Who responds
The site operator is the incident lead. Technical hosting issues are handled by the responsible operator. Parent or minor data concerns are treated as privacy incidents first.
Incident response
Security and abuse response plan.
This page documents how the AI Agent Lab operator handles reports about privacy, security, safety, abuse, or public misinformation related to the dev site.
Response target
Confirmed reports should receive a first human response within 48 hours. Critical security or child-safety risks can trigger immediate maintenance mode.
Contact path
Adults can report concerns by emailing education at hoitovirhe dot fi. Do not include unnecessary teen personal data in the first message.
Parent or minor data concern
Minimize data first.
If a report involves a minor's personal data, the operator should preserve only what is needed to understand the issue, avoid forwarding screenshots broadly, and prefer parent or guardian communication.
- Acknowledge the report and ask the adult reporter not to send extra personal data.
- Confirm whether the issue is local browser storage, email, hosting logs, or external AI tool use.
- Remove or redact exposed content under the operator's control.
- Document the incident, root cause, fix, and whether further notification is needed under Finnish or EU rules.
Media or social escalation
One factual channel.
If a concern spreads publicly, the operator should pause speculation, publish a short factual status on this site if needed, and avoid discussing identifiable learner details in public.
- Put the site into maintenance mode if user safety or privacy is uncertain.
- State what is known, what is not known, and when the next update is expected.
- Keep minors and families out of public explanations.
- Reopen only after the risky path is removed or clearly bounded.
Maintenance switch
If user safety or privacy is uncertain, the operator can switch the site to a maintenance page quickly while preserving the previous public version for rollback.