairness and consistency: Similar cases should be handled in similar ways, with room for context where required.

Document decisions: Moderation should be recorded so OpenThoughts can show what happened and why.

5. What gets removed immediately

OpenThoughts should remove, hide or restrict the following content immediately where it is identified. In high-risk cases, removal should take place before a full investigation is complete.

6. What may be edited, labelled, hidden or restricted

Not every moderation concern requires deletion. Where risk can be managed safely, OpenThoughts may edit, label, hide, restrict, add context, request changes or move content to a more suitable area.

7. Member-generated content rules

Do not upload or post resident-identifiable information, live case details or personal data unless it has been lawfully anonymised and there is a clear right to share it.

Do not post confidential employer documents, internal reports, Board papers, legal advice, procurement materials or commercially sensitive information without permission.

Do not name individual staff members negatively or invite pile-ons against individuals.

Do not make unverified allegations about organisations or people.

Do not upload resources unless you own them, created them, have permission to share them or can lawfully license them under the applicable OpenThoughts sharing terms.

Do not use the platform to harvest leads, scrape member data or commercially exploit shared resources outside the permitted licence.

Do not impersonate another person, organisation, supplier, regulator, professional body or employer.

Do not use logos, badges, images or organisational names in a way that falsely implies endorsement, partnership or approval.

Declare AI-generated or AI-assisted content where relevant and check it before sharing.

Use plain, fair, professional language and focus on issues, processes, learning and improvement.

8. Supplier and advertiser moderation

Supplier and advertiser content requires additional moderation because OpenThoughts must remain procurement-neutral and avoid any impression that supplier presence equals endorsement, recommendation, due diligence approval or fitness for purpose.

9. Personal data in content

If content appears to contain personal data, OpenThoughts should treat it as a priority moderation issue. User-generated content can itself be personal data, and moderation activities may involve processing account data, content data, reports and decision records. The platform should follow its Data Protection Policy, Breach Response Procedure and DPIA decisions.

Hide or remove content containing resident-identifiable information as soon as reasonably possible.

Record what was found, where it was found, who reported it, when action was taken and what action was taken.

Assess whether the issue is a personal data breach and whether ICO or individual notification may be required.

Do not repost the content in moderation discussions or emails unless necessary and secure.

Where possible, preserve a secure evidence copy with restricted access if needed for investigation.

Tell the uploader what went wrong and how to avoid repetition.

Apply account restrictions where the upload was reckless, repeated or deliberate.

10. Safeguarding-style and urgent risk content

OpenThoughts is not an emergency, safeguarding, complaints, repair, ASB, domestic abuse, case management, legal or risk escalation route. Moderation should not attempt to manage live cases through the platform.

Remove or hide resident-identifiable details from urgent risk posts.

Reply with the approved “do not post urgent risk” wording and direct the member to their employer’s safeguarding, emergency, ASB, complaints, repairs or risk procedure.

Where content indicates an immediate threat to life or serious harm, follow the internal escalation procedure and seek appropriate advice.

Record the moderation action and outcome.

Consider warning or restricting users who repeatedly post live case details after being told not to.

11. Reporting content

Every member-generated page should include a visible “Report this” route. Reports should feed into a central moderation inbox or dashboard and be triaged according to risk.

12. What happens after a report

A report is received through the “Report this” form, email route or admin flag.

The report is logged with date, time, URL, content type, reporter category and risk category.

A moderator carries out initial triage and decides whether content should remain visible, be hidden, be restricted or be removed immediately.

The moderator reviews the content against this policy, the Acceptable Use Policy, Terms, data protection policies, copyright/takedown process, safeguarding warning and supplier/advertiser terms as relevant.

Where needed, the moderator asks the uploader, rights holder, supplier or complainant for more information.

A decision is recorded with the reason and action taken.

The uploader and reporter may be notified where appropriate, proportionate and safe.

The matter may be escalated to the founder/platform owner, legal adviser, data protection lead or supplier contract owner where risk is high.

Repeat issues are added to the member, supplier or advertiser conduct history.

Appeal rights are offered where the decision allows appeal.

13. Decision categories

14. Appeals

Moderation decisions should usually be appealable where content is removed, an account is restricted, a member is suspended, a supplier listing is removed or an advertiser is sanctioned. Appeals should be handled under the Complaints and Appeals Policy.

Appeals must explain what decision is being challenged and why the member, supplier or advertiser believes it was wrong.

Appeals should normally be submitted within 10 working days of the decision notice.

A different reviewer should consider the appeal where practical.

OpenThoughts may uphold, vary or overturn the original decision.

Immediate safety, personal data, copyright, safeguarding-style, malware, abuse or legal risk removals may remain in place while an appeal is considered.

15. Account restrictions, suspension and permanent removal

16. Evidence retention

Moderation records should be retained proportionately so that OpenThoughts can evidence fair process, support appeals, manage repeat misuse and respond to legal, data protection, copyright or supplier issues. Records should not be kept for longer than necessary and should be managed under the Records Retention Schedule.

17. Moderation register

OpenThoughts should maintain an internal moderation register. The register does not need to be public, but it should be complete enough to evidence consistency and learning.

18. Internal workflow

19. Website-ready public wording

19.1 Short page introduction

OpenThoughts is here for open, useful and generous thinking across housing. To keep that space safe, fair and trusted, we moderate content where needed. We do not remove content simply because someone disagrees with it. We may remove, hide, edit, label or restrict content where it creates legal, safety, confidentiality, copyright, personal data, reputational, supplier misuse or community risk.

19.2 Forum posting notice

Before posting, please check: no resident-identifiable information, no live cases, no urgent safeguarding or emergency concerns, no confidential employer documents, no personal attacks, no unverified allegations and no supplier promotion unless it is in an approved supplier area. Discuss learning, practice and process - not personal attacks.

19.3 Upload notice

Only upload resources you own, created or have permission to share. Do not upload resident data, confidential employer documents, live case information, password-protected files, unsafe files or materials that cannot be shared under the OpenThoughts licence and upload terms. First uploads and sensitive categories may be moderated before publication.

19.4 Report wording

Use “Report this” if you see personal data, copyright concerns, abusive content, confidential information, spam or supplier misuse, broken attribution, accessibility issues, urgent risk content, defamatory wording or anything else that may put people or the platform at risk.

19.5 Removal wording

We may remove content immediately where we believe it creates risk. This includes personal data, confidential information, unlawful uploads, abusive content, malware, urgent risk details, misleading supplier claims, unverified allegations or content that may expose OpenThoughts, members, residents, organisations or suppliers to legal or reputational harm.

19.6 No circular arguments wording

20. Member notification templates

21. Moderator checklist

Have I classified the report correctly?

Does the content include personal data or resident-identifiable information?

Does it include confidential employer, supplier or third-party information?

Does it raise safeguarding-style, emergency or live risk concerns?

Does it raise copyright, attribution, licence or logo misuse concerns?

Does it include harassment, discrimination, abuse, threats or personal attacks?

Does it make an allegation about a person or organisation that needs evidence or reframing?

Is the content supplier promotion or lead harvesting outside approved routes?

Is immediate hiding or removal required before review?

Have I recorded the evidence, decision and rationale?

Does the member, reporter, supplier or advertiser need to be notified?

Is this a repeat issue that should affect account status?

Is an appeal available?

Is there any learning for platform wording, forms, upload controls, filters or guidance?

22. Moderator decision matrix

23. Interaction with other OpenThoughts policies

24. Compliance and guidance notes

OpenThoughts should take advice on whether any parts of the platform are in scope of the UK Online Safety Act, particularly if it allows user-to-user posting, forums, comments, messaging, file-sharing or public interaction. OpenThoughts should also document privacy risks connected with moderation, because moderation may involve processing personal data in posts, reports, account histories and decision records.

Ofcom guidance explains that the Online Safety Act creates duties for certain online services, including user-to-user services, around illegal content and safety systems.

The ICO explains that personal data breaches must be reported to the ICO within 72 hours where required, and that individuals must be informed without undue delay where a breach is likely to result in high risk to rights and freedoms.

ICO security guidance expects organisations to process personal data using appropriate technical and organisational measures.

OpenThoughts should review these duties during DPIA screening, before launch and whenever the platform adds new features such as private messaging, automated moderation, supplier directories or wider public access.

25. Implementation checklist

26. Final recommended decision

OpenThoughts should adopt this Moderation Policy as a launch-critical control. The platform’s ambition is to be open, generous and useful, but openness without operational moderation would expose residents, members, employers, suppliers and the founder-owned platform to avoidable risk. The right balance is not heavy-handed censorship. The right balance is clear expectations, visible reporting, proportionate intervention, proper records, fair appeals and firm action against unsafe, unlawful, abusive, confidential, misleading or commercially exploitative behaviour.

Recommended final wording for the policy decision:

OpenThoughts will protect open sector learning by moderating content where needed. We welcome challenge, discussion and different views, but we will remove or restrict content that puts residents, members, organisations, suppliers, advertisers or the platform at risk. We will look at genuine concerns properly. We will not enter into circular arguments about obvious breaches.

Appendix A - Internal moderation record template

Appendix B - Sources and reference points

Reference points used when strengthening this policy include:

Ofcom guidance for providers of online services about how to comply with Online Safety Act duties, including illegal content and user-to-user service considerations.

Ofcom March 2026 online safety industry bulletin on duties to report detected and unreported child sexual exploitation and abuse content where applicable.

ICO guidance on personal data breaches, including the 72-hour reporting expectation where notification is required.

ICO guidance on data security and appropriate technical and organisational measures under UK GDPR.

OpenThoughts internal policy suite: Acceptable Use, Report This, File Upload Risk Controls, AI Usage, Copyright Takedown, Defamation/Reputation Risk, Safeguarding and Do Not Post Urgent Risk, Supplier/Advertiser Terms, Procurement Neutrality, DPIA Screening, Data Processor Register and Complaints and Appeals.

Report This Function Policy and Implementation Decision

A full and strengthened policy for member reporting, content safety, platform trust and rapid issue triage

1. Purpose of this policy

This policy sets out the decision, rules and operating process for the OpenThoughts “Report this” function. It is designed to help members report concerns about content, uploads, behaviour or technical barriers in a clear and structured way. It supports the wider OpenThoughts ethos: open-source thinking, professional generosity, transparency, safety, fair challenge and responsible collaboration across the housing sector.

2. Recommended decision for OpenThoughts

The best solution is to build “Report this” into the platform from the start and to place it wherever members can read, upload, comment, discuss, advertise or interact. OpenThoughts should not rely on members finding a generic contact page, emailing informally or raising concerns in public comments. A visible reporting route creates trust, protects members, reduces legal and safeguarding risk, supports accessibility and makes moderation evidence-led.

3. Scope

This policy applies to all areas of OpenThoughts where a concern could arise, including forums, groups, comments, member profiles, resource libraries, uploaded files, images, supplier profiles, adverts, sponsored content, event listings, newsletters, AI-assisted material, shared templates and any future collaborative tools.

4. Core principle

Members become part of the safety system. Reporting should feel simple, fair and constructive. It should not be framed as punishment or policing. It should be framed as shared stewardship: protecting residents, members, employers, suppliers, originators, accessibility, copyright, data protection and the integrity of the platform.

5. Formal policy position

6. Report categories

7. Where the “Report this” function should appear

8. Website-ready wording

8.1 Button wording

Report this

Report a concern

Report content

Report an issue with this resource

8.2 Short notice near the button

Suggested wording: Use “Report this” to tell us about personal data, copyright concerns, abusive content, confidential information, spam or supplier misuse, broken attribution or accessibility issues. Reports help keep OpenThoughts safe, fair and useful for the housing sector.

8.3 Full report page wording

Suggested wording: OpenThoughts is built on shared trust. If you see something that looks wrong, risky, inaccessible, incorrectly attributed or not suitable for the platform, please report it. We will review genuine concerns properly and take proportionate action. Reporting does not automatically mean content will be removed, but it does mean the concern will be recorded and considered.

8.4 Urgent risk wording

Suggested wording: Do not use OpenThoughts to report emergencies, safeguarding concerns, live resident cases, repairs, ASB, domestic abuse, homelessness or health and safety risks. Follow your own organisation’s emergency, safeguarding, complaints, repairs, ASB, domestic abuse or risk escalation procedure. If you believe content on OpenThoughts includes live personal or urgent risk information, report it so it can be reviewed and, where needed, removed or anonymised.

9. Report form fields

10. Triage workflow

11. Response times

12. Action matrix

13. Internal report register

OpenThoughts should maintain an internal register for all meaningful reports. This does not need to be public, but it should be structured enough to evidence fair decision-making, learning and accountability.

14. Roles and responsibilities

15. Misuse of the report function

OpenThoughts should welcome good-faith reporting but protect the platform from misuse. The report function must not be used to harass other members, suppress fair professional debate, retaliate against challenge, create circular arguments, submit knowingly false complaints or repeatedly re-open decisions without new evidence.

16. Technical and accessibility requirements

17. Member-facing sign-up and upload wording

17.1 Sign-up wording

Suggested checkbox: I understand that OpenThoughts includes a “Report this” route so members can flag personal data, copyright concerns, confidential information, abusive content, spam, supplier misuse, attribution issues and accessibility barriers. I agree to use this route in good faith and not as a way to harass, silence or retaliate against others.

17.2 Upload wording

Suggested checkbox: I understand that uploaded content may be reported by other members if it appears to include personal data, confidential information, copyright issues, broken attribution, accessibility barriers or other platform risks. I agree that OpenThoughts may temporarily hide, edit, remove or restrict access to content while a report is reviewed.

18. Links with other OpenThoughts policies

19. Implementation checklist

20. Final recommendation

OpenThoughts should adopt the “Report this” function as a launch-critical control, not a later enhancement. The platform is designed to encourage shared learning, document sharing, professional debate and supplier/member interaction. That creates enormous value, but it also creates foreseeable risks around personal data, copyright, confidentiality, accessibility, reputational harm and commercial misuse. A visible, well-governed reporting function allows the community to help protect the platform while giving OpenThoughts a fair, consistent and evidence-led process for dealing with concerns.

Appendix A: Suggested report acknowledgement

Thank you for reporting this. We have received your concern and will review it in line with the OpenThoughts Report This Function Policy. Reporting content does not automatically mean it will be removed, but it will be considered. If the issue appears urgent or high risk, we may temporarily hide or restrict the content while we review it.

Appendix B: Suggested outcome wording - no action

We have reviewed the content you reported. Based on the information available, we are not taking further action at this stage. This does not prevent you from providing new evidence or using the Complaints and Appeals route if you believe the decision has not been handled properly.

Appendix C: Suggested outcome wording - action taken

We have reviewed the content you reported and have taken action. This may include editing, correcting attribution, restricting access, removing content or contacting the relevant member or supplier. For privacy and fairness reasons, we may not be able to share every detail of the action taken.

File Upload Risk Controls Policy

Policy, implementation decision and operating procedure for the OpenThoughts resource library, forums and member-generated uploads

Purpose of this policy

OpenThoughts is designed as a collaborative, open-source thinking platform for the social housing sector. Its value relies on members being able to share templates, learning, policies, tools, examples, presentations, frameworks and practical resources. That same resource library also creates risk: copyright infringement, personal data exposure, confidential employer documents, malware, misleading professional material, reputational harm, unsafe advice, metadata leakage and supplier misuse.

This policy sets out the decision, rules, technical controls, moderation approach, member declarations and internal operating procedure needed to make file sharing safe, trusted and proportionate.

1. Scope

This policy applies to all files, resources, attachments, images, templates, presentations, spreadsheets, forms, guides, recordings, screenshots, graphics, zipped resources and supporting documents uploaded to OpenThoughts.

It applies to resource library uploads, forum attachments, group files, profile images, event documents, blog attachments, supplier/advertiser materials, downloadable resources and any future upload function.

It covers files uploaded directly to the platform and files submitted by email, webform, cloud link or other transfer route for publication on OpenThoughts.

2. Core principles

3. Recommended launch decision

The best solution for OpenThoughts is to adopt a staged upload model:

4. File types allowed and prohibited

5. Maximum file size controls

OpenThoughts may reduce, increase or vary size limits based on hosting performance, moderation capacity, storage cost, security incidents, accessibility requirements and user need.

6. Upload declaration

Before uploading, members should be required to tick a declaration. The upload should not proceed unless the declaration is completed.

7. Metadata warning and hidden content control

OpenThoughts should display a clear metadata warning before upload and should provide member guidance on checking documents before sharing.

8. Moderation and review model

9. Upload risk triage matrix

10. Resident data and confidential information rule

Where a member uploads personal data or confidential material, OpenThoughts should:

remove or restrict access to the file promptly;

log the incident and preserve proportionate evidence;

assess whether the Breach Response Procedure is triggered;

notify the member and explain why the file cannot be used;

where necessary, suspend upload privileges pending review;

use learning to improve upload wording, moderation rules and member guidance.

11. Admin review for branded or sensitive categories

12. Technical controls to implement

13. Internal upload workflow

14. Website-ready wording

15. Repeated misuse and account controls

16. Accessibility requirements for uploads

OpenThoughts should encourage accessible resources. This is important because shared documents may be used by a wide range of housing professionals, residents, community groups and partner organisations.

17. Roles and responsibilities

18. Records and evidence to keep

19. Launch implementation checklist

20. Upload review form template

21. Final policy statement

OpenThoughts should treat the resource library as both its strongest value proposition and one of its highest operational risks. The recommended position is not to avoid uploads, but to make upload safety part of the platform design from day one. The combination of restricted file types, size limits, virus scanning, metadata warnings, upload declarations, first-upload moderation, sensitive-category review, visible reporting and clear escalation routes gives OpenThoughts a practical, proportionate and trustworthy model for sector resource sharing.

This policy should be approved before launch and reviewed after the first 90 days of live uploads.

Safeguarding and “Do Not Post Urgent Risk” Policy

A strengthened policy, website notice and moderation procedure for OpenThoughts

Document status: Approved and implemented

Owner: OpenThoughts platform owner / appointed responsible person

Applies to: Members, moderators, contributors, suppliers, advertisers, guests and anyone uploading, posting or commenting on OpenThoughts

Review cycle: At least annually and immediately after any safeguarding-related platform incident, urgent-risk post, data breach, moderation failure or material change to platform features

This policy is part of the OpenThoughts governance pack and explains the standards expected when members discuss sensitive themes.

1. Executive decision

OpenThoughts should publish and enforce a dedicated safeguarding and urgent-risk posting policy. The best solution for the platform is not to create a safeguarding service, helpline, case-management route or emergency reporting route. The platform should instead make it unmistakably clear that members must use their own organisation’s safeguarding, emergency, complaints, repairs, ASB, domestic abuse, health and safety, fire safety or risk escalation procedures when a real person may be at risk.

This approach fits the ambition of OpenThoughts: open source thinking, shared sector learning and practical collaboration, without becoming an unsafe alternative to established safeguarding, emergency or landlord casework processes.

Decision statement

OpenThoughts will allow members to discuss safeguarding-related themes in a professional, anonymised and learning-focused way, but it will not host live casework, urgent risk disclosures, resident-identifiable information, emergency requests, unresolved safeguarding concerns, confidential employer documents or personal details about residents, staff, contractors, witnesses, alleged perpetrators or victims/survivors.

2. Why this policy is needed

OpenThoughts is likely to host professional discussion across areas including ASB, community safety, domestic abuse, supported housing, homelessness, damp and mould, fire safety, adaptations, accessibility, complaints, repairs, building safety, vulnerability, health and wellbeing, income, tenancy sustainment and neighbourhood management. These are valuable topics for shared learning, but they also carry a real risk that members may post details that should only be handled through formal organisational procedures.

protect residents, members, staff and the public from harm caused by misplaced reporting;

prevent the platform being treated as an emergency, safeguarding, complaints or case-management route;

reduce the risk of personal data, special category data or confidential information being posted;

make member expectations clear before they join, post or upload;

give moderators a clear basis for removing content quickly where necessary;

support the OpenThoughts ethos of open learning without unsafe disclosure.

3. Core public warning wording

This wording should be used consistently across the platform. It should appear in the Terms, forum posting pages, upload pages and relevant high-risk groups.

4. Plain-English member version

OpenThoughts is here for sector learning. You can share ideas, templates, general lessons, anonymised practice examples and questions about how professionals approach common challenges. You must not use OpenThoughts to report or discuss urgent or live cases where a person, household or property may be at risk.

A safe post says: “How do other organisations make safeguarding prompts clearer in ASB procedures?” An unsafe post says: “Resident X at 12 Any Street told me today that their partner is threatening them and our team has not acted.” The first supports learning. The second belongs in your organisation’s safeguarding and emergency escalation route, not on OpenThoughts.

5. Scope of this policy

This policy applies to all OpenThoughts spaces and activity, including:

member sign-up and acceptance of terms;

forum posts, replies, group discussions, comments and direct member interactions where available;

resource uploads, templates, policies, reports, presentations, screenshots, images and examples;

supplier or advertiser content where it discusses risk, safety, vulnerability or case studies;

private groups, restricted groups, pilot spaces and beta features;

AI-generated or AI-assisted uploads, summaries and discussion prompts;

moderation decisions, complaints and appeals relating to urgent-risk content.

6. What must never be posted

7. What can be posted safely

OpenThoughts should encourage useful discussion while removing live risk. The safest model is: generalise, anonymise, remove identifiers, remove urgency and focus on learning.

8. Required placement across the website

9. Sign-up checkbox wording

The following checkbox should be mandatory for all members:

10. Upload checkbox wording

11. Forum posting warning

12. High-risk group notices

ASB, Community Safety and Domestic Abuse

This group is for practice learning, policy discussion and professional reflection. Do not post live ASB cases, domestic abuse disclosures, victim/survivor information, witness details, alleged perpetrator details, addresses, evidence files or urgent risk concerns.

Supported Housing and Independent Living

This group may involve sensitive themes. Do not post personal information about residents, support needs, care arrangements, health, mental health, vulnerability, capacity, family circumstances or live welfare concerns.

Fire Safety

This group is for learning and improvement. Do not post live fire risks, unsafe building conditions, evacuation concerns, addresses, images of identifiable homes, risk assessments or urgent hazards. Escalate these through formal fire safety and emergency routes.

Damp and Mould

This group is for learning about prevention, communication and service improvement. Do not post live resident cases, medical information, addresses, images of identifiable homes or urgent health/property risks. Use formal repairs, complaints, safeguarding or risk escalation procedures.

Complaints and Service Recovery

Do not upload complaint files, correspondence, investigation documents or case details that identify residents, staff, contractors or organisations where the material is not approved for sharing.

Repairs and Maintenance

Do not post urgent repairs, hazards, access information, vulnerable household details or property-specific risks. Use emergency repair and escalation procedures.

Building Safety and Compliance

Do not post building-specific safety risks, access-control details, resident personal data, sensitive compliance documents or live incidents.

Homelessness and Temporary Accommodation

Do not post names, addresses, placements, vulnerability details, immigration or family information, domestic abuse locations or live homelessness casework.

13. Moderation and triage procedure

Moderators should treat possible urgent-risk content as a priority. The aim is to reduce harm quickly, preserve evidence appropriately and signpost the member back to the correct formal route without attempting to manage the case through OpenThoughts.

14. Risk levels and response times

15. Member responsibilities

Use OpenThoughts for learning, not case escalation.

Anonymise examples properly and remove all direct and indirect identifiers.

Do not post anything that may need urgent action by a landlord, local authority, police, fire service, ambulance service, safeguarding partnership or other statutory service.

Do not upload confidential employer documents unless authorised to share them and they have been checked for personal data.

Do not seek legal, safeguarding or casework decisions from other members for live matters.

Correct or remove content promptly if OpenThoughts raises a concern.

Follow employer policy and professional duties before sharing examples from work.

16. Supplier and advertiser responsibilities

Suppliers and advertisers must not use OpenThoughts to collect live case information, resident personal data, safeguarding details or confidential documents through comments, forms, adverts, webinars, resource downloads or direct outreach. Any supplier tool, advert or content that invites members to share live cases must be refused or amended before publication.

Do not ask members to post case details publicly.

Do not request resident personal data through platform comments or public forms.

Do not present supplier content as a substitute for emergency, safeguarding, legal or statutory advice.

Do not use case studies unless they are properly anonymised, authorised and lawful to share.

Do not imply that OpenThoughts has assessed, approved or endorsed a safeguarding approach or casework method.

17. Relationship with other OpenThoughts policies

18. Data protection and confidentiality controls

Safeguarding and urgent-risk content often involves personal data and may involve special category data or highly sensitive confidential information. OpenThoughts should therefore treat this policy as part of its wider data protection control framework.

Build upload prompts that require members to confirm no personal data or confidential case information is included.

Use moderation filters for terms likely to indicate addresses, phone numbers, email addresses, tenancy references or personal case details.

Restrict attachments in high-risk groups until moderation controls are tested.

Create a documented review route for content reported as containing personal data.

Train moderators to recognise indirect identifiers, not just names and addresses.

Keep moderation logs proportionate and avoid copying unnecessary sensitive details into the log.

Escalate potential personal data breaches under the Breach Response Procedure.

19. Anonymisation standard

A post is not automatically safe just because names have been removed. Members must consider whether someone could still be identified from a combination of details.

Remove direct identifiers: names, addresses, phone numbers, emails, tenancy references, case numbers, photographs, screenshots and document metadata.

Remove indirect identifiers: rare circumstances, small teams, unusual locations, dates, job titles, ages, family composition, court dates, incident timings, local landmarks and unique property details.

Generalise the example: describe the process issue or learning point without giving enough detail to identify the person, household, staff member or organisation.

Check permission: do not share employer documents, case studies or internal learning unless authorised and checked.

When in doubt: do not post. Ask your organisation through the correct internal route.

20. Handling repeated breaches

OpenThoughts should take repeat misuse seriously. The goal is not to punish honest mistakes harshly, but the platform must protect residents, members and itself from repeated unsafe posting.

21. Appeals and complaints

Members may use the OpenThoughts Complaints and Appeals Policy to challenge moderation decisions. However, OpenThoughts does not have to keep urgent-risk, safeguarding, personal data or confidential case information visible while an appeal is considered. Safety, confidentiality and data protection take priority over publication during review.

OpenThoughts may decline to enter into circular arguments where the content plainly breaches this policy, exposes personal/confidential information or attempts to use the platform as a casework route.

22. Internal incident log template

23. Member notification templates

Template A: content removed because it may include urgent risk or safeguarding information

Thank you for contributing to OpenThoughts. We have temporarily removed or restricted your post because it appears to include urgent risk, safeguarding, live casework or personal/confidential information. OpenThoughts is not an emergency, safeguarding, legal, complaints, repair, ASB, domestic abuse, health and safety or case-management route. Please follow your organisation’s formal procedure and any appropriate emergency or statutory route. You may repost a general, anonymised, learning-focused version if it does not include live risk or identifiable details.

Template B: upload rejected because it may contain confidential or identifiable information

We cannot approve this upload because it appears to contain information that may identify a person, household, staff member, organisation-specific case or confidential document. Please remove all personal, confidential, case-specific and urgent-risk information before resubmitting. Only upload material you are authorised to share.

Template C: reminder after minor issue

We have edited or removed some detail from your contribution to keep it safe and learning-focused. Please remember not to post live cases, urgent risks, names, addresses, screenshots, case files or confidential documents. OpenThoughts works best when examples are generalised and anonymised.

24. Website page: “Safeguarding and Urgent Risk”

OpenThoughts should create a dedicated public help page called “Safeguarding and Urgent Risk”. This page should be short, clear and linked from high-risk areas of the site.

Suggested page content

OpenThoughts is a professional learning and collaboration platform. It is not an emergency service, safeguarding referral route, case-management system, complaints route, repairs reporting route, ASB reporting route, domestic abuse reporting route, legal advice service or substitute for your organisation’s procedures.

Do not post urgent concerns, live resident cases, personal data, confidential documents, case screenshots, addresses, contact details, images of identifiable people or details of people at risk. If a person, household or property may be at risk, use your organisation’s formal procedure and any appropriate emergency, statutory, safeguarding, repair, ASB, domestic abuse, complaint, fire safety, health and safety or risk escalation route.

You are welcome to share general learning, anonymised examples, templates and reflective practice questions. Keep the focus on issues, processes, prevention and improvement, not live cases or identifiable people.

25. Implementation checklist

26. Final recommended policy position

This is the strongest fit for the OpenThoughts ambition: it protects people, keeps the platform focused on sector improvement, avoids unsafe informal casework, and gives members a clear, fair and visible boundary before they post.

Appendix A: Quick “safe to post?” test

Could this identify a resident, household, staff member, contractor, witness, victim/survivor, alleged perpetrator or property?

Is this about a live, unresolved or urgent matter?

Could someone need emergency, safeguarding, landlord, repair, ASB, domestic abuse, fire safety, health and safety or statutory action?

Have I included names, addresses, screenshots, case notes, photos, dates, job titles, rare details or location clues?

Is this a confidential employer document or internal case file?

Am I asking others to decide what should happen in a live case?

Would I be comfortable if my organisation’s data protection, safeguarding or legal lead saw this post?

Can I rewrite this as a general learning question instead?

If the answer to any of the first six questions is yes or maybe, do not post it. Use the correct formal route instead.

Appendix B: Examples of safer rewrites

Appendix C: Adoption record

Age Restriction and Children’s Data Policy

Decision Paper, Policy, Website Wording and Operational Checklist

1. Executive decision

This is the best fit for the site requirements and ambition because OpenThoughts is being designed as a trusted, professional, open-source thinking space for the housing sector. Its core value is the safe sharing of learning, templates, experiences and practice between housing professionals and sector partners. It is not a youth forum, resident casework system, safeguarding route, social media platform for minors or general public advice service.

The decision should be supported by clear age wording at sign-up, in the Terms, in the Privacy Policy, on upload pages, in high-risk groups and in moderation workflows. The policy should not rely only on a hidden legal clause. It should appear wherever members might accidentally share information about residents, households, children or young people.

Decision statement for adoption

OpenThoughts membership is for adults aged 18+ only.

OpenThoughts is not aimed at children and does not knowingly offer member accounts to anyone under 18.

Under-18s must not apply for membership, upload resources, post in forums, submit blogs, create profiles or use supplier interaction tools.

Members must not upload, post or share children’s personal data, resident-identifiable information, family case details, school details, safeguarding information, photographs, names, contact details or other information that could identify a child or young person.

Any case example involving children, families, safeguarding, homelessness, youth services, domestic abuse, ASB, supported housing or vulnerability must be lawful, necessary, proportionate, fully anonymised and framed as learning rather than case management.

OpenThoughts may remove content, suspend accounts, restrict uploads, contact the uploader, record an incident and escalate under the Breach Response Procedure where children’s data or safeguarding-style information is posted.

2. Why this policy is needed

OpenThoughts will involve professional discussion across social housing, local authority, community safety, repairs, building safety, damp and mould, safeguarding-adjacent services, domestic abuse, ASB, temporary accommodation, homelessness, financial capability, supported housing and independent living. These areas can involve sensitive personal data and, in some cases, information about children or family circumstances.

Even if the platform is not aimed at children, the risk is not only that a child might apply. The bigger practical risk is that an adult member accidentally posts identifiable information about a child or young person while sharing a case example, template, learning review, complaint example, ASB scenario, safeguarding scenario, damp and mould photograph, household timeline or service failure narrative.

This policy therefore has two purposes: first, to make the platform clearly adult-only; and second, to prevent children’s personal data being introduced into the platform by adult users.

3. Legal and regulatory context

This document is a practical governance policy and not legal advice. It is intended to support UK GDPR, Data Protection Act 2018, PECR and wider good practice compliance for a UK professional platform.

The ICO Children’s Code applies to online services likely to be accessed by children in the UK. ICO guidance explains that services do not have to be specifically directed at children to be in scope if they are likely to be accessed by under-18s. The Code sets standards for how online services safeguard children’s personal data and demonstrates compliance with data protection law.

OpenThoughts should therefore document a clear position before launch: the service is not aimed at children; it is a professional adult platform; children should not be users; and the platform will implement controls to reduce the likelihood that children access the service or that children’s data is uploaded by members.

References to build into the policy framework

4. Scope

This policy applies to all OpenThoughts functionality and all people interacting with the platform, including:

member sign-up and member profiles

forum posts, comments, replies and group discussions

resource uploads, templates, toolkits, screenshots and examples

blogs, case studies, podcasts, videos and event materials

supplier profiles, adverts, lead forms and sponsored content

contact forms, report forms and complaint routes

administrator, moderator and founder actions

third-party tools, plugins and processors used to operate the platform

This policy covers both direct children’s data and indirect information that could identify a child when combined with other information. It also covers data about families, households, schools, youth services, care arrangements, vulnerabilities, safeguarding concerns and live service situations where a child could be identifiable.

5. Definitions

6. Public website wording

6.1 Short footer wording

OpenThoughts is a professional platform for adults aged 18+. It is not aimed at children. Please do not apply for membership if you are under 18. Members must not post or upload children’s personal data, resident-identifiable information, live case details or urgent safeguarding concerns.

6.2 Terms of Use wording

Membership is restricted to adults aged 18 or over. By applying for or using an OpenThoughts account, you confirm that you are aged 18+ and that you are using the platform in a professional, sector, organisational, supplier, governance or learning capacity.

OpenThoughts is not aimed at children and does not knowingly permit under-18s to create accounts, post content, upload resources, submit blogs, access member-only forums or use supplier interaction tools.

You must not post, upload, share, request or disclose children’s personal data, resident-identifiable information, family case details, school details, safeguarding information, health information, photographs, names, contact details or other details that could identify a child or young person. Any examples involving children, young people or families must be lawful, necessary, proportionate and fully anonymised before sharing.

OpenThoughts may remove content, hide posts, reject uploads, restrict access, suspend accounts, permanently remove accounts, record an incident and take further action where this rule is breached.

6.3 Privacy Policy wording

OpenThoughts is intended for adults aged 18+ and is not aimed at children. We do not knowingly collect account registration information from under-18s. If we become aware that an under-18 has applied for, created or used an account, we may close the account and delete or restrict related data unless we need to retain limited information for legal, security, safeguarding, complaint, moderation or audit reasons.

Members must not upload or post children’s personal data or resident-identifiable information. If such information is posted, we may remove it, restrict access to it, investigate the incident, contact the uploader, record the decision and consider whether the issue needs to be handled under our Breach Response Procedure or Safeguarding and Do Not Post Urgent Risk Policy.

6.4 Sign-up checkbox wording

I confirm that I am aged 18 or over.

I understand that OpenThoughts is a professional platform and is not aimed at children.

I will not post or upload children’s personal data, resident-identifiable information, live case details or urgent safeguarding concerns.

I understand that OpenThoughts may remove content and restrict or close accounts where this rule is breached.

6.5 Upload checklist wording

I have checked this file and it does not contain children’s personal data.

I have removed names, addresses, photographs, school details, family details, case references and any other information that could identify a child, young person, household, resident or service user.

If this resource includes a case example involving children or families, I confirm it is fully anonymised, lawful to share and included only for professional learning.

I understand that OpenThoughts may reject, remove or temporarily hide the upload if there is any concern about children’s data or resident-identifiable information.

7. Membership rules

8. Children’s data: prohibited content

Members must not upload, post or share any content that includes or reveals:

a child’s name, initials where identifiable, address, telephone number, email address, school, nursery, placement, social worker details or family contact details;

photographs, videos, audio or screenshots showing a child, bedroom, home, location, school uniform or identifiable family context;

safeguarding concerns, referrals, assessment details, child protection status, domestic abuse details, exploitation concerns or social care information;

health, disability, mental health, medical, educational needs, SEND, financial hardship or vulnerability information about a child;

ASB, neighbour dispute, domestic abuse, homelessness, temporary accommodation, tenancy enforcement or legal case details that could identify a child or family;

complaint records, repairs records, damp and mould photographs, fire safety concerns or housing case notes linked to a household with identifiable children;

tracked changes, comments, filenames, metadata or screenshots that reveal children’s personal data;

employer or local authority documents containing children’s information unless they are public, lawful to share and fully anonymised.

9. What may be allowed

OpenThoughts should still allow proper professional learning about services that affect children, young people and families, provided it is shared safely. The platform should allow:

generalised learning about safeguarding processes, without live case details;

anonymised service design learning, such as how to make housing communications clearer for families;

template policies, checklists, risk frameworks and learning materials where all personal data has been removed;

publicly available guidance, statutory information or published sector reports with correct attribution;

fictional or composite scenarios that cannot identify any real person, household or organisation unless the organisation is already public and the framing is responsible;

case studies where the member has lawful authority to share and the details have been properly anonymised.

Allowed vs not allowed examples

10. High-risk groups requiring extra warnings

The following OpenThoughts groups should include a pinned warning and posting reminder because they are more likely to involve children, families, safeguarding, vulnerability or sensitive case issues:

ASB, Community Safety and Domestic Abuse

Supported Housing and Independent Living

Temporary Accommodation and Housing Options

Allocations, Lettings and Homelessness

Damp and Mould

Fire Safety

Building Safety and Compliance

Adaptations, Accessibility and Independent Living

Financial Capability

Tenancy Sustainment

Complaints and Service Recovery

Health and Wellbeing, if used as a group or theme

Equality, Diversity and Inclusion where personal experiences may be shared

Pinned warning for high-risk groups

Before posting: OpenThoughts is a professional learning space, not a safeguarding, emergency, legal, complaints, ASB, repair or case-management route. Do not post children’s personal data, resident-identifiable information, live case details or urgent risk concerns. Generalise the issue, remove details, and follow your organisation’s safeguarding, emergency, complaints, repairs, ASB or risk escalation procedure where appropriate.

11. Moderation response where children’s data is suspected

OpenThoughts should apply a precautionary approach. If a moderator or member believes content may include children’s data, the content should be hidden from public/member view while reviewed. The platform should not leave potentially identifying information online while debating whether it is allowed.

Triage levels

Moderation principles

Err on the side of protecting children and residents.

Do not ask members to provide more personal data to justify an upload unless essential.

Do not republish removed personal data in moderator notes, emails or appeals unnecessarily.

Keep moderation notes factual, proportionate and access-restricted.

Use the Breach Response Procedure where the incident may involve a personal data breach.

Use the Safeguarding and Do Not Post Urgent Risk Policy where the content suggests immediate harm or live risk.

Use the Complaints and Appeals Policy if a member disputes a moderation decision.

12. Data breach link

Posting children’s personal data may be a personal data breach if it involves accidental or unlawful disclosure, access, alteration, loss or unauthorised sharing of personal data. OpenThoughts should not treat all such incidents as ordinary moderation issues. Where children’s data is involved, the platform owner should consider whether the Breach Response Procedure applies.

The breach assessment should consider the nature of the information, whether a child or family can be identified, how long the content was visible, who could access it, whether it was downloaded, whether the data is sensitive, whether safeguarding risk is indicated and whether affected individuals, employers, the ICO or other parties may need to be notified.

13. Sign-up, upload and account controls

14. Member guidance: how to anonymise safely

Members should be told that removing a name is not enough. A child may still be identifiable through a combination of location, school, household size, repair history, disability, exact dates, staff names, complaint reference, local incident, photograph or rare circumstances.

Before sharing any example involving children or families, members must remove or generalise:

names, initials and nicknames

addresses, estate names, exact neighbourhoods and postcode clues

school, nursery, college, social care or health service references

photographs, videos, floorplans, bedroom images or identifiable home details

exact dates, reference numbers and unique timelines

staff names where this could identify a case

medical, disability, safeguarding, domestic abuse, ASB or vulnerability details

household composition where this could identify the family

any metadata, tracked changes, comments, document properties and filenames

Safe wording example

Risky wording: “A family in [estate name] with three children, including a disabled child at [school name], reported damp in bedroom 2 on 14 March. The case was handled by [staff name] and escalated after the GP letter.”

Safer wording: “A composite family case highlighted that damp and mould communication can fail when health concerns, repair timescales and escalation routes are unclear. The learning point was to provide clearer written next steps, named service contact routes and accessible follow-up information.”

15. Supplier and advertiser rules

Supplier and advertiser activity must respect the adult professional nature of the platform. Supplier presence on OpenThoughts must not create pressure for members to share live case details or children’s data in order to obtain advice, quotes, demos, benchmarking or support.

Suppliers must not ask members to upload or email case files containing children’s data through OpenThoughts routes.

Suppliers must not use OpenThoughts to target children, families or residents directly.

Suppliers must not claim endorsement, safeguarding approval, procurement approval or fitness for work involving children unless properly evidenced outside OpenThoughts.

Sponsored content must not include identifiable children or family cases unless it is a lawful, public, consented and properly evidenced case study approved by OpenThoughts.

Supplier breaches should be handled under Supplier/Advertiser Terms, Moderation Policy, Breach Response Procedure and Complaints and Appeals Policy as appropriate.

16. Operational workflow: if an under-18 applies or is discovered

Suspend the account or application while the issue is reviewed.

Do not request unnecessary proof or additional personal data from the under-18.

Check whether the account has posted, uploaded, messaged suppliers or accessed member content.

Remove or restrict any content posted by the under-18 if needed.

Delete the account data where appropriate, unless limited retention is required for safety, legal, security, complaint, moderation or audit purposes.

Record the decision in the moderation/security register.

Consider whether sign-up wording, age gates or membership checks need strengthening.

17. Operational workflow: if children’s data is uploaded

Hide or remove the content immediately if there is any realistic identification risk.

Preserve a restricted evidence copy only if needed for investigation, complaint, audit, legal or breach assessment purposes.

Notify the platform owner or nominated data protection lead.

Assess whether the content includes personal data, special category data, safeguarding information, confidential employer information or resident-identifiable information.

Assess whether the Breach Response Procedure applies, including ICO notification and affected-individual notification considerations.

Contact the uploader with a factual explanation and require a corrected anonymised version if appropriate.

Record the action, decision, timeframe and outcome.

Apply member sanctions if the upload was reckless, repeated or deliberate.

Update guidance, upload checklist or moderation filters if the incident reveals a gap.

18. Policy relationship map

19. Governance and review

The platform owner should review this policy before launch, after significant functionality changes and at least annually. A review should also be triggered if OpenThoughts introduces open public registration, youth-focused content, resident-facing services, direct messaging with suppliers, events aimed at students or apprentices under 18, or any tool likely to attract children.

The review should check whether the 18+ position remains accurate in practice. If analytics, enquiries or user behaviour suggest that under-18s are likely to access the service, OpenThoughts should revisit the DPIA screening and consider whether additional Children’s Code controls are required.

20. Implementation checklist

21. Final member understanding checklist

This wording can be used at the end of the upload journey or as a short confirmation panel before a member posts into higher-risk groups.

☐ I understand OpenThoughts is for adults aged 18+ only.

☐ I understand OpenThoughts is not aimed at children and under-18s must not apply for membership.

☐ I understand I must not upload or post children’s personal data.

☐ I understand I must not post resident-identifiable information, live case details, safeguarding concerns or urgent risk information.

☐ I have anonymised any example involving children, families, safeguarding, ASB, homelessness, vulnerability, damp and mould, repairs, complaints or safety.

☐ I have checked documents for hidden information, including tracked changes, comments, filenames and metadata.

☐ I understand OpenThoughts may remove content, reject uploads, restrict my account and record an incident if I breach this rule.

☐ I understand that if there is an urgent concern, I must use my organisation’s safeguarding, emergency, complaints, repairs, ASB or risk escalation procedure, not OpenThoughts.

22. Website page: suggested final public version

Age Restriction and Children’s Data

OpenThoughts is a professional platform for adults aged 18+. It is not aimed at children and under-18s must not apply for membership or use member-only areas.

Because OpenThoughts supports discussion across housing, communities, safety, ASB, domestic abuse, supported housing, homelessness, damp and mould, repairs and related services, members must take extra care not to post information about residents, families, children or young people.

Do not post or upload children’s personal data, resident-identifiable information, live case details, safeguarding concerns, urgent risk information, photographs, addresses, school details, household details or confidential employer information.

You may share generalised learning, anonymised examples, templates, policies and practice resources where you have the right to share them and where no person can be identified. Removing a name is not always enough. Please remove context that could identify a child, household or case.

OpenThoughts may remove content, reject uploads, hide posts, suspend accounts, record incidents and take further action where content creates a risk to children, residents, members, employers or the platform.

OpenThoughts is not an emergency, safeguarding, complaints, repairs, legal, ASB or case-management route. If something is urgent or relates to a live concern, follow your organisation’s own safeguarding, emergency, complaints, repairs, ASB or risk escalation procedure.

23. Source notes

This policy has been prepared with reference to the ICO Children’s Code / Age Appropriate Design Code guidance, including the point that the Code applies to relevant information society services likely to be accessed by children in the UK and is not limited only to services specifically directed at children. It also reflects ICO guidance that the Code helps organisations safeguard children’s personal data and demonstrate compliance with data protection law.

Official source references to retain for policy evidence:

ICO: Age appropriate design: a code of practice for online services

ICO: Services covered by the Children’s Code

ICO: Introduction to the Children’s Code

ICO: Children’s Code guidance and resources

Strengthened Breach Response Procedure Policy

Personal Data Breach, Security Incident and Near-Miss Management Procedure

Important note: This policy is a governance and operational template. It does not replace tailored legal advice. OpenThoughts should review and approve it against its actual platform design, data flows, suppliers, insurance position and contractual arrangements before publication or internal adoption.

1. Purpose

This policy sets out how OpenThoughts will identify, contain, assess, record, escalate, report, communicate and learn from personal data breaches, security incidents and near misses. It is designed to protect members, contributors, advertisers, suppliers, staff and the integrity of the OpenThoughts platform.

ensure incidents are recognised and escalated quickly;

minimise harm to individuals and the organisation;

meet UK GDPR and Data Protection Act 2018 accountability obligations;

support timely decisions on whether the Information Commissioner's Office (ICO) or affected individuals must be notified;

create a complete evidence trail for all incidents, including those not externally reportable;

embed learning so that controls, training, contracts and platform design improve over time.

2. Scope

This procedure applies to all information security incidents and suspected or confirmed personal data breaches involving OpenThoughts data, systems, website, membership areas, communities, resources, forums, newsletters, advertising relationships, analytics, moderation activity or supporting suppliers.

2.1 In scope

member registration data and email verification information;

forum posts, private messages, comments, resource uploads and community contributions;

advertiser and supplier contact, contract and billing records;

newsletter, marketing, event and consent records;

website analytics, cookie identifiers and device information where linked or linkable to an individual;

administrator accounts, passwords, access logs and authentication records;

payment, invoice and accounting records;

complaints, moderation, safeguarding-style concern notes, disputes and investigation records;

records shared with or received from platform providers, hosting companies, email tools, analytics tools, payment processors, CRM tools, design contractors, moderators, advertisers or other processors.

2.2 Out of scope but still reportable internally

Events that do not involve personal data may still be security incidents and must be reported internally. For example, website defacement, attempted phishing, malware alerts, denial-of-service activity, failed login spikes, suspected credential stuffing, or unauthorised changes to website content. These may become personal data breaches if personal data is accessed, lost, altered, disclosed or becomes unavailable.

3. Definitions

4. Legal and regulatory basis

This policy is aligned to UK GDPR, the Data Protection Act 2018 and ICO breach-management expectations. The ICO expects organisations to have procedures to detect, manage and record personal data breaches, to assess all incidents, and to report relevant breaches within statutory timescales.

UK GDPR Article 5(1)(f): integrity and confidentiality principle.

UK GDPR Article 32: security of processing.

UK GDPR Article 33: notification of a personal data breach to the supervisory authority where required.

UK GDPR Article 34: communication of a personal data breach to affected individuals where required.

UK GDPR Article 33(5): requirement to document facts, effects and remedial action for personal data breaches.

Accountability principle: OpenThoughts must be able to demonstrate compliance through records, decisions, controls and learning actions.

5. Policy statement

OpenThoughts will treat all suspected data breaches seriously, act promptly, put people first, and maintain a clear evidence trail. The organisation will not ignore low-level incidents, near misses or supplier-reported issues because these provide early warning signs and opportunities to reduce future harm.

All incidents must be reported immediately using the internal breach route.

No individual should attempt to hide, delay or quietly fix a potential breach without logging it.

The 72-hour ICO reporting clock may begin when OpenThoughts becomes aware of a personal data breach, not when the investigation is complete.

When facts are incomplete, OpenThoughts will make proportionate decisions using the information available, update records as facts change, and, where needed, notify in phases.

Affected individuals will be told clearly and without unnecessary delay where the breach is likely to result in a high risk to their rights and freedoms.

Suppliers and advertisers must cooperate promptly where their systems, content or conduct may have caused or contributed to an incident.

6. Roles and responsibilities

7. Breach response principles

Speed with control: respond quickly but record decisions and avoid uncontrolled changes that destroy evidence.

Contain first, investigate in parallel: stop further exposure while preserving logs and affected data samples.

People-first risk assessment: assess harm from the affected person's perspective, not only from the organisation's reputational perspective.

Least disclosure: share incident information only with those who need it to respond.

Evidence-led decisions: document what is known, unknown, assumed, decided and completed.

No blame reporting culture: encourage rapid reporting so incidents can be contained and learned from.

8. Examples of reportable incidents and near misses

9. Immediate reporting route

Any suspected breach must be reported immediately and no later than the same working day. Where an incident is discovered outside working hours, the person discovering it should use the emergency contact route set by OpenThoughts.

10. First 24-hour response checklist

11. Breach response stages

12. Risk assessment framework

Every incident involving personal data must be assessed using the following factors. The assessment must be completed even where OpenThoughts decides not to notify the ICO or affected individuals.

13. Severity rating matrix

14. ICO notification decision

OpenThoughts must notify the ICO without undue delay and, where feasible, within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. A decision not to notify must be recorded with reasons.

14.1 Information normally needed for ICO notification

nature of the personal data breach;

categories and approximate number of individuals affected;

categories and approximate number of personal data records affected;

name and contact details of the Data Protection Lead or other contact point;

likely consequences of the breach;

measures taken or proposed to address the breach, including mitigation;

reasons for any delay if notification is later than 72 hours;

whether affected individuals have been or will be informed.

14.2 Phased notification

If not all facts are known within the reporting window, OpenThoughts may submit an initial notification with available information and provide updates as the investigation progresses. The evidence log must record what was known at each point, why decisions were made and when updates were sent.

15. Communicating with affected individuals

OpenThoughts must communicate a personal data breach to affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. Even where legal notification is not required, OpenThoughts may still choose to communicate if doing so is transparent, proportionate and helpful.

15.1 Affected-individual notice should include

a clear description of what happened in plain English;

what information was involved;

when the incident happened and when OpenThoughts became aware;

what OpenThoughts has done to contain and reduce risk;

what the person can do to protect themselves;

contact details for questions or concerns;

whether the ICO has been informed, where appropriate;

an apology where appropriate, without making speculative admissions or unsupported claims.

15.2 Communication standards

Use clear, accessible UK English.

Avoid minimising language where risk exists.

Do not overload affected people with technical terms.

Provide alternative formats or reasonable adjustments where required.

Coordinate communications where email or website channels have been compromised.

Keep a copy of all versions sent and the recipient list.

16. Supplier, processor and advertiser breach obligations

Contracts with suppliers, processors, advertisers and promotional partners should contain clear breach obligations. OpenThoughts should not rely on informal goodwill where third parties may handle data, generate leads, host content, run campaigns or access systems.

17. Evidence preservation and investigation pack

A restricted-access breach evidence folder must be created for each incident. Evidence must be preserved in a way that supports investigation, accountability and, if necessary, legal or regulatory review.

initial incident report and breach log entry;

screenshots, URLs, downloadable files, message headers, email copies and attachments;

system, access, admin, audit, firewall, hosting and application logs;

user account activity, IP addresses, login history and permission changes;

supplier notifications, tickets, reports and remediation evidence;

risk assessments and decision records;

ICO reports, reference numbers and correspondence;

affected-individual notification drafts, approvals, recipient lists and sent copies;

internal communications and senior approvals;

root cause review and action plan closure evidence.

18. Breach log template

19. Internal breach report form

This form should be made available to staff, contractors and moderators. It should also be adapted for supplier reporting.

20. Communications templates

20.1 Internal incident alert

Subject: Urgent data incident alert - [Incident reference]

A suspected data incident has been reported. Please do not delete, amend or forward any related material unless asked by the Data Protection Lead. The incident owner is [name]. The current containment action is [summary]. Further updates will follow. If you hold any relevant evidence, send it to [secure route] immediately.

20.2 Supplier information request

Subject: Urgent breach information request - OpenThoughts data

We have been notified of a suspected incident involving OpenThoughts data or systems. Please provide, without delay, the facts known to you, time discovered, systems affected, data categories, number of records, whether data was accessed or exfiltrated, containment steps, sub-processors involved, remedial action, likely consequences and your incident contact point. Please preserve all logs and evidence until further notice.

20.3 Affected-individual notification template

Subject: Important information about your OpenThoughts data

We are contacting you because we have identified a personal data incident that may affect you. [Explain what happened clearly]. The information involved was [data categories]. We became aware on 2026 and have taken the following action: [containment/remediation]. The possible risks are [plain English risk]. We recommend that you [practical steps]. You can contact us at [contact details]. We are sorry this happened and will update you if further information becomes available.

21. Special handling situations

22. Post-incident review

Every Amber, Red or Black incident, and any repeated Green incident or near miss, must have a post-incident review. The aim is not blame; it is learning and risk reduction.

23. Training and awareness

All staff, contractors and moderators must receive induction guidance on recognising and reporting breaches before handling personal data.

People with admin, moderation, finance, marketing, supplier-management or platform-access roles must receive role-specific training.

Refresher training should be provided at least annually and after any significant incident.

Training should include real or anonymised examples relevant to OpenThoughts, including email mistakes, forum disclosures, supplier incidents, phishing and accidental publication.

OpenThoughts should encourage a no-blame reporting culture so near misses are reported rather than hidden.

24. Testing and assurance

OpenThoughts should test this procedure at least annually through a tabletop exercise. Suggested scenarios include an accidental email disclosure, compromised administrator account, public download exposure, supplier breach, and advertiser misuse of member contact data.

25. Retention of breach records

Breach records should be retained in line with the OpenThoughts Records Retention Schedule. As a minimum, incident logs, decision records, ICO correspondence, affected-individual communications and lessons-learned evidence should be retained for long enough to demonstrate compliance, respond to complaints and defend legal or regulatory claims. Access must be restricted to those with a genuine need to know.

26. Integration with other policies and controls

Privacy Policy and privacy notices: breach handling must match promises made to users.

Cookie Policy: incidents involving analytics, tracking tools or consent platforms must be assessed.

Supplier / Advertiser Terms: third-party breach obligations must be contractually enforceable.

Data Processing Register: incident findings may require updates to processing records.

Records Retention Schedule: breach records and exposed records must follow approved retention and disposal rules.

Accessibility Statement: affected-individual communications must be accessible and available in alternative formats where needed.

Professional Advice Disclaimer: breach communications must not provide specialist legal, financial or cyber advice beyond appropriate signposting.

27. Approval checklist before adoption

28. Source guidance checked

This template has been drafted with reference to current ICO guidance on personal data breaches, breach response and monitoring, breach management accountability, reporting processes, training expectations and UK GDPR accountability requirements. OpenThoughts should check the ICO website at each review date because regulatory guidance can change.

ICO, Personal data breaches: a guide.

ICO, Data protection audit framework: personal data breach management - accountability, training and reporting processes.

ICO, Accountability and governance guidance.

UK GDPR Articles 5(1)(f), 32, 33 and 34.

Appendix A - Quick decision flow

Has something happened that could affect confidentiality, integrity or availability of personal data? If yes, log it immediately.

Is personal data involved or reasonably suspected? If yes, open breach assessment and preserve evidence.

Can the issue still cause harm? If yes, contain first and investigate in parallel.

Is there a risk to individuals' rights and freedoms? If yes or uncertain, consider ICO notification within 72 hours.

Is there likely to be a high risk to individuals? If yes, prepare affected-individual notification without undue delay.

Are suppliers, advertisers or processors involved? If yes, require urgent information and cooperation.

Have all decisions, actions and reasons been recorded? If no, update the breach log before closure.

Has learning been implemented? If no, keep the incident open with assigned actions.

Appendix B - Minimum breach file index

AI Usage Policy

A full and strengthened policy for responsible AI-generated and AI-assisted content on the OpenThoughts platform

1. Purpose of this policy

OpenThoughts is designed to help people working across social housing, local authorities, councils, community organisations and related sectors share ideas, templates, resources, conversations and practical learning. AI tools can support that mission by helping people draft, summarise, structure, translate, simplify and improve content. The purpose of this policy is to make AI use acceptable, transparent, safe and useful rather than hidden, careless or misleading.

This policy sets out what members, contributors, suppliers, advertisers and OpenThoughts itself must do when creating, uploading, adapting, promoting, moderating or relying on AI-generated or AI-assisted material.

2. Plain-English position

You may upload AI-assisted content if you are entitled to share it and you declare it clearly.

You must not upload personal, confidential, commercially sensitive or restricted information into an AI tool before sharing it on OpenThoughts.

You must not present AI-generated content as professional advice, legal advice, compliance assurance, safety advice or verified sector guidance unless it has been properly checked by a competent person.

You must not upload deepfakes, fake evidence, impersonations, misleading generated media or synthetic content designed to deceive.

You must check AI summaries, templates, translations, accessibility versions and research-style outputs before sharing them.

3. Final decision: the best solution for OpenThoughts

The recommended model is a “permitted with declaration and human checking” approach. This is stronger and more practical than banning AI-generated content, because the platform is intended to encourage open thinking, practical resource sharing and modern collaboration. It is also stronger than allowing AI without declaration, because the value of OpenThoughts depends on trust, attribution and the ability for members to understand how material was produced.

4. Scope

This policy applies to all AI-generated, AI-assisted, AI-edited or AI-enhanced material connected with OpenThoughts, including:

forum posts and group discussions

downloadable resources, templates, toolkits and checklists

blogs, articles, newsletters and learning content

member profiles, bios, comments and summaries

graphics, images, video, audio, diagrams and generated media

advertiser and supplier content

AI-assisted translations, plain-English versions and accessibility edits

moderation, search, recommendation, categorisation and content suggestion tools used by OpenThoughts

any future AI function built into the OpenThoughts website.

5. Definitions

6. Core principles

7. What members may do

Members may use AI in positive, practical and creative ways, including to:

draft first versions of templates, checklists, discussion papers and articles

turn long content into plain English, accessible summaries or quick-read guides

generate ideas for workshops, consultation prompts, resident engagement activities or learning sessions

create example forms, policies or scripts where these are clearly marked as draft or example content

improve spelling, grammar, tone, structure and readability

translate or simplify content, provided the translation or accessible version is checked before use

create images, diagrams or illustrations, provided synthetic media is not misleading and does not infringe rights

summarise public guidance or open-source material, provided the output is checked and source links are included where appropriate.

8. What members must declare

A declaration is required where AI has materially shaped the content. Minor spelling or grammar checks do not need to be declared unless the AI tool substantially rewrote the meaning, structure or conclusions.

9. Upload checkbox wording

9.1 Required upload declaration

OpenThoughts should add a compulsory checkbox at upload where content is shared as a resource, template, article, toolkit, image, downloadable file or promoted post.

9.2 AI-specific upload question

A simple yes/no field should be added:

9.3 AI declaration text box

If the answer is yes, the uploader should be asked to add a short public declaration. Suggested placeholder text:

10. Sign-up checkbox wording

The member sign-up process should include a clear acknowledgement because AI expectations should apply before the first upload or post.

11. Prohibited AI uses

Uploading confidential, personal, sensitive, commercially restricted or identifiable case information into an AI tool before sharing it on OpenThoughts, unless there is a lawful basis, proper authorisation and appropriate protections.

Publishing AI-generated legal, regulatory, health and safety, safeguarding, employment, finance, procurement or professional advice as though it is verified fact.

Using AI to create fake endorsements, false testimonials, fabricated case studies, invented statistics, fake consultation results or misleading “resident voice” material.

Creating or uploading deepfakes, voice clones, fake screenshots, fake documents, realistic synthetic people presented as real people, or manipulated media intended to mislead.

Impersonating another member, organisation, resident, regulator, councillor, supplier, advertiser or public body.

Using AI to scrape, copy, repackage or pass off another person’s material without permission or proper attribution.

Using AI to generate discriminatory, harassing, hateful, bullying, exploitative or unsafe content.

Using AI to evade moderation, generate spam, flood groups, manipulate ratings, create fake accounts or distort platform engagement.

Using AI-generated content to make claims about a supplier, advertiser, housing provider, council or individual without evidence.

Uploading AI-generated images of identifiable people without appropriate permission, context and disclosure.

12. High-risk content rules

Some content should carry stronger controls because it could affect real-world decisions, compliance, safety or organisational risk.

data protection, UK GDPR, privacy and cyber security

building safety, fire safety, damp and mould, repairs obligations, health and safety and property compliance

complaint handling, legal rights, tenancy enforcement, allocations, homelessness duties and ASB processes

financial advice, procurement, contracting, insurance, grant funding and fundraising compliance

employment, HR, conduct, disciplinary, equality law and competence requirements

safeguarding, domestic abuse, mental health, vulnerability and risk escalation

any document that claims to be “approved”, “compliant”, “legally checked”, “regulator-ready” or “board-assurance ready”.

13. Professional advice and legal advice restriction

AI-generated content can be useful for drafting, framing and exploring ideas. It should not be treated as professional advice. OpenThoughts should include the following wording wherever AI-assisted resources are uploaded in areas of legal, regulatory, safety, financial, employment or technical risk:

14. Personal data, confidentiality and AI tools

Members must not place personal data or confidential information into AI tools unless they have the right to do so and have considered data protection, confidentiality, security, supplier terms and organisational rules. This is especially important for social housing because prompts can accidentally include resident names, addresses, vulnerabilities, complaints, arrears, repairs, ASB, safeguarding details, health information or staff case data.

Do not paste resident complaints, tenancy files, repair histories, safeguarding notes, staff records, board papers, contracts, unpublished strategies or commercially sensitive data into public AI tools.

Use anonymised, fictionalised or heavily redacted examples where AI is used to help structure or simplify learning content.

If a member uses an organisational AI tool, they must still follow their employer’s AI, data protection, information security and confidentiality policies.

OpenThoughts may remove content if it appears to include personal data, confidential information or information that should not have been shared.

Where personal data may have been disclosed, the Breach Response Procedure should be followed immediately.

15. Copyright, licence and attribution rules

AI does not remove copyright responsibilities. Members must not use AI to launder, disguise, copy, repackage or pass off third-party material. If the source material is not theirs, not properly licensed, confidential, restricted or subject to another organisation’s copyright, it should not be uploaded.

Where content is uploaded under the OpenThoughts default Creative Commons approach, AI-assisted elements must be compatible with that licence and the uploader’s rights.

Members should credit original sources, creators, organisations and licences where required.

Attribution corrections should be handled through the Copyright, Attribution and Takedown Requests process.

OpenThoughts may temporarily remove content while copyright, licensing or attribution concerns are reviewed.

16. AI-generated images, video, voice and media

Generated media can be useful for blogs, learning, campaign visuals and explainers, but it creates specific risks. The following rules apply:

AI-generated or AI-edited media must be declared where it could reasonably be mistaken for real media.

Images of synthetic people should not be presented as real residents, staff members, complainants, case-study subjects or endorsers.

Voice clones and realistic impersonations are not allowed without explicit documented consent and a legitimate purpose approved by OpenThoughts.

AI-generated media must not be used to misrepresent a housing provider, council, supplier, regulator, tenant group or individual.

AI-generated “before and after”, repair, safety, damp and mould, fire safety or neighbourhood images must not be used as evidence unless clearly illustrative and labelled as such.

Advertisers and suppliers must not use AI-generated media to create false product claims, false customer testimonials or misleading performance evidence.

17. AI summaries, translations and accessibility versions

AI can help make content more accessible, but unchecked summaries and translations can change meaning or miss nuance.

AI summaries must be checked against the original before being treated as accurate.

AI translations should be checked by a competent person before they are relied upon for important decisions, legal notices, safety information or formal consultation.

AI-generated plain-English or easy-read style versions should be reviewed for accuracy, tone, dignity and accessibility.

Where an AI summary is published, it should state that the full source should be checked before action is taken.

18. OpenThoughts use of AI

OpenThoughts may use AI to improve the platform, but this should be disclosed clearly and governed carefully. Permitted uses may include:

search support and content discovery

resource tagging and categorisation

suggested related groups or resources

drafting platform guidance, help text or summaries

moderation triage or risk flagging

accessibility improvements such as summaries or alternative text suggestions

spam detection and duplicate content detection.

19. Moderation and enforcement

OpenThoughts may take action where AI use breaches this policy, member terms or platform rules. Action may include:

asking the member to add or correct an AI declaration

editing or adding a label where appropriate

temporarily hiding content while it is reviewed

removing content that is misleading, unsafe, infringing, confidential or unlawful

issuing a warning or requiring retraining/acknowledgement of the rules

restricting upload privileges

suspending or removing membership

terminating supplier or advertiser access where relevant

reporting serious issues to relevant organisations or authorities where required by law or policy.

20. Appeals and disputes

Members may challenge an AI-related moderation decision through the OpenThoughts Complaints and Appeals Policy. This includes disputes about whether AI was declared properly, whether content was misleading, whether an upload was removed fairly or whether a restriction is proportionate.

An appeal should explain what decision is being challenged, why the member believes the decision was wrong and any supporting evidence.

Content may remain hidden during an appeal where there is a risk of harm, confidentiality breach, copyright infringement, misleading claims or reputational damage.

Final appeal outcomes should be recorded for governance and learning.

21. Supplier and advertiser rules

Suppliers and advertisers may use AI to create adverts, sponsored articles, images, product explainers and promotional resources, but they must be transparent and accurate.

AI-generated claims must be backed by real evidence.

AI-generated case studies or testimonials must not be presented as real unless they are real and permission has been obtained.

AI-generated images of products, services, people, homes, repairs or outcomes must not mislead members about what is being offered.

Sponsored content that is AI-assisted must still comply with OpenThoughts advertising, supplier, accessibility, copyright and moderation rules.

OpenThoughts may reject or remove AI-assisted advertising that is exaggerated, unverifiable, unsafe, discriminatory, deceptive or inconsistent with the site’s ethos.

22. Practical labels for the website

23. Website page wording

The following wording can be used on a public AI Usage page:

24. Internal review checklist for moderators

[ ] Has the member declared material AI use?

[ ] Does the content contain personal, confidential or restricted information?

[ ] Could the content be mistaken for professional advice?

[ ] Does the content make legal, regulatory, safety, financial, employment or technical claims?

[ ] Are any statistics, case studies or evidence claims sourced or clearly caveated?

[ ] Could any image, voice, video, screenshot or case study mislead people into thinking it is real?

[ ] Does the content respect copyright, Creative Commons rules and attribution expectations?

[ ] Is the content discriminatory, harmful, defamatory, manipulative or unsafe?

[ ] Does the content need a label, disclaimer, correction, temporary removal or escalation?

[ ] Does the issue need to be recorded in the moderation log, IP complaint register, breach log or complaints register?

25. Records to keep

OpenThoughts should maintain proportionate records of AI-related governance decisions, including:

AI-related moderation decisions

member warnings or restrictions for AI misuse

AI declaration corrections

removed AI-generated or AI-assisted content

deepfake, impersonation or synthetic media concerns

copyright, attribution and takedown issues involving AI

data protection or confidentiality concerns linked to AI prompts or outputs

supplier and advertiser AI content disputes

platform AI tools used by OpenThoughts and their purposes

AI risk assessments and review notes.

26. Governance and review

Because AI tools, regulation and public expectations are changing quickly, this policy should be reviewed at least every six months. It should also be reviewed after any serious AI-related incident, complaint, takedown request, data protection issue, misleading content concern or major change to platform functionality.

The Platform Owner should approve the policy and any material changes.

Moderators should receive short guidance on how to apply the policy consistently.

Upload and sign-up wording should be tested with members to make sure expectations are clear.

Suppliers and advertisers should be required to comply through their terms and booking process.

The policy should be cross-linked from the Upload Agreement, Member Terms, Privacy Policy, Copyright and Takedown page, Complaints and Appeals page and Supplier / Advertiser Terms.

27. Implementation plan

28. Source and reference notes

This policy has been prepared as a practical governance document for OpenThoughts and should be checked before formal adoption. It is informed by current UK expectations around responsible AI, transparency, accountability and data protection. Key reference points include:

ICO guidance on AI and data protection: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/guidance-on-ai-and-data-protection/

ICO generative AI and data protection consultation response: https://ico.org.uk/about-the-ico/what-we-do/our-work-on-artificial-intelligence/response-to-the-consultation-series-on-generative-ai/

UK Government AI regulatory principles: safety, security and robustness; transparency and explainability; fairness; accountability and governance; contestability and redress: https://www.gov.uk/government/publications/implementing-the-uks-ai-regulatory-principles-initial-guidance-for-regulators/implementing-the-uks-ai-regulatory-principles-initial-guidance-for-regulators

OpenThoughts should take legal advice where AI use intersects with data protection, confidentiality, professional advice, intellectual property, regulated advertising, employment, safeguarding or safety-critical content.

Appendix A - Recommended member-facing AI declaration examples

This post was drafted with AI support and edited by me before sharing.

This template was AI-assisted and has been adapted from my own experience. Please check it against your organisation’s policies before use.

This summary was generated with AI support and checked against the original document.

This image is AI-generated and used for illustrative purposes only.

This is an AI-assisted plain-English version. Please refer to the original policy for formal wording.

This resource is a draft/example and not professional advice.

Appendix B - AI incident escalation guide

Defamation and Reputational Risk Policy

Forum, resource, comment, article, supplier and member content controls

This policy explains how OpenThoughts supports constructive discussion while managing legal, fairness and reputational risk.

1. Recommended Decision

Decision: OpenThoughts should adopt a clear, published defamation and reputational risk policy that permits robust sector learning and constructive challenge, but prohibits unverified allegations, personal attacks, naming individual staff negatively, unsupported claims of unlawful conduct, malicious or reckless statements, and content that creates avoidable legal or reputational risk for OpenThoughts or others.

Best solution for the site: The policy should sit publicly as a plain-English page called “Safe, Fair and Responsible Discussion”, while the full operational policy is retained internally for moderators and decision-makers. This gives members clear expectations before they post, gives moderators a consistent basis for action, and protects the site ethos: open-source learning without becoming a place for blame, rumour or reputational harm.

2. Legal and Risk Context

OpenThoughts is a UK-facing platform for professional discussion, shared resources, templates, ideas and sector learning. Because the site will include forums, comments, resource descriptions, adapted documents, supplier content and member-generated posts, it needs clear guardrails for reputational risk.

Under the Defamation Act 2013, a statement is not defamatory unless its publication has caused, or is likely to cause, serious harm to the reputation of the claimant. For bodies that trade for profit, serious harm means serious financial loss or likely serious financial loss.

The Act also includes defences including truth, honest opinion and publication on a matter of public interest, but OpenThoughts should not rely on members understanding these legal tests before posting. The safer approach is clear user rules, evidence standards and fast moderation routes.

The Online Safety Act 2023 also reinforces the importance of user-to-user services having systems and processes to reduce risks from illegal content and to respond when content appears. OpenThoughts should treat legal and reputational complaints as platform governance issues, not only as informal disputes.

Source references: Defamation Act 2013 - legislation.gov.uk; Defamation Act 2013 explanatory notes on serious harm; UK Government Online Safety Act explainer

3. Purpose of this Policy

Protect OpenThoughts as a professional, trusted and constructive sector platform.

Allow open discussion, honest learning and improvement without allowing personal attacks, rumour or unfair reputational harm.

Give members, advertisers and suppliers clear rules before they post, upload, comment or publish.

Give moderators a fair and consistent decision framework.

Create a clear route for complaints, corrections, takedowns, appeals and repeated misuse.

Support the OpenThoughts ethos: share what helps the sector learn; do not use the platform to attack, shame or accuse others without proper basis.

4. Scope

Out of scope: This policy does not replace the Privacy Policy, Data Protection Complaints process, Copyright and Takedown Requests policy, AI Usage Policy, Accessibility Statement, Supplier / Advertiser Terms, or the wider Platform Complaints and Appeals Policy. Those documents should cross-refer to this policy where reputational risk or harmful allegations are involved.

5. Core Principles

6. The Clear Line for Members

OpenThoughts position: Say what happened, what was learned, what could improve and what evidence supports it. Do not use the platform to accuse, shame, threaten or speculate about people or organisations.

7. Prohibited Defamation and Reputational Risk Content

Unverified allegations about unlawful, dishonest, corrupt, discriminatory, abusive, negligent, unsafe or malicious behaviour.

Negative naming of individual staff members, residents, board members, councillors, contractors, suppliers or members of the public.

Accusations that an organisation has acted unlawfully unless the matter is public, evidenced, proportionate and responsibly framed.

Claims based on rumour, hearsay, screenshots without context, private messages, anonymous sources, or “people are saying” statements.

Content that invites pile-ons, harassment, targeted pressure, doxing, humiliation or coordinated reputational attack.

Misleading editing of quotes, images, recordings, AI outputs, case studies or documents.

Content that presents opinion as fact where it could damage reputation.

Personal grudges, employment disputes, live complaints, litigation, grievance matters or unresolved contractual disputes framed as public allegations.

Posting confidential, privileged, embargoed, internal or commercially sensitive information to support an allegation.

AI-generated accusations, summaries or profiles that have not been checked and evidenced by a human.

8. Responsible Framing Rules

Members should use neutral, evidence-led language, especially when discussing named organisations, suppliers, policies, public decisions, published Ombudsman findings, regulatory action or sector incidents.

9. Website-Ready Public Page Wording

Recommended page title: Safe, Fair and Responsible Discussion

OpenThoughts is here for learning, not personal attacks

OpenThoughts exists to help people across housing, local government and related sectors share ideas, resources, practice and learning. We welcome constructive challenge. We do not allow the platform to be used for unverified allegations, personal attacks, naming individual staff negatively, or damaging claims that cannot be responsibly evidenced.

Talk about issues, processes and learning

Please focus on what happened, what the learning is, what could improve, and what evidence supports your point. Discuss policies, systems, service design, communication, engagement, outcomes and resident experience. Do not attack individuals.

Do not post unverified allegations

Do not post allegations that a person or organisation has acted unlawfully, dishonestly, corruptly, abusively, discriminatorily, negligently or maliciously unless the matter is public, evidenced, proportionate and responsibly framed. OpenThoughts may remove or restrict content that creates legal or reputational risk.

Naming people

Do not name individual staff members, residents, complainants, contractors or members of the public in a negative or accusatory way. Where a public report names someone, still focus on the published learning and avoid unnecessary personal criticism.

If something is serious

If your concern involves danger, safeguarding, fraud, discrimination, criminal activity, data breach, professional misconduct or unlawful behaviour, use the proper reporting route first. OpenThoughts is not a regulator, court, employer grievance process or complaints body.

Moderation

We may edit, hide, remove or restrict content where it creates legal, safety, confidentiality, data protection or reputational risk. We will look at genuine concerns properly. We will not enter into circular arguments about obvious breaches.

10. Sign-Up, Upload and Posting Controls

10.1 Recommended sign-up checkbox

I agree to use OpenThoughts for constructive professional discussion and shared learning. I will not post unverified allegations, personal attacks, negative naming of individual staff members, or content that could unfairly damage the reputation of a person or organisation.

10.2 Recommended upload checkbox

I confirm that this upload does not contain unverified allegations, confidential information, personal attacks, negative naming of individual staff members, or content that could create avoidable legal or reputational risk. I have removed or anonymised unnecessary names and identifiers.

10.3 Recommended forum reminder

Before posting: is this evidence-led, fair, necessary and focused on learning? Please discuss issues, processes and improvement, not personal attacks.

11. Moderation and Review Process

12. Defamation and Reputational Risk Triage Matrix

13. Naming Individuals and Organisations

13.1 Individual staff members and private individuals

Do not name individual staff members negatively.

Do not identify people through job title plus organisation if that would make them easy to identify.

Do not upload screenshots, letters, call notes, complaint records or correspondence showing names, email addresses, phone numbers, signatures or personal identifiers unless there is a clear lawful basis and moderation approval.

Use role-level or process-level wording instead, such as “the repairs team”, “the contractor pathway”, “the complaint escalation stage” or “the communication process”.

13.2 Organisations

Named organisations may be discussed where the discussion is factual, fair, proportionate, relevant and preferably based on public information.

Where criticism is based on a public report, link or clearly identify the public source and focus on learning.

Do not imply unlawful conduct, dishonesty, corruption or deliberate harm unless that is clearly supported by a public, reliable source and is framed responsibly.

Where in doubt, anonymise the organisation and focus on the learning point.

14. Reports, Complaints and Appeals

15. Defamation / Reputational Risk Report Form

16. Repeat Misuse and Member Sanctions

17. AI, Images, Video and Misleading Media

AI-generated or AI-assisted content must be declared in line with the AI Usage Policy.

AI must not be used to generate allegations, fake evidence, fabricated quotes, false screenshots, false images, manipulated recordings or misleading profiles.

Deepfakes, impersonation, misleading generated media and synthetic content that could damage a person or organisation are prohibited.

AI summaries of reports, complaints, Ombudsman findings or regulatory documents must be checked by a human before publication.

Where AI content discusses a named organisation, the author must verify the source material and avoid presenting AI interpretation as fact.

18. Evidence Preservation and Records

OpenThoughts should keep a Moderation and Legal Risk Register for high-risk reports, legal threats, takedown decisions and appeals.

Before removing high-risk content, capture a secure copy of the content, URL, date, author account, report received and moderation decision, unless doing so would itself create an unlawful retention risk.

Retain records in line with the Records Retention Schedule and data protection principles.

Do not share complainant details with the author unless necessary, lawful and proportionate.

Where formal legal correspondence is received, keep an audit trail and seek legal advice before making detailed admissions, denials or public statements.

19. Moderator Decision Checklist

Is a person, organisation, supplier, staff member, contractor or resident named or identifiable?

Does the content allege unlawful, dishonest, corrupt, abusive, discriminatory, unsafe, negligent or malicious behaviour?

Is the statement presented as fact, opinion, experience or question?

What evidence is provided? Is it public, reliable and proportionate?

Could the same learning point be made without naming the person or organisation?

Is the content necessary for sector learning, or is it mainly personal attack or reputational pressure?

Does the content include personal data, confidential material, screenshots or private correspondence?

Is there any indication of live litigation, employment dispute, grievance, police matter, safeguarding matter or regulator involvement?

Would a reasonable reader understand the content as fair comment and learning, or as an accusation?

Should the content be left live, edited, anonymised, hidden, removed, locked, escalated or referred for legal advice?

20. Template Responses

20.1 To a member whose post needs editing

Thanks for contributing to OpenThoughts. Your post raises a potentially useful learning point, but some wording could create reputational or legal risk because it names or identifies a person/organisation and includes allegations that are not evidenced on the platform. Please reframe the post around the issue, process, evidence and learning, and remove unnecessary names or identifying details. We are happy to support constructive challenge, but we cannot host personal attacks or unverified allegations.

20.2 To a complainant reporting reputational concern

Thank you for raising this concern. We will review the content against our Defamation and Reputational Risk Policy. While we review it, we may temporarily hide or restrict the content if we believe there is a potential legal, safety, confidentiality, data protection or reputational risk. We may ask you for further information, including the exact wording you are concerned about, where it appears, why you believe it is inaccurate or harmful, and what outcome you are requesting.

20.3 Moderation outcome: content removed

We have removed or restricted the content because it did not meet OpenThoughts’ rules on safe, fair and responsible discussion. The platform supports constructive learning and challenge, but we do not allow unverified allegations, personal attacks, negative naming of individual staff members, or content that creates avoidable legal or reputational risk. You may appeal this decision through the Platform Complaints and Appeals Policy, unless the content involved an obvious breach or formal legal risk.

21. Implementation Plan

22. Governance and Review

Appendix A: Plain-English Member Guide

Be brave about ideas, but careful with allegations.

Challenge systems, not people.

Use evidence, not rumour.

Anonymise where possible.

Do not name staff members negatively.

Do not accuse an organisation of breaking the law unless you are relying on public, reliable evidence and you frame it responsibly.

If the issue is serious, use the proper reporting route first.

OpenThoughts may remove content if it creates legal or reputational risk, even if the author intended to help.

Creative Commons Licence Decision, Upload Terms and Attribution Rules

Recommended default licence: CC BY-NC-SA 4.0 International

1. Purpose of this document

This document sets out the recommended Creative Commons licensing position for OpenThoughts and provides ready-to-use wording for the website, sign-up flow, upload flow, attribution guidance and contributor agreement. It is designed to reduce ambiguity, protect the platform, and make clear to members and contributors what they are agreeing to when they upload or use shared materials.

It should be used alongside the OpenThoughts privacy policy, terms of use, cookie policy, professional advice disclaimer, supplier/advertiser terms, accessibility statement, records retention schedule and breach response procedure.

2. Executive recommendation

The recommended default licence for OpenThoughts is:

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

This should be the default licence for normal community contributions and platform-published learning content, unless a specific page, download, advertiser submission, commissioned resource, paid product or third-party material clearly states a different licence or usage permission.

3. Why CC BY-NC-SA 4.0 is the best fit for OpenThoughts

It supports the movement philosophy: OpenThoughts is built around sharing ideas, resources, practical learning and sector-wide improvement. The licence allows people to copy, share, adapt and build on material, which matches the platform’s open learning purpose.

It protects against commercial extraction: The NonCommercial element means others cannot take member-shared resources and use them primarily for commercial advantage or monetary compensation without separate permission.

It preserves the commons: The ShareAlike element means adapted versions must be shared under the same terms, helping to prevent a shared sector resource being closed down, re-sold or locked away.

It gives contributors credit: The Attribution element requires users to credit the creator, link to the licence and indicate if changes were made.

It is familiar and globally recognised: Creative Commons licences are widely recognised and suitable for copyrightable works such as text, templates, diagrams, learning materials and guidance documents.

It creates a clear upload standard: The same default position can be built into sign-up, upload forms, resource pages, website terms and contributor prompts.

4. Important limitation: the deed is not the legal licence

OpenThoughts should not rely only on the plain-English Creative Commons deed. Creative Commons makes clear that the deed is a summary, not the legal code. The binding licence terms are contained in the legal code. The website should therefore link to both the readable deed and the full legal code, and explain that users are responsible for checking the official licence terms before relying on them.

Official licence deed: https://creativecommons.org/licenses/by-nc-sa/4.0/

Official legal code: https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode

5. Scope: what the default licence should apply to

6. Plain-English website explanation

Recommended wording for the public website:

7. Upload checkbox wording

The upload form should include mandatory unchecked boxes. The contributor should not be able to upload until each required box is ticked.

☐ Rights ownership: I confirm that I own this material or have the necessary rights and permissions to upload it to OpenThoughts.

☐ Creative Commons licence: I agree that, unless OpenThoughts agrees otherwise in writing, this material will be made available under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International licence, known as CC BY-NC-SA 4.0.

☐ Non-commercial sharing: I understand that other users may copy, share, adapt and build on this material for non-commercial purposes, with attribution and under the same licence.

☐ No restricted material: I confirm that the material does not contain confidential information, personal data, resident-identifiable details, commercially sensitive information, copyrighted third-party material, or anything I am not allowed to share.

☐ No professional advice reliance: I understand that OpenThoughts is a learning and sharing platform, and uploaded resources should not be presented as legal, financial, regulatory, medical, procurement or professional advice unless this is expressly authorised and properly qualified.

☐ Accuracy and responsibility: I confirm that the material is accurate to the best of my knowledge and that I remain responsible for the content I upload.

8. Sign-up checkbox wording

The member sign-up flow should include a licence acknowledgement, so members cannot later say that they did not realise the platform used Creative Commons sharing terms.

☐ I understand that OpenThoughts is a sector learning and collaboration platform where eligible content may be shared under Creative Commons terms.

☐ I understand that, unless stated otherwise, free resources and member-uploaded materials may be available under CC BY-NC-SA 4.0.

☐ I agree not to upload material unless I have the right to share it and license it on these terms.

☐ I agree not to use OpenThoughts content for commercial purposes unless the licence permits it or I have separate written permission.

☐ I agree to give proper attribution when reusing, adapting or sharing OpenThoughts materials.

9. Attribution wording

OpenThoughts should give users a simple copy-and-paste attribution format. This should appear near downloads and in a help page.

Recommended attribution format:

Example:

“Resident Engagement Workshop Template” by Jane Smith, shared via OpenThoughts, licensed under CC BY-NC-SA 4.0. Available at: www.openthoughts.example/resources/resident-engagement-workshop-template. Changes made: shortened and adapted for a neighbourhood consultation session.

10. Commercial use restriction

OpenThoughts should define commercial use in plain English without trying to rewrite the official licence. Suggested wording:

11. Platform terms: licence grant to OpenThoughts

OpenThoughts also needs permission to host, display, moderate, back up, preserve and make uploaded content available. The Creative Commons licence governs reuse by the public or members, but the platform terms should include a separate operational licence from the contributor to OpenThoughts.

Recommended clause:

12. What users must not upload

Material they did not create and do not have permission to share under CC BY-NC-SA 4.0.

Confidential employer documents, internal board papers, unpublished strategies, procurement documents, commercial proposals or legally privileged material.

Personal data, resident names, addresses, photographs, case references, complaints details or identifiable lived-experience stories unless fully anonymised and lawfully shared.

Images, logos, diagrams, paid templates, screenshots or extracts owned by third parties unless the contributor has explicit permission or the licence is compatible.

Material that is defamatory, discriminatory, harassing, misleading, unsafe or unlawful.

Professional advice presented as definitive legal, financial, regulatory, medical, safeguarding, procurement or technical advice without appropriate qualification and approval.

13. Recommended content labels

14. Decision note: why not another licence?

15. Governance controls

Upload moderation: OpenThoughts should retain the right to review, reject, edit, remove, restrict or relabel uploaded content at any time.

Licence visibility: Every download page should display the licence label, attribution format and reuse restriction before download.

Audit trail: The platform should record who uploaded the resource, when they uploaded it, which boxes they ticked, what licence was accepted and the version of terms in force at that time.

Takedown process: OpenThoughts should provide a route for copyright complaints, confidentiality concerns, data protection concerns and licence disputes.

Commercial permissions: Requests for commercial reuse should be routed to OpenThoughts for written permission and, where needed, consent from the original contributor.

Annual review: The licence model should be reviewed annually alongside the platform’s commercial model, advertiser offer, paid resource strategy and legal risk register.

16. Takedown and licence dispute clause

Recommended website clause:

17. Implementation checklist

☐ Add CC BY-NC-SA 4.0 wording to the website footer, terms of use and resource library pages.

☐ Add sign-up acknowledgement checkboxes for licence awareness and non-commercial use.

☐ Add upload checkboxes confirming ownership, permission, licence acceptance and no restricted material.

☐ Show the licence label and attribution wording on each eligible resource page.

☐ Create a “How to Attribute OpenThoughts Resources” help page.

☐ Separate advertiser/supplier content from member resource content.

☐ Create a takedown and rights complaint route.

☐ Record consent, licence version and timestamp for each upload.

☐ Train moderators/admins on copyright, confidentiality, personal data and commercial use red flags.

☐ Review paid content, premium resources and supplier materials so they are not accidentally licensed under CC BY-NC-SA 4.0.

18. Recommended final policy statement

19. Source references for final checking

Creative Commons CC BY-NC-SA 4.0 deed: https://creativecommons.org/licenses/by-nc-sa/4.0/

Creative Commons CC BY-NC-SA 4.0 legal code: https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode

Creative Commons licence chooser: https://creativecommons.org/chooser/

Creative Commons licence overview: https://creativecommons.org/cc-licenses/

20. Legal review note

This document is a policy and operational drafting aid. It is not legal advice. OpenThoughts should obtain professional legal advice before publication, particularly because the site will combine member-generated content, supplier/advertiser activity, possible paid resources, professional sector discussion and user uploads.

Copyright, Attribution and Takedown Requests Policy

A strengthened notice-and-takedown process for shared resources, templates, logos, adapted documents and member-generated content

1. Purpose of this policy

OpenThoughts is designed as an open-source thinking and resource-sharing space for the UK housing, local authority and community sectors. Its value depends on members being able to share learning, templates, adapted documents, presentations, tools, discussion prompts, case studies and practical resources in a safe, lawful and respectful way.

This policy creates a formal, transparent and fair route for copyright, trade mark, attribution and intellectual property complaints. It explains what someone must provide when reporting a concern, what OpenThoughts will do during review, when content may be temporarily removed, how originators can challenge misuse, how attribution corrections are handled and what happens if a member repeatedly uploads material they do not own or cannot licence.

2. Recommended decision

This approach is the best fit for the site because OpenThoughts will host a high volume of member-shared material, including resources that may be adapted from organisational templates, presentations, policy wording, logos, images, diagrams, meeting packs and training tools. A clear takedown route protects contributors, reduces the risk of misuse, supports trust in the platform and reinforces the Creative Commons ethos without allowing “open sharing” to become accidental copying.

3. Scope

This policy applies to content uploaded, posted, linked, embedded, displayed, shared or adapted through OpenThoughts, including:

resource library documents, templates, checklists, reports, slide decks and spreadsheets;

forum posts, group posts, comments, articles, blogs and member updates;

images, photographs, graphics, icons, diagrams, illustrations, infographics and screenshots;

logos, badges, organisational marks, branded templates and trade marks;

training materials, workshop tools, facilitation resources and forms;

advertiser, sponsor, supplier and partner content;

materials adapted from other organisations, publications, conferences, websites or internal work products;

metadata such as creator name, licence wording, attribution statement and source link.

4. Definitions

5. OpenThoughts upload rule

The following rule should appear at sign-up, upload, resource contribution and supplier/advertiser submission points:

6. Required upload declarations

OpenThoughts should add mandatory checkboxes to the upload journey. These reduce later disputes and help evidence the basis on which content was accepted.

☐ I confirm that I created this content, own the rights, or have permission to upload and share it through OpenThoughts.

☐ I confirm that the content does not include third-party copyright material unless I have permission or it is clearly identified and lawfully reusable.

☐ I confirm that the content does not include logos, branding, photographs, screenshots, paid resources, confidential documents or employer-owned material unless I am authorised to share them.

☐ I understand that eligible member-shared resources may be made available under CC BY-NC-SA 4.0 International, unless OpenThoughts has approved a different licence or restriction.

☐ I understand that OpenThoughts may remove, restrict or edit metadata for this content if a copyright, attribution or IP concern is raised.

☐ I understand that repeated misuse may lead to upload restrictions, suspension or removal of my account.

7. Public website page wording

The following wording can be used as the public page, with practical contact details added before publication.

8. How to report a copyright, attribution or IP concern

A complainant should be asked to provide enough information for OpenThoughts to identify the content, understand the concern and assess what action is proportionate. OpenThoughts should provide a form as well as an email route.

9. Complaint intake and acknowledgement

10. Triage categories

11. What OpenThoughts will do while reviewing

☐ Log the complaint with date, time, complainant, content URL, uploader, evidence received and initial risk rating.

☐ Preserve a copy of the content, upload metadata and relevant communications before removal where lawful and proportionate.

☐ Consider whether the content should be temporarily hidden, download-disabled, access-restricted or left online during review.

☐ Contact the uploader unless doing so would increase risk or conflict with legal advice.

☐ Ask the uploader for evidence of ownership, permission, licence, source, employer authorisation or lawful reuse.

☐ Assess whether attribution can solve the concern or whether rights/permission are genuinely disputed.

☐ Keep communications neutral and avoid giving legal advice to either party.

☐ Escalate to the platform owner and legal adviser where there is serious risk, repeated misuse or a threat of legal action.

12. When content may be removed temporarily

Temporary removal is a risk-control step, not a final finding that infringement has occurred. It should be used where proportionate, especially when continuing publication could cause further harm or make the dispute worse.

13. Uploader response process

Where content is challenged, the uploader should be given a fair opportunity to explain the rights position unless immediate removal is required. OpenThoughts should ask for practical evidence, not assumptions.

☐ Confirm whether the uploader created the material personally.

☐ Confirm whether the uploader created it in the course of employment and, if so, whether their employer allows sharing.

☐ Ask whether any third-party content is included, such as photos, icons, extracts, screenshots, logos or branded templates.

☐ Ask for any licence, written permission, source link or evidence that the material is available for reuse.

☐ Ask whether the material has already been published under Creative Commons or another open licence.

☐ Ask whether the uploader is willing to amend, remove third-party elements, correct attribution or replace the file.

14. Decision outcomes

15. Attribution correction process

Not every issue requires full takedown. OpenThoughts should actively encourage correction where the problem is credit, licence wording or source information. This supports the site ethos of openness, learning and respect for originators.

16. How originators can challenge misuse

An originator should be able to challenge misuse without needing to become a member. The process should respect creators and keep communication clear.

☐ Originators can submit a complaint form or email OpenThoughts directly.

☐ OpenThoughts will ask for evidence of ownership, original source or authority to act.

☐ OpenThoughts may temporarily hide the disputed content while the issue is reviewed.

☐ OpenThoughts may contact the uploader for evidence and explanation.

☐ OpenThoughts may correct attribution, restrict access, remove content or refuse the request depending on the evidence.

☐ OpenThoughts will confirm the outcome to the originator where appropriate.

☐ OpenThoughts will not disclose unnecessary personal data about members or complainants.

17. Repeat misuse and member sanctions

The member community must understand that OpenThoughts is not a place to upload whatever is useful if the uploader does not have the right to share it. Repeated misuse undermines the whole platform.

18. Supplier, advertiser and partner content

Suppliers and advertisers should be held to a higher standard because their content may promote paid services and could use third-party creative assets. The supplier/advertiser terms should include the following strengthened clause.

19. Records and evidence log

Every complaint should be recorded in a central IP complaints register. This helps spot patterns, respond consistently and demonstrate responsible platform governance.

20. Response templates

20.1 Acknowledgement to complainant

20.2 Request for further information

20.3 Notice to uploader

20.4 Attribution correction outcome

20.5 Removal outcome

21. Website form fields

22. Interaction with other OpenThoughts policies

23. Practical implementation checklist

☐ Create a footer page titled “Copyright, Attribution and Takedown Requests”.

☐ Add a “Report copyright or attribution concern” link to every resource page.

☐ Add mandatory upload checkboxes confirming ownership, permission and licence position.

☐ Add a licence/attribution metadata field to resource uploads.

☐ Add moderation guidance so admins know when to hide, correct or remove content.

☐ Create an internal IP complaints register.

☐ Update member terms to include repeat misuse sanctions.

☐ Update supplier/advertiser terms to include IP warranties and indemnity wording.

☐ Add a takedown email address or webform inbox monitored by the platform owner.

☐ Train moderators on copyright basics, Creative Commons, attribution and escalation.

☐ Review the process annually and after any serious complaint.

24. Recommended public footer wording

25. References for legal review

The following sources should be reviewed when finalising the public wording and legal terms:

Creative Commons, Attribution-NonCommercial-ShareAlike 4.0 International deed: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en

Creative Commons, Attribution-NonCommercial-ShareAlike 4.0 International legal code: https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.en

UK Intellectual Property Office / GOV.UK, Copyright notice: digital images, photographs and the internet: https://www.gov.uk/government/publications/copyright-notice-digital-images-photographs-and-the-internet/copyright-notice-digital-images-photographs-and-the-internet

GOV.UK, Intellectual property and copyright guidance: https://www.gov.uk/topic/intellectual-property/copyright

26. Final publication note

This document is a governance and implementation draft for OpenThoughts. It is not legal advice. The public webpage, member terms, supplier/advertiser terms and any indemnity wording should be reviewed by a suitably qualified legal adviser before publication or contractual use.

Accessibility Statement Policy

Strengthened website accessibility statement, operational policy and improvement framework

Important: this document is a strong policy and website statement template. It should be checked against the final live website, platform configuration, accessibility audit findings and legal position before publication.

Contents

1. Purpose of this policy

2. Accessibility commitment

3. Scope of the statement

4. Legal and standards context

5. Website accessibility statement for publication

6. What users should be able to do

7. Compliance status and known limitations

8. Non-accessible content and disproportionate burden approach

9. Third-party, member and advertiser content

10. Alternative formats and reasonable adjustments

11. Feedback, reporting barriers and complaints

12. Testing and monitoring approach

13. Roles and responsibilities

14. Accessibility by design requirements

15. Content standards for OpenThoughts editors

16. Supplier and advertiser accessibility requirements

17. Accessibility improvement plan

18. Review and governance

19. Evidence record and audit log

20. Appendix A: accessibility checklist

21. Appendix B: source notes

1. Purpose of this policy

This Accessibility Statement Policy sets out OpenThoughts’ commitment to making its website, member spaces, digital resources and published content accessible to as many people as possible. It provides both:

a strengthened accessibility statement suitable for publication on the OpenThoughts website;

an internal policy framework for maintaining accessibility as the site grows;

practical standards for content creators, moderators, suppliers, advertisers and administrators;

an improvement and evidence framework to support accountability.

OpenThoughts is designed as an open-source thinking and collaboration space for the social housing sector. Accessibility is therefore not an optional enhancement. It is central to the purpose of the movement: creating a place where housing professionals can share ideas, resources and learning without avoidable digital, communication or participation barriers.

2. Accessibility commitment

OpenThoughts is committed to providing a website and digital community that is accessible, usable and inclusive. Our aim is that people can access the site regardless of disability, neurodivergence, assistive technology, digital confidence, device type, connection quality or preferred way of engaging.

OpenThoughts will work towards meeting Web Content Accessibility Guidelines WCAG 2.2 Level AA as the target accessibility standard for the website and core digital content. This means designing and maintaining content so that it is perceivable, operable, understandable and robust.

Our commitment includes:

using plain English wherever possible;

building pages with clear headings and logical structure;

supporting keyboard navigation;

providing meaningful link text;

adding alternative text to informative images;

avoiding colour-only communication;

ensuring forms are clear and labelled;

reviewing downloadable resources for accessibility before publication;

making reasonable adjustments and alternative formats available where practicable;

embedding accessibility into supplier, advertiser and member contribution expectations.

3. Scope of the statement

This policy applies to the OpenThoughts website and associated digital services, including:

public website pages;

membership registration and login journeys;

member profile and account areas;

groups, forums and discussion spaces;

blogs, articles and insight pages;

downloadable documents, templates and resources;

event listings, booking pages and promotional pages;

advertising, sponsor and supplier promotional spaces;

contact, enquiry, consent and subscription forms;

email templates and automated website communications where controlled by OpenThoughts.

Where OpenThoughts links to external websites, tools or third-party platforms, those external services are outside OpenThoughts’ direct control. However, OpenThoughts will seek to choose accessible tools and suppliers wherever reasonably possible.

4. Legal and standards context

OpenThoughts is not being presented here as a public sector body. However, because its intended audience includes housing associations, councils, local authorities and professionals delivering public-facing services, the site should adopt a strong accessibility approach aligned with recognised UK public sector expectations and international accessibility standards.

The Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 require public sector bodies to make websites and mobile apps accessible and to publish an accessibility statement. Although OpenThoughts may not be directly in scope as a private or independent platform, using this structure creates a stronger, more credible standard.

The Web Content Accessibility Guidelines are internationally recognised. WCAG 2.2 is the current W3C recommendation and covers recommendations for making web content more accessible. OpenThoughts’ working target is WCAG 2.2 Level AA for core website pages and member journeys.

This policy should be reviewed if OpenThoughts changes legal status, enters into public-sector delivery contracts, receives public funding, provides commissioned services, or becomes responsible for delivering digital services on behalf of a public sector body.

5. Website accessibility statement for publication

The following section can be published on the OpenThoughts website, once the details in square brackets have been completed and checked against the live website.

OpenThoughts Accessibility Statement

This accessibility statement applies to www.openthoughts.co.uk.

OpenThoughts is committed to making its website accessible to as many people as possible. We want people using our site to be able to access information, join relevant groups, read and share resources, take part in discussions, complete forms and engage with the OpenThoughts community without unnecessary barriers.

We aim to make the website clear, inclusive and practical for people using different devices, browsers, screen readers, magnification tools, speech recognition software, keyboard navigation or other assistive technologies.

We want users to be able to:

change colours, contrast levels and fonts using browser or device settings;

zoom in without text spilling off the screen;

navigate most of the website using a keyboard;

navigate most of the website using speech recognition software;

listen to most of the website using a screen reader;

understand pages because they use clear headings and plain English;

complete forms with clear labels, instructions and error messages;

access content in alternative formats where reasonable and practicable.

We are working towards meeting the Web Content Accessibility Guidelines version 2.2 Level AA standard across the core OpenThoughts website.

Compliance status

This website is [fully compliant / partially compliant / not yet compliant] with WCAG 2.2 Level AA. We are currently working through accessibility checks and improvements as the website develops.

At the time of publication, the website may contain some areas that are not yet fully accessible. These are likely to include older documents, third-party embedded tools, member-generated content, supplier or advertiser content, and some downloadable files that were not originally created to accessibility standards.

Feedback and contact information

We welcome feedback on the accessibility of OpenThoughts. If you find any accessibility problems, need information in a different format, or experience difficulty using the site, please contact us:

Email: [email protected]

Website contact form: the OpenThoughts contact form

Postal address: [insert if applicable]

Response aim: we aim to acknowledge accessibility enquiries within 5 working days and provide a full response or next step within 20 working days.

When contacting us, please tell us the page or document you were trying to access, the issue you experienced, the assistive technology or device used if relevant, and the format or support that would help.

Alternative formats

Where reasonable and practicable, we can provide information in alternative formats such as accessible Word documents, large print, plain text, simplified summaries or other formats agreed with the person requesting support. Some specialist formats may take longer to arrange.

Reporting accessibility problems

We are always looking to improve the accessibility of OpenThoughts. If you find a problem that is not listed on this page, please tell us so we can investigate and prioritise improvements.

Enforcement and escalation

If OpenThoughts is not directly subject to public sector accessibility enforcement, users should still be able to raise concerns with OpenThoughts and expect a considered response. If OpenThoughts provides services to or on behalf of a public sector body, additional escalation routes may apply and should be identified in the relevant service or contract documentation.

Technical information about this website’s accessibility

OpenThoughts is committed to making its website accessible in line with WCAG 2.2 Level AA. We use a combination of manual checks, automated testing and user feedback to identify and resolve accessibility issues.

Preparation of this statement

This statement was prepared on 04 May 2026. It was last reviewed on 04 May 2026.

This website was last tested on 04 May 2026 using internal review, automated accessibility checks, manual keyboard checks and screen reader sampling.

The next planned accessibility review is 04 May 2026.

6. What users should be able to do

OpenThoughts should be designed so that users can complete the following core tasks as independently as possible:

7. Compliance status and known limitations

The accessibility statement must be honest. OpenThoughts should not claim full compliance unless there has been enough testing to support that statement. Until a full audit has been completed, the recommended wording is “partially compliant” or “working towards compliance”.

Known or likely limitations to review include:

PDF documents that may not be fully tagged or readable by screen readers;

older Word, PowerPoint or spreadsheet downloads without headings, alt text or accessible table structures;

embedded video or audio without captions, transcripts or summaries;

third-party plugins, widgets, membership tools or forum components;

member-generated posts that include inaccessible images, unclear links or uploaded documents;

advertiser artwork that does not meet contrast or text readability expectations;

forms with unclear labels, weak error messages or reliance on placeholder text;

visual design elements that rely too heavily on colour, icons or complex imagery;

CAPTCHA, authentication or anti-spam tools that create barriers;

interactive elements that may not have sufficient keyboard focus visibility.

8. Non-accessible content and disproportionate burden approach

Where OpenThoughts identifies non-accessible content, the default position should be to fix it. A disproportionate burden position should only be used after a reasoned assessment, not as a general excuse for inaction.

Before relying on disproportionate burden, OpenThoughts should consider:

the number and type of users affected;

the importance of the content or function;

whether the content is essential to membership, safety, rights, payment, participation or decision-making;

whether there is a lower-cost accessible alternative;

whether the issue can be resolved during normal content maintenance;

whether a third-party supplier can fix the issue;

the size, resources and stage of development of OpenThoughts;

the risk to reputation, inclusion and user trust if the issue remains unresolved.

Where a disproportionate burden decision is made, it must be recorded in the evidence log with the reason, alternative support offered, owner and review date.

9. Third-party, member and advertiser content

OpenThoughts may include content created by members, suppliers, advertisers, sponsors or third-party platforms. This creates additional accessibility risk and must be actively managed.

OpenThoughts should require contributors to follow basic accessibility rules when submitting content, including:

use clear titles and headings;

avoid images of text unless essential;

provide alt text or a short description for meaningful images;

use accessible file formats wherever possible;

avoid low contrast graphics;

avoid flashing or rapidly moving content;

use descriptive link text instead of “click here”;

ensure videos include captions or transcripts where practicable;

make paid-for promotions clearly identifiable as advertising or sponsored content;

avoid PDFs where an accessible web page would be better.

OpenThoughts may reject, pause, edit or request replacement content where supplier, advertiser or member content creates accessibility barriers or undermines the inclusive purpose of the site.

10. Alternative formats and reasonable adjustments

OpenThoughts should respond positively to reasonable requests for alternative formats or support. Alternative formats may include:

accessible Word document;

plain text version;

large print version;

simplified summary;

HTML web page instead of PDF;

captioned video or transcript;

telephone or email support where an online process is difficult;

step-by-step guidance for completing forms or joining groups.

Requests should be handled consistently using the following process:

acknowledge the request;

confirm what information or support is needed;

identify whether the requested format is reasonable and practicable;

provide the accessible alternative or explain the proposed alternative;

record the request and outcome in the accessibility evidence log;

use repeated requests as evidence for future website improvements.

11. Feedback, reporting barriers and complaints

OpenThoughts should make it easy for users to report accessibility barriers. Accessibility feedback should be treated as service improvement insight, not simply as a complaint.

The website should include a visible accessibility contact route and should capture:

name and contact details, where the user wishes to provide them;

page URL, document title or feature affected;

description of the barrier;

device, browser or assistive technology, where relevant;

impact on the user;

preferred response method;

alternative format or reasonable adjustment requested;

consent to contact the user for follow-up testing, where appropriate.

Accessibility complaints should be triaged by impact:

12. Testing and monitoring approach

OpenThoughts should use a blended testing approach. Automated testing is useful but cannot prove accessibility on its own. Manual and user-based checks are essential.

Minimum testing should include:

automated checks using reputable accessibility testing tools;

manual keyboard-only navigation across key journeys;

screen reader sampling on representative pages;

browser zoom and reflow testing at 200% and 400% where relevant;

colour contrast checks;

form label and error message checks;

review of heading hierarchy and page landmarks;

downloadable document accessibility checks;

mobile and tablet checks;

testing of new plugins, templates and major design changes before release.

Core journeys to test regularly:

homepage to joining as a member;

searching for a group;

joining or following a group;

posting or replying in a discussion;

downloading a resource;

submitting a contact enquiry;

submitting an advertiser enquiry;

viewing an advertiser or supplier page;

reading a blog article;

updating account details or preferences.

13. Roles and responsibilities

14. Accessibility by design requirements

Accessibility must be considered before publication, not retrofitted after problems occur. OpenThoughts should apply the following design rules:

design for keyboard users as well as mouse and touch users;

keep layouts responsive and avoid horizontal scrolling;

ensure focus indicators are visible;

make calls to action clear and consistent;

avoid complex navigation with hidden or unpredictable menus;

make forms short, labelled and forgiving;

avoid time limits unless essential;

allow users to pause, stop or hide moving content;

make error messages specific and helpful;

ensure membership and advertiser journeys are not dependent on inaccessible documents or images.

15. Content standards for OpenThoughts editors

Every page or article published on OpenThoughts should meet the following content standards:

16. Supplier and advertiser accessibility requirements

Suppliers and advertisers should be required to support OpenThoughts’ accessibility commitment. The following clause can be added to supplier and advertiser terms:

Supplier / advertiser accessibility clause: The Supplier or Advertiser must provide content, artwork, documents, links and promotional materials that are accessible, readable and suitable for publication on an inclusive website. OpenThoughts may reject, remove, suspend or require replacement of any material that fails to meet reasonable accessibility expectations, including poor colour contrast, unreadable text, images of text without alternative copy, inaccessible PDFs, flashing content, unclear links or content that cannot be accessed using assistive technology. The Supplier or Advertiser must co-operate promptly with reasonable accessibility improvement requests.

Advertiser artwork should also meet the following standards:

avoid small text embedded in images;

use clear contrast between text and background;

provide the same key message in text on the page, not only in the graphic;

avoid flashing animation or rapidly changing content;

ensure destination landing pages are accessible where reasonably possible;

provide alt text or image descriptions for promotional images;

ensure promotional claims and calls to action are clear.

17. Accessibility improvement plan

The improvement plan should be maintained as a live action log. A suggested starting plan is set out below.

18. Review and governance

This Accessibility Statement Policy should be reviewed:

at least annually;

after a major website redesign or platform change;

after adding a major plugin, member feature, payment function or forum feature;

after a significant accessibility complaint;

after a legal or regulatory change;

before entering into any public-sector service agreement where accessibility obligations may apply.

The published website statement should include the date it was prepared, last reviewed and last tested. These dates should be kept accurate.

19. Evidence record and audit log

OpenThoughts should maintain an evidence record to demonstrate active accessibility management. This does not need to be complex, but it should be consistent.

20. Appendix A: accessibility checklist

Use this checklist before publishing new pages, resources, advertiser content or major updates.

21. Appendix B: source notes

This document has been drafted with reference to recognised accessibility guidance and examples, including:

GOV.UK guidance on accessibility requirements for public sector websites and apps: https://www.gov.uk/guidance/accessibility-requirements-for-public-sector-websites-and-apps

GOV.UK accessibility statement example: https://www.gov.uk/help/accessibility-statement

W3C Web Content Accessibility Guidelines WCAG 2.2: https://www.w3.org/TR/WCAG22/

W3C Web Accessibility Initiative WCAG overview: https://www.w3.org/WAI/standards-guidelines/wcag/

GOV.UK Service Manual overview of WCAG 2.2: https://www.gov.uk/service-manual/helping-people-to-use-your-service/understanding-wcag

Note: these references are included for governance traceability. The final website statement should be checked against the live website, actual testing completed and OpenThoughts’ legal status before publication.

Complaints and Appeals Policy

Platform complaints, membership appeals, moderation appeals, takedown disputes, advertiser concerns, data protection complaints and conduct complaints

Recommended solution: OpenThoughts should publish a dedicated “Complaints and Appeals” page, supported by an internal complaints register, defined response times and a clear two-stage review route. This is the best fit for the ambition of the site because OpenThoughts is designed to encourage open sharing while also protecting trust, fairness, moderation standards, intellectual property, data rights and the reputation of the community. The policy should be practical, firm and transparent: genuine concerns will be reviewed properly, but OpenThoughts will not enter into circular arguments about obvious breaches, bad-faith complaints or repeated misuse of the platform.

1. Purpose of this policy

OpenThoughts exists to help people working in social housing, councils, local authorities and connected organisations share ideas, resources, learning, templates, practice examples and discussion in a constructive way. Because the platform relies on membership decisions, moderation, shared resources, advertiser relationships, data handling and member conduct, there must be a clear route for raising concerns and challenging decisions.

This policy sets out how OpenThoughts will handle platform complaints and appeals. It is not a resident complaint procedure, housing landlord complaint procedure, statutory service complaint route or substitute for any employer, regulator, ombudsman or legal process.

membership rejection queries and appeals;

moderation appeals and content restriction decisions;

resource takedown disputes and attribution concerns;

supplier and advertiser complaints;

data protection complaints and data rights concerns;

conduct complaints involving members or contributors;

concerns about unfair treatment, access, accessibility or platform process;

2. Policy position and final decision

OpenThoughts should adopt a single platform complaints and appeals framework rather than managing complaints informally by email or direct message. The site’s ambition is to be open, collaborative and sector-led, but this only works if decisions are consistent, recorded and capable of fair review.

3. Plain-English website wording

The following wording can be used on the OpenThoughts website.

OpenThoughts is built on trust, fairness and shared learning. We know that sometimes people may disagree with a decision we make about membership, moderation, uploaded resources, advertising, data protection or conduct on the platform. If you have a genuine concern, we will look at it properly, explain what we can, and take proportionate action where something has gone wrong. We will not enter into circular arguments about obvious breaches of our terms, repeated misuse, abusive behaviour or matters we have already reviewed unless new evidence is provided.

4. What this policy covers

5. What this policy does not cover

resident complaints about a landlord, local authority or housing provider service;

employment grievances between a member and their employer;

professional negligence, legal advice or commercial disputes that must be handled through a contract or formal legal route;

complaints about external websites, services or organisations that OpenThoughts does not control;

requests to resolve sector debates, personal disagreements or policy disagreements where no platform rule has been breached;

anonymous allegations where there is not enough information to review the matter, although OpenThoughts may still investigate risk or safety concerns where possible.

6. Principles

7. How to raise a platform complaint or appeal

A complaint or appeal should be submitted through the online form or by email to the published OpenThoughts contact route. The form should require enough information to understand the issue without asking people to share unnecessary personal data.

8. Response times

The following response times are recommended. They should be published so people know what to expect, but OpenThoughts should keep flexibility for complex matters, legal issues, data protection issues or matters requiring external input.

9. Stage 1: review and response

Stage 1 is the first formal review. The relevant lead should review the complaint, relevant content, policies, terms, member records, moderation notes, upload declarations, licence statements, advertiser agreements, data records and any evidence provided.

Log the complaint or appeal in the internal register.

Check whether urgent action is needed, such as temporary removal, account restriction, advertiser pause, safeguarding-style escalation, data protection escalation or IP review.

Confirm the complaint category and responsible lead.

Review the evidence and any relevant platform terms or policies.

Seek information from relevant internal roles where needed.

Decide whether the complaint is upheld, partly upheld, not upheld, outside scope or closed for another stated reason.

Send a plain-English response explaining the decision, any action taken and appeal options where available.

10. Stage 2: appeal and final review

Stage 2 is not a complete rehearing of every point. It is a review of whether the Stage 1 decision was reasonable, whether relevant evidence was missed, whether the correct policy was applied, or whether new evidence changes the outcome.

The appeal should be reviewed by someone not directly responsible for the original decision where possible.

The appellant should explain why the Stage 1 decision is wrong or incomplete.

OpenThoughts may refuse an appeal that simply repeats the same points without new evidence or a clear review reason.

The Stage 2 response should be marked as the final platform decision unless there is a legal, data protection or contractual route that remains open.

11. Membership rejection queries and appeals

OpenThoughts is designed for the housing arena and may require a confirmed housing association, council, local authority, supplier, regulator, charity, professional or relevant organisational email depending on the membership type. Membership may be refused where eligibility cannot be verified or where there is a risk to the integrity of the community.

12. Moderation appeals

OpenThoughts should allow members to appeal moderation decisions, but it must protect the community from misuse. Moderation decisions may include editing, hiding, removing or locking content; issuing a warning; pausing posting rights; suspending or removing a member; limiting access to groups; or restricting direct contact features.

13. Resource takedown disputes and attribution corrections

Where a resource is removed because of copyright, attribution, confidentiality, licence, personal data or quality concerns, the contributor may challenge the decision. OpenThoughts should keep the resource unavailable while the review is ongoing if there is a credible rights, confidentiality or data protection concern.

Attribution corrections should usually be treated as a correction request first, not as an adversarial complaint.

If attribution is missing or incomplete but the licence position is otherwise clear, OpenThoughts may correct the attribution rather than remove the resource.

If ownership, permission or licence rights are unclear, OpenThoughts may keep the resource removed unless the uploader provides evidence they are entitled to share it.

If a third-party rights holder raises a credible complaint, temporary removal is the safest default while reviewing.

Repeated upload of material a member does not own or cannot licence may lead to account restrictions or removal.

14. Advertiser and supplier complaints

Advertisers and suppliers should use this route for complaints about advert rejection, removal, copy changes, category restrictions, placement concerns, payment disputes, exclusivity concerns or platform treatment. This policy works alongside the Supplier / Advertiser Terms and Agreement. Contractual terms will take priority where there is a conflict.

15. Data protection complaints

Data protection complaints must be handled carefully and routed to the Data Protection Lead. They may include concerns about privacy notices, consent, marketing preferences, cookies, breach handling, data accuracy, deletion, access requests, membership verification, profiling or use of personal information in complaints or moderation decisions.

Log and acknowledge the complaint.

Route promptly to the Data Protection Lead.

Check whether the issue is a complaint, a data rights request, a breach concern, a consent withdrawal or a marketing preference update.

Do not disclose other members’ personal data when responding.

If a personal data breach is suspected, follow the Breach Response Procedure immediately.

Tell the person about their right to complain to the ICO where required or appropriate.

16. Conduct complaints

Conduct complaints may involve behaviour by members, contributors, advertisers, suppliers, moderators or platform representatives. OpenThoughts should respond proportionately while protecting members from harassment, discrimination, intimidation, misuse of direct messaging, spam, excessive sales pressure or bad-faith behaviour.

17. Unreasonable, repeated or bad-faith complaints

OpenThoughts should remain open to challenge, but it does not need to continue exchanges that become abusive, repetitive, unreasonable or circular. This protects staff, moderators, volunteers and members, and keeps the platform focused on constructive collaboration.

repeating the same issue after a final response without new evidence;

using abusive, threatening, discriminatory or intimidating language;

raising multiple complaints to disrupt moderation or avoid platform rules;

demanding outcomes OpenThoughts cannot provide;

sending excessive messages that prevent proportionate handling;

misusing the complaints route to harass another member, supplier or moderator.

Where this happens, OpenThoughts may limit contact to one channel, issue a final response, pause further responses, restrict account access or take further action under the member terms.

18. Confidentiality and privacy

Complaint and appeal information should be shared only with people who need it to assess, respond, investigate, take action or comply with a legal or contractual duty. OpenThoughts should avoid disclosing unnecessary personal data, private messages, identity information, membership verification information or commercially sensitive supplier details.

Complaint records should be stored securely and access should be limited.

OpenThoughts should not promise complete confidentiality where a fair review requires information to be shared with a relevant person.

People raising complaints should be asked not to include unnecessary third-party personal data.

Data protection complaints and suspected breaches should follow the relevant privacy and breach procedures.

Complaint records should be retained in line with the Records Retention Schedule.

19. Complaints and appeals register

OpenThoughts should keep a simple but robust internal register. This helps demonstrate fairness, spot repeat issues and prevent informal back-and-forth becoming the main decision record.

20. Decision outcomes

21. Public form wording

Recommended complaint form introduction:

Use this form to raise a platform complaint or appeal about OpenThoughts. This includes membership decisions, moderation decisions, resource takedown disputes, attribution issues, advertiser concerns, data protection concerns or conduct on the platform. Please explain the issue clearly and include links or evidence where relevant. We will review genuine concerns properly. We will not enter into circular arguments about obvious breaches, repeated misuse, abusive behaviour or issues we have already reviewed unless new evidence is provided.

Recommended checkbox wording:

I confirm that the information I have provided is accurate to the best of my knowledge.

I understand OpenThoughts will process this information to review and respond to my complaint or appeal.

I understand that OpenThoughts may restrict or remove content while a complaint, takedown, conduct or moderation issue is being reviewed.

I understand that abusive, threatening, discriminatory or repeated bad-faith contact may lead to the complaint being closed and/or account restrictions being applied.

22. Suggested website page structure

Page title: Complaints and Appeals

Short statement: We will review genuine concerns properly and will not enter circular arguments about obvious breaches.

What you can complain or appeal about

What this process does not cover

How to submit a complaint or appeal

What information to provide

What we may do while reviewing

Response times

Stage 1 review

Stage 2 final review

Data protection complaints

Conduct expectations when using the complaints process

Complaint form link and contact email

23. Governance, review and improvement

The Platform Governance Lead should review complaint trends quarterly during the first year of operation and at least annually after that. The purpose is not simply to count complaints, but to identify where terms, moderation rules, upload guidance, advertiser arrangements, privacy wording, accessibility, membership checks or user journeys need to be improved.

number of complaints by category;

percentage upheld or partly upheld;

common causes of confusion;

repeat conduct or upload issues;

response time performance;

policy or wording changes needed;

training or moderator guidance needed;

risks requiring escalation to the platform owner.

24. Internal responsibility matrix

25. Implementation checklist

26. Response templates

26.1 Acknowledgement template

Thank you for contacting OpenThoughts. We have received your platform complaint/appeal and will review it under our Complaints and Appeals Policy. We may contact you if we need further information. Our target is to provide a Stage 1 response within the published timescale for this type of issue.

26.2 Stage 1 decision template

We have reviewed your concern about [brief description]. We considered [evidence/policy/records]. Our decision is [upheld/partly upheld/not upheld/outside scope]. We will take the following action: [actions]. If you believe we have missed relevant evidence or applied the policy incorrectly, you may request a Stage 2 review within 10 working days, explaining the reason for your appeal.

26.3 Final response template

26.4 Closure due to repeated or unreasonable contact

We have reviewed this matter and have already provided our decision. Your latest message does not provide new evidence or a new issue that changes the outcome. We will not continue circular correspondence on this matter. Further messages repeating the same points may not receive a response and may be considered under our conduct rules.

27. Approval statement

This policy should be approved before launch or before the platform allows member uploads, active moderation, supplier advertising or formal membership rejection decisions. It should sit alongside the OpenThoughts Membership Terms, Community Rules, Supplier / Advertiser Terms, Creative Commons Licence Decision, Copyright Attribution and Takedown Requests Policy, Privacy Policy, Records Retention Schedule and Breach Response Procedure.

Professional Advice Disclaimer

Website, community platform, resources, blogs, templates, discussion groups and advertiser content

1. How to use this disclaimer

This disclaimer is written so it can be adapted for OpenThoughts and displayed as a standalone website page. It should also be linked from relevant areas of the website where members, visitors, advertisers, contributors or subscribers may rely on information, templates, events, forum posts, examples, downloads or peer discussions.

Use alongside wider website terms. This disclaimer should sit alongside the Privacy Policy, Cookie Policy, Terms of Use, Community Guidelines, Advertising Terms, Accessibility Statement and any paid membership or subscription terms.

Do not treat it as a substitute for legal advice. The wording is a strong working draft, but should be reviewed against the actual website functionality, risk profile and business model before publication.

Keep it visible. Include a footer link called “Professional Advice Disclaimer” or “Disclaimer”, and repeat short notices on resource pages, blog pages, discussion forums and advertiser pages.

Review it when services change. Update it when OpenThoughts introduces new tools, paid services, webinars, AI-generated summaries, member directories, advice-style content, downloadable templates or sponsored content.

2. Suggested short notice for website footer

3. Suggested short notice for resources, templates and downloads

4. Full professional advice disclaimer for publication

4.1 About this disclaimer

This Professional Advice Disclaimer explains the limits of information, resources, discussions, examples and other content provided through OpenThoughts. By using the website, joining groups, reading articles, downloading resources, attending events, using templates, interacting with members, viewing advertiser content or contributing to discussions, you acknowledge and accept the limits set out in this disclaimer.

4.2 Information and discussion only

OpenThoughts is designed as a knowledge-sharing, collaboration and discussion platform for people and organisations working in or around social housing, local government, resident engagement, customer influence, community investment, service improvement and related areas. Content made available through OpenThoughts is provided for general information, learning, professional reflection and peer discussion only.

4.3 Not professional advice

Nothing on OpenThoughts should be treated as professional advice. This includes, but is not limited to, legal advice, regulatory advice, financial advice, tax advice, accounting advice, procurement advice, HR advice, employment advice, safeguarding advice, clinical advice, health and safety advice, building safety advice, fire safety advice, technical property advice, planning advice, governance advice, complaints handling advice or specialist housing management advice.

4.4 No professional-client relationship

Use of OpenThoughts does not create a solicitor-client, consultant-client, adviser-client, professional-client, fiduciary or similar relationship between you and OpenThoughts, its owners, contributors, moderators, advertisers, sponsors, partners, members or any person posting content on the platform.

4.5 No substitute for organisation-specific advice

Content on OpenThoughts may not take account of your organisation’s policies, governance structure, resident profile, homes, geography, risk controls, insurance position, contractual duties, statutory duties, funding conditions, regulator expectations, internal delegations, procurement rules, equality duties or local operating arrangements. You must take appropriate professional advice before making decisions or taking action based on information obtained through OpenThoughts.

4.6 Accuracy, completeness and currency

OpenThoughts aims to encourage useful, practical and constructive sharing. However, it does not guarantee that content is accurate, complete, up to date, suitable for your purpose or free from error. Housing law, regulation, funding, policy, practice, sector guidance, technology and professional standards can change. You are responsible for checking whether any information is current and applicable before relying on it.

4.7 User-generated content

OpenThoughts may include posts, comments, discussion threads, uploads, examples, questions, answers, opinions, shared resources and other content created by members or third parties. User-generated content represents the views and experiences of the relevant contributor and does not necessarily represent the views of OpenThoughts. OpenThoughts does not endorse, verify or accept responsibility for user-generated content unless expressly stated in writing.

4.8 Moderation does not equal verification

OpenThoughts may moderate content to support respectful, lawful and constructive use of the platform. Moderation is not a professional review, legal review, technical review or quality assurance process. The presence of content on the platform does not mean it has been approved as accurate, safe, compliant, lawful, fair, current, suitable or best practice.

4.9 Templates, examples and model documents

Any templates, checklists, prompts, policies, letters, forms, toolkits, frameworks, matrices, dashboards, workshop outlines, scripts, model clauses or example documents provided through OpenThoughts are starting points only. They must be reviewed, adapted and approved by competent people within your organisation before use. You should not copy and use any template without considering whether it is suitable for your facts, residents, staff, systems, risks, equality impacts and legal duties.

4.10 Housing, resident engagement and regulatory content

Where OpenThoughts content refers to housing management, resident engagement, tenant satisfaction, complaint handling, building safety, fire safety, damp and mould, repairs, allocations, supported housing, leasehold, shared ownership, homelessness, consumer regulation or related topics, it is intended to support learning and discussion. It should not be treated as a definitive statement of your legal, regulatory or contractual obligations.

4.11 Advertising, sponsorship and promoted content

OpenThoughts may display advertising, sponsorship, promoted content, supplier profiles, product information or partner material. Paid or promoted content does not amount to professional advice or an endorsement that a product, service, supplier, adviser or organisation is suitable for you. You must carry out your own checks, due diligence, procurement assessment, information governance review, contract review, value-for-money assessment and risk assessment before entering into any arrangement.

4.12 External links and third-party websites

OpenThoughts may link to external websites, publications, tools, resources, events or third-party services. These links are provided for convenience and information only. OpenThoughts does not control third-party websites and is not responsible for their content, availability, accuracy, privacy practices, security, accessibility, lawfulness or suitability.

4.13 AI, automation and generated content

Where OpenThoughts uses, hosts or references AI-assisted tools, summaries, prompts, generated content or automated features, the output should be checked carefully by a competent person before use. AI-generated or AI-assisted content may contain inaccuracies, omissions, bias, outdated information or wording that is unsuitable for your circumstances.

4.14 Events, webinars and peer learning sessions

Any events, webinars, workshops, podcasts, training-style sessions or peer learning sessions promoted or hosted through OpenThoughts are for general learning and discussion unless a separate written agreement expressly states otherwise. Questions answered during events are not a substitute for taking professional advice on your own facts.

4.15 Safeguarding, emergencies and urgent risk

OpenThoughts is not an emergency reporting route, safeguarding service, repairs reporting service, landlord service desk, complaints route or professional casework service. If there is an immediate risk to life, safety, health, welfare, property or safeguarding, you should contact the relevant emergency service, landlord, local authority, professional adviser, safeguarding body or responsible organisation directly.

4.16 Decisions remain your responsibility

You are responsible for your own decisions, actions, omissions and use of information obtained through OpenThoughts. You should apply professional judgement, organisational approval processes and appropriate advice before acting. OpenThoughts is not responsible for decisions made by users or organisations who rely on content from the website.

4.17 No warranties

To the fullest extent permitted by law, OpenThoughts provides the website and its content on an “as is” and “as available” basis. OpenThoughts does not give any warranty, representation or guarantee that the website or its content will be uninterrupted, error-free, secure, virus-free, accurate, complete, current, compliant, suitable or available at all times.

4.18 Limitation of liability

Nothing in this disclaimer excludes or limits liability where it would be unlawful to do so. Subject to that, OpenThoughts will not be liable for loss or damage arising from reliance on information, resources, discussions, advertisements, third-party content, external links, templates, downloads, events or user-generated content available through the website.

4.19 Your obligation to verify

Before using or relying on content from OpenThoughts, you should verify the information, consider whether it applies to your circumstances, check relevant law and guidance, obtain appropriate professional advice, follow your organisation’s governance processes and document the basis for any decision made.

4.20 Changes to this disclaimer

OpenThoughts may update this disclaimer from time to time. The latest version should be published on the website and will apply from the date it is posted. Continued use of the website after changes are made indicates acceptance of the updated disclaimer.

5. Recommended “high-risk content” warning panels

Use these shorter warnings at the point where users may be more likely to rely on content without checking it.

6. Internal publication checklist

7. Suggested page metadata

8. Document control

Important note

This policy is published as part of the OpenThoughts governance pack.Thoughts publishes it or relies on it as part of its website terms.

Advertiser Terms and Agreement

Strengthened commercial terms for suppliers, promoters, sponsors and advertisers using the OpenThoughts platform

OpenThoughts

Version 1.0 - Approved and implemented

Important status of this document

This is a practical business template drafted in UK English for OpenThoughts. It is not legal advice. It should be reviewed by a qualified UK solicitor before being issued, relied upon, published, or signed. Bracketed items should be completed or deleted before use.

How to use this document

This document is designed to give OpenThoughts stronger control over who may advertise or promote services through the platform, what standards advertisers must meet, how paid listings are managed, and how risks are handled. It can be used as:

website advertiser terms linked from a sales or media pack;

a signed supplier / advertiser agreement;

a schedule attached to an insertion order or booking form;

a due diligence checklist before accepting a promoter;

a risk-control document for sector credibility, member trust and legal compliance.

Recommended implementation: use the main terms as the binding agreement, then attach Schedule 1 as the commercial booking form for each advertiser, sponsor or featured partner. Do not allow advertising to go live until the booking form, declaration and payment terms are agreed.

Plain English summary

OpenThoughts exists to support open-source thinking, shared learning and responsible collaboration across social housing, councils, local authorities and the wider housing arena. Paid promotion must support that philosophy rather than overwhelm it. These terms therefore limit and control advertising so that members can trust the platform.

Advertisers must be relevant to the housing, community, public service, resident engagement or local authority arena.

Advertising is not an endorsement unless OpenThoughts expressly says so in writing.

OpenThoughts can reject, pause, edit, remove or refuse advertising where it creates risk, reputational concern or poor member experience.

Advertisers remain responsible for the truth, lawfulness and evidence behind their claims.

Advertisers must not misuse member data, scrape the platform, spam members, or use OpenThoughts as a lead-generation loophole outside agreed permissions.

Category exclusivity is limited, conditional and not guaranteed unless written into the booking form.

Professional advice, regulated services and technical claims must be appropriately qualified, evidenced and caveated.

Payment, cancellation, performance, reporting and termination rules are set out clearly.

Supplier / Advertiser Terms and Agreement

1. Parties and agreement structure

1.1 These Supplier / Advertiser Terms and Agreement are between OpenThoughts (“OpenThoughts”, “we”, “us”, “our”) and the supplier, sponsor, advertiser, promoter, agency or commercial partner identified in the relevant booking form (“Advertiser”, “you”, “your”).

1.2 These terms apply to all paid or value-exchange advertising, promotion, sponsorship, directory listings, featured content, newsletter placements, resource promotions, event sponsorship, display advertising, partner profiles, marketplace placements, lead-generation activity or other commercial visibility made available through OpenThoughts.

1.3 The agreement is made up of these terms, the booking form or insertion order, any campaign specification, any approved artwork or content brief, and any special terms agreed in writing by OpenThoughts.

1.4 If there is a conflict, the following order applies unless expressly stated otherwise: special written terms signed by OpenThoughts; booking form; campaign specification; these terms; general platform guidance.

2. Definitions

In this agreement:

Advertising Materials means all copy, images, banners, logos, claims, links, landing pages, video, audio, files, documents, case studies, offers, testimonials, calls to action and other content provided or approved by the Advertiser.

Campaign means the advertising or promotional activity described in the booking form.

Category means a defined advertising product or service area, such as repairs technology, resident engagement tools, tenant communication services, consultancy, training or community investment support.

Confidential Information means non-public information relating to OpenThoughts, its members, platform, strategy, pricing, data, suppliers or advertisers.

Member means a registered or approved user of OpenThoughts.

Platform means the OpenThoughts website, member areas, forums, groups, newsletters, resources, directories, events, social channels and any connected digital or offline channel.

Restricted Sector means any sector or product category that OpenThoughts decides is unsuitable for the platform or its members, including the categories listed in clause 10.

3. OpenThoughts advertising philosophy

3.1 OpenThoughts is built around useful collaboration, trusted sector learning and responsible sharing of ideas. Advertising must add value to the member experience and must not dilute the purpose of the platform.

3.2 OpenThoughts may restrict the number of advertisers in each Category to protect quality, relevance and member trust. Any such restriction is a commercial curation decision and does not create permanent exclusivity unless expressly stated in the booking form.

3.3 OpenThoughts may prioritise advertisers whose products, services, ethics, evidence base and tone align with the platform purpose.

4. Eligibility and approval

4.1 All advertisers are subject to approval before any Campaign goes live. OpenThoughts may request evidence of trading status, company registration, insurance, professional qualifications, licences, references, case studies, product information, pricing clarity, complaints history, safeguarding arrangements or data protection compliance.

4.2 OpenThoughts may reject any Advertiser or Campaign at its discretion, including where the proposed promotion may be irrelevant, misleading, low quality, reputationally risky, unsuitable for social housing audiences, inconsistent with community standards, or in conflict with OpenThoughts’ values.

4.3 Approval of one Campaign does not guarantee approval of future Campaigns.

5. Booking, campaign specification and go-live requirements

5.1 A Campaign is not confirmed until OpenThoughts accepts the booking form and any required deposit, prepayment or purchase order arrangement has been agreed.

5.2 Before go-live, the Advertiser must provide:

final approved Advertising Materials in the requested format and dimensions;

destination URLs and landing pages that are live, secure and relevant;

evidence for objective claims, including performance, savings, compliance, customer satisfaction, environmental, AI, safety, legal, financial or regulatory claims;

contact details for an authorised campaign owner;

any required accessibility text, image descriptions and alternative text;

a completed supplier / advertiser declaration where requested.

5.3 OpenThoughts is not responsible for delay caused by late, incomplete, inaccessible, technically unsuitable or non-compliant materials.

6. Advertising standards and claims

6.1 The Advertiser is responsible for ensuring that all Advertising Materials and linked landing pages are legal, decent, honest, truthful, accurate, substantiated, socially responsible and not materially misleading.

6.2 Advertising must comply with all applicable advertising, consumer protection, competition, data protection, intellectual property, equality, accessibility, sector-specific and platform rules.

6.3 The Advertiser must hold evidence for any objective claim before publication. Claims about results, savings, compliance, outcomes, user numbers, satisfaction, carbon impact, artificial intelligence, safety, legal compliance, resident experience, return on investment or regulatory assurance must be capable of substantiation.

6.4 Testimonials, reviews, endorsements and case studies must be genuine, permissioned, current, fairly presented and not misleading. Fake reviews, manipulated reviews or undisclosed incentivised testimonials are prohibited.

6.5 Environmental, sustainability, net zero or social value claims must be specific, proportionate, evidenced and not likely to create a misleading impression about the whole product, service or organisation.

6.6 The Advertiser must not imply that OpenThoughts, its members, housing providers, councils or public bodies endorse the Advertiser unless this has been expressly approved in writing.

7. Professional, regulated and specialist services

7.1 Where the Advertiser promotes legal, financial, insurance, health, safety, fire safety, building safety, technical, procurement, compliance, safeguarding, HR, audit, cyber-security, data protection, consultancy or other specialist services, the Advertiser must ensure that promotional content is appropriately qualified and does not present general marketing material as professional advice.

7.2 The Advertiser must disclose any required authorisations, accreditations, qualifications, memberships, regulatory status, professional indemnity insurance requirements or limitations that are material to the promoted service.

7.3 OpenThoughts may require enhanced disclaimers, evidence, professional credentials or legal sign-off for high-risk products or services.

8. Member trust, tone and behaviour

8.1 The Advertiser must engage with the OpenThoughts community respectfully and constructively. Sales activity must not undermine the collaborative purpose of the platform.

8.2 The Advertiser must not:

pressure, harass, shame, mislead or manipulate members;

use aggressive sales tactics or dark patterns;

post repeated promotional messages in groups or forums unless permitted;

present sales copy as independent sector insight;

create fake accounts, fake engagement or undisclosed paid comments;

target vulnerable individuals or communities in an exploitative way;

misrepresent its connection with OpenThoughts or any housing provider, council, regulator or professional body.

9. Content review, changes and removal

9.1 OpenThoughts may review, request changes to, refuse, pause, hide, downgrade, label, move or remove Advertising Materials at any time where it considers this necessary to protect members, comply with law, maintain quality, manage complaints, avoid reputational harm, prevent confusion, or preserve the purpose of the platform.

9.2 Where practical, OpenThoughts will explain the issue and allow the Advertiser to submit corrected materials. However, OpenThoughts may remove content immediately without notice where urgent action is required.

9.3 OpenThoughts may label content as sponsored, promoted, partner content, advertisement, supplier content or equivalent.

10. Restricted and prohibited advertising

10.1 OpenThoughts may refuse any advertising category it considers unsuitable. The following are prohibited unless OpenThoughts gives express written approval and all legal, safeguarding and reputational risks are resolved:

illegal goods or services;

weapons, ammunition, explosives or harmful products;

adult sexual services or explicit adult content;

gambling, betting or high-risk prize promotions;

tobacco, vaping, cannabis, recreational drugs or unregulated substances;

payday lending, high-cost credit, debt exploitation or misleading financial products;

political campaigning or party-political advertising;

religious proselytising or divisive ideological campaigning;

misleading housing, legal, immigration, benefits, debt or financial advice;

products or services that exploit residents, tenants, leaseholders or vulnerable groups;

content that is discriminatory, hateful, abusive, defamatory, unsafe or likely to cause serious offence;

surveillance, spyware, scraping, unlawful tracking or intrusive monitoring tools;

unsubstantiated health, safety, fire, building, net zero, AI or compliance claims.

10.2 OpenThoughts may also reject products or services that are lawful but inconsistent with the platform’s purpose or likely to damage member trust.

11. Category limits and exclusivity

11.1 OpenThoughts may limit the number of advertisers in each Category to maintain quality and avoid overwhelming members. Category limits are not exclusivity unless the booking form expressly states “exclusive”.

11.2 Where exclusivity is agreed, it will apply only to the precise Category, territory, channel, period and package specified in the booking form.

11.3 Exclusivity does not prevent OpenThoughts from publishing editorial content, member discussions, independent resources, sector news, member recommendations, procurement commentary, competitor mentions, regulatory updates or historical content relating to the Category.

11.4 OpenThoughts may refuse, suspend or end exclusivity if the Advertiser breaches these terms, fails to pay, provides poor-quality content, creates material member complaints, or no longer aligns with OpenThoughts’ quality standards.

12. Advertising placement and performance

12.1 OpenThoughts will use reasonable skill and care to deliver the agreed Campaign placements, but does not guarantee specific sales, enquiries, clicks, impressions, conversions, member engagement, search ranking, procurement outcomes or commercial return unless expressly stated in the booking form.

12.2 Any estimated reach, traffic, engagement, member numbers or audience profile is provided as a good-faith estimate and is not a guarantee.

12.3 OpenThoughts may vary placement, timing, rotation, size, visibility, grouping or format where reasonably necessary for technical, editorial, platform, accessibility, legal or user-experience reasons.

13. Fees, payment and taxes

13.1 Fees are set out in the booking form or rate card. Unless stated otherwise, fees are exclusive of VAT and any applicable taxes.

13.2 Payment terms are payment in advance before go-live unless agreed otherwise in writing. OpenThoughts may require payment in advance for new advertisers, high-risk advertisers, short campaigns, one-off promotions or overdue accounts.

13.3 If payment is overdue, OpenThoughts may pause or remove the Campaign, suspend further services, withdraw Category access or exclusivity, charge interest and recovery costs permitted by law, and refuse future bookings.

13.4 The Advertiser must not set off or withhold payment because of a dispute unless required by law. Any disputed amount must be raised promptly and the undisputed amount must be paid on time.

14. Cancellation, postponement and refunds

14.1 Cancellation rights, notice periods and refund rules should be stated in the booking form. Unless the booking form says otherwise, the default position is:

cancellation more than 30 days before go-live: 75% refund or credit, less committed costs;

cancellation 15-30 days before go-live: 50% refund or credit, less committed costs;

cancellation 14 days or less before go-live: no refund;

campaigns already live: no refund for delivered or reserved inventory;

OpenThoughts may offer a credit at its discretion where cancellation is due to reasonable operational circumstances.

14.2 No refund is due where a Campaign is paused or removed because of Advertiser breach, non-payment, misleading claims, unlawful content, reputational risk, data misuse or failure to provide required evidence.

15. Advertiser warranties

The Advertiser warrants that:

it has full power and authority to enter into this agreement;

its Advertising Materials and linked pages comply with applicable law and regulation;

it owns or has permission to use all intellectual property in the Advertising Materials;

all claims are accurate, current, fair and substantiated;

all testimonials, case studies and logos have been permissioned;

it will not introduce malware, malicious code, tracking pixels or cookies without written approval;

it will comply with data protection, direct marketing and privacy law;

it will maintain adequate insurance for its activities;

it will not do anything likely to bring OpenThoughts into disrepute.

16. Intellectual property and licence to publish

16.1 The Advertiser retains ownership of its Advertising Materials, subject to the licence granted below.

16.2 The Advertiser grants OpenThoughts a non-exclusive, royalty-free, worldwide licence to host, copy, display, publish, resize, format, adapt for accessibility, promote, report on and archive the Advertising Materials for the purpose of delivering and evidencing the Campaign.

16.3 OpenThoughts retains all rights in its platform, brand, editorial materials, design, community structure, member insights, reports, analytics, templates, resources and underlying know-how.

16.4 The Advertiser must not use the OpenThoughts name, logo, screenshots, member comments, platform data, community content or endorsement language without prior written permission.

17. Data protection, privacy and direct marketing

17.1 Each party must comply with UK data protection and privacy law in relation to any personal data it processes under or in connection with this agreement.

17.2 Unless a separate data processing agreement states otherwise, each party is an independent controller for the personal data it collects and uses for its own business purposes.

17.3 The Advertiser must not scrape, harvest, copy, export, enrich, profile, sell, rent, infer, track or reuse member data obtained from the Platform unless expressly permitted by OpenThoughts and lawful under applicable privacy law.

17.4 The Advertiser must not send unsolicited marketing to OpenThoughts members unless it has a lawful basis and any required consent or soft opt-in requirements are satisfied.

17.5 Any tracking links, cookies, pixels, remarketing tags, analytics tools or lead forms must be disclosed to OpenThoughts in advance and must not be used without approval.

17.6 Where the Campaign involves lead capture, webinar registration, downloadable resources, sponsored forms or member sign-ups, the booking form must specify who is controller, what privacy notice applies, what data will be collected, how consent or lawful basis is managed, and what data will be shared.

18. Confidentiality

18.1 Each party must keep the other party’s Confidential Information confidential and must not use it except for the purpose of performing this agreement.

18.2 Confidential Information may be shared with employees, contractors, advisers and professional representatives who need to know it and who are bound by confidentiality obligations.

18.3 Confidentiality does not apply to information that is public through no breach, already lawfully known, independently developed, lawfully received from a third party, or required to be disclosed by law or regulator.

19. Compliance with platform rules and community standards

19.1 The Advertiser must comply with OpenThoughts’ community rules, moderation standards, website terms, accessibility standards, image specifications, editorial rules and any reasonable instructions issued by OpenThoughts.

19.2 If employees, agents or representatives of the Advertiser participate in the Platform, they must identify any commercial interest where relevant and must not disguise promotional activity as independent member discussion.

20. Complaints, corrections and takedown process

20.1 The Advertiser must promptly assist OpenThoughts with any complaint, concern, regulatory enquiry, member challenge, intellectual property claim, data protection concern or factual correction relating to the Campaign.

20.2 Where a complaint appears credible, OpenThoughts may pause or remove the Advertising Materials while the issue is reviewed.

20.3 The Advertiser must provide supporting evidence, corrected copy or written explanation within the timescale requested by OpenThoughts. Failure to respond may result in removal and termination without refund.

21. Indemnity

21.1 The Advertiser will indemnify OpenThoughts against losses, claims, damages, liabilities, costs and expenses arising from or connected with:

Advertising Materials or linked landing pages;

misleading, inaccurate or unlawful claims;

breach of advertising, consumer, data protection, privacy, intellectual property, equality or sector-specific law;

unauthorised use of logos, testimonials, case studies, images, music, video or third-party content;

data misuse, scraping, spam, unlawful tracking or direct marketing;

products or services supplied by the Advertiser to members or third parties;

breach of this agreement by the Advertiser or its representatives.

22. Liability

22.1 Nothing in this agreement limits or excludes liability that cannot legally be limited or excluded, including liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation.

22.2 Subject to the above, OpenThoughts is not liable for indirect, consequential or special loss; loss of profit; loss of revenue; loss of contracts; loss of goodwill; loss of anticipated savings; or loss arising from procurement decisions, member decisions or third-party conduct.

22.3 Subject to the above, OpenThoughts’ total aggregate liability under or in connection with a Campaign is limited to the fees paid by the Advertiser for that Campaign in the three months preceding the event giving rise to the claim.

22.4 OpenThoughts is not responsible for platform downtime, technical interruption, search engine changes, social media changes, third-party hosting issues, email deliverability issues, member decisions, or events outside its reasonable control, except where caused by OpenThoughts’ failure to use reasonable skill and care.

23. Suspension and termination

23.1 OpenThoughts may suspend or terminate a Campaign immediately by notice where the Advertiser breaches this agreement, fails to pay, provides misleading information, misuses data, creates reputational risk, breaches community rules, becomes insolvent, or engages in conduct inconsistent with the platform purpose.

23.2 Either party may terminate the agreement if the other commits a material breach and fails to remedy it within 14 days of written notice, where the breach can be remedied.

23.3 Termination does not affect accrued rights, payment obligations, confidentiality, intellectual property rights, data protection obligations, indemnities, limitations of liability or any clause intended to survive termination.

24. Non-circumvention and member contact

24.1 The Advertiser must not use OpenThoughts access to bypass platform rules, scrape member data, mass-contact members, harvest leads, or build unauthorised marketing lists.

24.2 Where OpenThoughts introduces a member, housing provider, council, local authority, partner or supplier opportunity to the Advertiser as part of a paid package, the Advertiser must act transparently and must not misrepresent the source or nature of the introduction.

24.3 Any direct commercial relationship between the Advertiser and a member is solely between those parties. OpenThoughts is not responsible for the Advertiser’s products, services, pricing, advice, delivery or performance.

25. Anti-bribery, conflicts and fair dealing

25.1 The Advertiser must comply with anti-bribery, anti-corruption, modern slavery, tax, competition and procurement laws applicable to its activities.

25.2 The Advertiser must disclose any conflict of interest that may affect the Campaign, including connections with OpenThoughts personnel, public sector procurement processes, member organisations, reviewers, case study subjects or sponsored content contributors.

25.3 The Advertiser must not offer inappropriate inducements, personal benefits or hidden commissions to OpenThoughts, members, public bodies or decision-makers.

26. Accessibility and inclusion

26.1 OpenThoughts may require Advertising Materials to meet reasonable accessibility standards, including readable contrast, plain English where appropriate, alternative text for images, accessible PDFs, captioned video, and avoidance of inaccessible design elements.

26.2 Advertising must not unlawfully discriminate or exclude protected groups. The Advertiser should consider the diverse needs of housing professionals, residents, community groups and digitally excluded audiences.

27. Force majeure

27.1 Neither party is liable for delay or failure caused by events outside its reasonable control, including major platform failure, cyber incident, fire, flood, pandemic, government action, serious supplier outage, strike, civil disruption or widespread network failure.

27.2 The affected party must notify the other as soon as reasonably practical and take reasonable steps to reduce the effect of the event.

28. Assignment and subcontracting

28.1 The Advertiser must not assign, transfer or subcontract its rights or obligations under this agreement without OpenThoughts’ prior written approval.

28.2 OpenThoughts may use contractors, hosting providers, designers, editors, payment providers, analytics tools and other suppliers to operate the Platform and deliver Campaigns.

29. Notices

29.1 Formal notices must be sent to the addresses or email contacts stated in the booking form. Email notices are deemed received on the next working day after sending unless a delivery failure notice is received.

29.2 Operational campaign communications may be managed by email or through agreed project management channels.

30. Governing law and jurisdiction

30.1 This agreement is governed by the law of England and Wales unless the booking form states otherwise.

30.2 The courts of England and Wales have exclusive jurisdiction unless the parties agree otherwise in writing.

Schedule 1 - Supplier / Advertiser booking form

Complete this schedule for every paid advertiser, sponsor, supplier profile, category partner or featured promoter.

Schedule 2 - Advertising material approval checklist

Schedule 3 - Supplier / advertiser declaration

The Advertiser confirms that:

all information supplied to OpenThoughts is accurate and not misleading;

the Advertiser has authority to promote the relevant products and services;

all advertising claims are accurate, current, fair and substantiated;

the Advertiser has permission to use all logos, images, testimonials and case studies supplied;

the Advertiser will not misuse OpenThoughts member data or send unlawful marketing;

the Advertiser will comply with applicable advertising, data protection, privacy, consumer, intellectual property and sector-specific rules;

the Advertiser accepts that OpenThoughts may reject, pause, remove or require changes to advertising where necessary;

the Advertiser understands that advertising on OpenThoughts does not create endorsement unless expressly agreed in writing.

Schedule 4 - Data protection and lead capture schedule

Use this schedule where a Campaign collects or shares personal data, such as sponsored downloads, lead forms, event registration, webinar sign-ups or enquiry forms.

Schedule 5 - Model advertiser-facing wording for the website

The following wording can be adapted for an advertiser page, media pack or checkout page.

Supplier and advertiser standards OpenThoughts welcomes relevant suppliers, sponsors and advertisers who can add value to the social housing, local authority and community sectors. We carefully limit and review paid promotion so that members are not overwhelmed by adverts and can trust the platform. Paid promotion does not mean automatic endorsement. All advertisers must meet our relevance, evidence, data protection, accessibility and community standards before advertising goes live.

Schedule 6 - Internal risk rating for advertisers

Reference points used when preparing this template

This template was prepared with reference to the following publicly available UK sources. OpenThoughts should check these again before publication because regulatory guidance and fee levels can change:

Information Commissioner’s Office guidance on controllers and processors under UK GDPR.

Information Commissioner’s Office data sharing code and Article 28 processor contract requirements.

Information Commissioner’s Office guidance on the data protection fee.

Advertising Standards Authority and CAP Code guidance on misleading advertising, substantiation and fake reviews.

UK company and business name trading disclosure requirements.

Final legal review checklist

Insert the correct OpenThoughts legal entity name, company number, trading address and VAT status.

Confirm whether OpenThoughts will contract with advertisers as a company, sole trader, partnership or other legal structure.

Review the limitation of liability cap and indemnity with a solicitor.

Confirm cancellation, refund and payment terms match the commercial model.

Confirm data protection arrangements for sponsored downloads, lead forms, events and tracking.

Agree which categories will be restricted, capped or exclusive.

Ensure the wording aligns with the website terms, privacy policy, cookie policy and professional advice disclaimer.

Create a short advertiser declaration form to collect before go-live.

Keep a record of claim evidence, approvals and takedown decisions.