!Reports investigated. Direct contact addresses. CSAM cooperation with NCMEC.

Abuse Reporting

Last updated: May 2026

This page describes how to report abuse, security vulnerabilities, problematic ads, image-content misuse, and similar concerns. Headline: direct contact addresses, documented response standards, vulnerability-disclosure invited, cooperation with law enforcement on valid legal process, NCMEC reporting for CSAM.

1. What to report

Security vulnerabilities

If you discover a security vulnerability in the Site (XSS, CSRF bypass, file-upload vulnerability, conversion-library exploitation, server misconfiguration, etc.):

• Email abuse [at] iloveimg [punto] online with subject line Security vulnerability disclosure.
• Include description, reproduction steps, what could be exploited, and (if you've assigned one) a CVE-style identifier.
• Allow reasonable time for investigation and remediation before public disclosure.
• We do not have a formal bug-bounty program; we acknowledge responsible disclosure with public credit (where the reporter wishes).

CSAM (Child Sexual Abuse Material)

This is the most serious category. CSAM uploaded to or distributed through any service is a crime in essentially every jurisdiction. The Site cooperates with law-enforcement investigations.

• For US-based reports: contact NCMEC directly first via report.cybertip.org. NCMEC has the legal authority and resources to investigate; we don't.
• For Italian reports: Polizia Postale (Italian Postal Police) is the competent authority.
• For EU reports: contact local law enforcement; Europol has cybercrime resources.
• To alert iloveimg.online directly (in addition to law enforcement): abuse [at] iloveimg [punto] online with subject CSAM report — URGENT. This is in addition to law-enforcement reporting, not a substitute.

Note: image content uploaded to the Site is auto-deleted within an hour. By the time most reports reach us, the original upload is already gone — but we still cooperate fully with law-enforcement investigations using whatever logs and metadata are available.

Image misuse

If you observe someone using iloveimg.online to facilitate non-consensual intimate imagery, copyright infringement, fraud, harassment, or other misuse (per Responsible Use):

• Email abuse [at] iloveimg [punto] online with subject line Image misuse report.
• Include what was misused, evidence (URLs, screenshots showing the misuse without sending us the actual content if it would be illegal to do so), when it occurred, what harm resulted.
• For misuse that is also a crime, we encourage reporting to relevant law enforcement.

Phishing using iloveimg.online branding

If you encounter phishing emails, fake websites, or social-media accounts impersonating iloveimg.online:

• Email abuse [at] iloveimg [punto] online with subject line Impersonation / phishing report.
• Include the phishing URL or email headers.
• We document, take action against impersonators where feasible, and warn other users.

Rate-limit abuse

If you suspect rate-limit abuse against the conversion service (commercial-scale automated abuse), email abuse [at] iloveimg [punto] online.

Problematic ads

If you see an ad that violates our category exclusions (gambling, adult, scam, predatory financial, malware-adjacent):

• Email abuse [at] iloveimg [punto] online with subject line Bad ad report.
• Include screenshot of the ad, the page URL where you saw it, the ad target URL if you can capture it.
• We work with AdSense to block.

Privacy concerns

For privacy / data-protection concerns: privacy [at] iloveimg [punto] online (see Privacy Policy).

Copyright takedown

For copyright infringement: dmca [at] iloveimg [punto] online (see DMCA).

2. Response standards

• CSAM reports — acknowledged immediately; cooperation with law enforcement.
• Critical security issues — acknowledged within 24-48 hours; remediation as fast as feasible.
• Active misuse / urgent safety — acknowledged within 24-48 hours.
• DMCA takedowns — per DMCA (3 business days target for response).
• Privacy / GDPR rights — up to 30 days under GDPR Art. 12(3).
• General abuse reports — within 5-7 business days for substantive response.

3. What we cannot do

• Investigate every report exhaustively. The Site is a small operation; reports are reviewed, prioritized, and acted on within capacity.
• Recover deleted uploads. Files are auto-deleted within an hour by design. We can't undelete them for retrospective investigation.
• Compel third parties. If misuse involves third-party services, we may refer reports but cannot directly compel action.
• Provide investigative services. The Site is not an investigation agency.

4. Vulnerability disclosure principles

• Coordinated disclosure preferred. Allow reasonable remediation time before public disclosure.
• No legal action for good-faith research. We do not pursue legal action against good-faith security researchers reporting vulnerabilities responsibly.
• Test only your own data. Do not access other users' uploads while testing.
• No DoS, no destructive testing.
• Acknowledgment. Where the reporter wishes, public credit.

5. Law-enforcement cooperation

The Site cooperates with valid legal process:

• Properly-served subpoenas and court orders from competent jurisdictions.
• Mutual legal assistance treaty (MLAT) requests.
• Italian and EU law-enforcement requests under applicable procedure.
• NCMEC reports concerning CSAM.

Service of process: info [at] iloveimg [punto] online with subject Legal process.

6. Anonymity and confidentiality of reports

• You may report anonymously; we don't require a name.
• For substantive investigation we may need follow-up questions.
• Reporter identity is treated as confidential.

7. Italian / EU regulatory context

• Garante (Italian DPA) — gpdp.it — for unresolved privacy concerns.
• Polizia Postale (Italian Postal Police) — for cybercrime concerns.
• EU CERT for cross-border cybersecurity incidents.
• NCMEC — report.cybertip.org — for CSAM (US).

Related pages: Responsible Use · Contact Us · DMCA · Privacy Policy · Data Handling