Preview Disclaimer Notice

This document defines:

1. the persistent banner that must appear on every page of every Preview;
2. the footer block that must appear on every page of every Preview;
3. the public-facing "Why am I seeing this?" page that the banner and footer link to;
4. the takedown form referenced from those locations;
5. the HTTP headers the Cloudflare Worker must return for Preview hostnames;
6. the automatic deletion behavior.

The goal is to (a) make it impossible for any reasonable visitor to mistake a Preview for the real business's actual site, (b) preserve a fast, frictionless takedown path for the business or any rights-holder, and (c) reduce trademark / right-of-publicity / defamation exposure to the minimum reasonably achievable.

1. Persistent Banner (must be on EVERY Preview page)

Render at the top of <body>, sticky, full-width, high contrast, dismissible only after a 30-second display and re-shown on every page reload. Markup intended for the Generated Site / Preview templates:

<aside
  role="region"
  aria-label="Preview disclaimer"
  data-preview-banner
  class="preview-banner"
>
  <strong>Unsolicited demonstration.</strong>
  This page is an unaffiliated redesign concept created by
  <a href="https://calivina.com" rel="noopener">Calivina WebAgent</a>
  for {BUSINESS_NAME}. We are not affiliated with, endorsed by, or sponsored by
  {BUSINESS_NAME}. Some content on this page was generated by AI and may be
  inaccurate.
  <a href="/why-am-i-seeing-this">Why am I seeing this?</a>
  <a href="/takedown">Request takedown</a>
</aside>

.preview-banner {
  position: sticky;
  top: 0;
  z-index: 9999;
  background: #fef3c7;
  color: #78350f;
  border-bottom: 2px solid #d97706;
  padding: 0.75rem 1rem;
  font-size: 0.875rem;
  line-height: 1.4;
  text-align: center;
}
.preview-banner a {
  color: #78350f;
  text-decoration: underline;
  margin-left: 0.5rem;
}
@media (prefers-color-scheme: dark) {
  .preview-banner {
    background: #422006;
    color: #fef3c7;
    border-color: #f59e0b;
  }
  .preview-banner a { color: #fef3c7; }
}

The token {BUSINESS_NAME} is filled in at render time from the facts.json for the Preview. The token Calivina WebAgent is your own commercial name (e.g., the brand the user sees, distinct from Galactiv EOOD which is the EOOD).

2. Footer Block (must be on EVERY Preview page)

Inject above the original site footer (or as the only footer if the template did not generate one):

<footer
  role="contentinfo"
  aria-label="Preview legal footer"
  class="preview-footer"
>
  <p>
    This is an <strong>unsolicited preview</strong>, not a finished website
    operated by {BUSINESS_NAME}. It was created by Calivina WebAgent as
    part of a sales demonstration. The business name, logo, and any photos
    appear under nominative fair use solely to identify the business this
    redesign is intended for.
  </p>
  <p>
    Some text on this page was generated by AI and is not represented as
    factually accurate. Verify any claim that matters to you with the
    business directly before relying on it.
  </p>
  <ul>
    <li><a href="/why-am-i-seeing-this">Why am I seeing this?</a></li>
    <li><a href="/takedown">Request takedown (24-hour response)</a></li>
    <li><a href="https://calivina.com/legal/dmca">DMCA Policy</a></li>
    <li><a href="https://calivina.com/legal/privacy">Privacy Policy</a></li>
    <li><a href="mailto:takedown@calivina.com">takedown@calivina.com</a></li>
  </ul>
  <p class="preview-footer__company">
    Calivina WebAgent is a service of Galactiv EOOD,
    a Bulgarian EOOD, Kniaz Boris 1 55, 1000 Sofia, Bulgaria, EIK/UIC 205028781.
  </p>
</footer>

3. The "Why Am I Seeing This?" Page

Served at <slug>.preview.calivina.com/why-am-i-seeing-this (and at calivina.com/why-am-i-seeing-this).

# Why am I seeing this page?

You probably reached this page from a link in an email we sent to {BUSINESS_NAME} or to one of its publicly listed addresses (`info@`, `contact@`, `owner@`, etc.). We are Calivina WebAgent, a service of Galactiv EOOD, a Bulgarian company.

## What is this page?

This is an **unsolicited demonstration redesign** — a free preview of how the {BUSINESS_NAME} website might look if it were rebuilt with our service. We made it as a sales pitch.

It is **not**:

- the real website of {BUSINESS_NAME};
- affiliated with, endorsed by, or sponsored by {BUSINESS_NAME};
- intended for production use;
- indexed by search engines (we send `X-Robots-Tag: noindex, nofollow`);
- monetized in any way.

We will **automatically delete this preview within 90 days** unless someone at {BUSINESS_NAME} subscribes to our service or specifically asks us to keep it.

## How did you make this without permission?

We crawled the publicly accessible website of {BUSINESS_NAME} (respecting `robots.txt` and rate-limiting our requests) and generated this redesign by combining a curated template with AI-assisted copywriting. We **only** used:

- the business's name, address, phone, email, and hours, where they were posted publicly;
- the logo, where it was posted publicly, displayed at small size to identify the business under nominative fair use;
- photos taken from the original public website, only where reasonable signs (filename, alt text, EXIF) suggested the business owns them;
- AI-generated copy that paraphrases publicly available material about the business.

We do not log into anyone's website, we do not bypass any technical protection measure, and we do not collect personal data about visitors to this preview beyond standard server logs.

## Why is this legal?

Our position rests on three things:

1. **Public-data crawling**: courts in the United States have consistently held that crawling a publicly accessible website without circumventing access controls is not a violation of the Computer Fraud and Abuse Act (see *Van Buren v. United States*, 593 U.S. ___ (2021); *hiQ Labs v. LinkedIn*, 31 F.4th 1180 (9th Cir. 2022); *Meta v. Bright Data*, N.D. Cal. 2024).
2. **Nominative trademark fair use**: using a business's name and logo to identify the business this redesign is intended for is a recognized fair use of trademark (see *New Kids on the Block v. News America Publishing*, 971 F.2d 302 (9th Cir. 1992)).
3. **Time-limited, non-indexed, takedown-friendly hosting**: we noindex the preview, we host it for at most 90 days, and we provide a fast, simple takedown path. These factors weigh in favor of the preview being a tolerable demonstration rather than an infringing publication.

If, despite all of the above, you would prefer the preview not exist, **we will take it down**. There is no requirement to explain or justify the request.

## How do I get this taken down?

Three options. Pick whichever is easiest.

1. **Click here**: [Request takedown](/takedown). Fill in the short form (one click for the obvious case). We respond within 24 hours.
2. **Email**: [takedown@calivina.com](mailto:takedown@calivina.com). We respond within 24 hours.
3. **Formal copyright takedown**: see our [DMCA Policy](calivina.com/legal/dmca).

A takedown request from the business itself, or from any rights-holder whose property appears on the page, is honored on receipt. We do not require proof.

## Who do I contact about something else?

- General questions: support@calivina.com
- Privacy / GDPR: privacy@calivina.com
- Legal: legal@calivina.com
- Postal: Galactiv EOOD, Kniaz Boris 1 55, 1000 Sofia, Bulgaria

## Want to keep it (or buy it)?

If you'd like to actually use the preview as your live website, you can subscribe at [calivina.com/start](https://calivina.com/start). Pricing: US$49 / month or US$379 / year. The preview becomes a hosted site at your own domain (or a subdomain we provide). It only exists while you're subscribed; if you cancel, the site is removed. See our [Refund and Cancellation Policy](calivina.com/legal/refunds) and [Auto-Renewal Disclosure](calivina.com/legal/auto-renewal) before paying.

There is no obligation. We will never call you. We will not put you on a list.

4. The Takedown Form

Served at <slug>.preview.calivina.com/takedown (and at calivina.com/takedown).

Minimum fields:

• What URL? (auto-filled from referrer, editable)
• You are: [Owner of the business] / [Authorized representative of the business] / [Rights-holder of the logo, photo, or text on the page] / [Other]
• Email for confirmation
• Optional note

A single button: "Take this preview down." — POSTs to the Worker, which:

1. immediately marks the slug as takedown_requested = true in the registry;
2. begins serving a 451 ("Unavailable for Legal Reasons") response from the Worker;
3. removes the preview from the registry within 24 hours;
4. sends a confirmation email to the address provided;
5. logs the request to a tamper-evident audit trail;
6. adds the business's email domain to the outreach suppression list so that no further cold email is sent to that domain.

No CAPTCHA. No verification. No "Are you sure?" friction. We trust the request.

5. Worker HTTP Headers (Cloudflare)

Every response from a *.preview.calivina.com hostname must include:

X-Robots-Tag: noindex, nofollow, noarchive, nosnippet, noimageindex
Cache-Control: private, no-store, max-age=0
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';
Permissions-Policy: interest-cohort=()
X-Preview-Notice: This is an unsolicited demonstration. See https://calivina.com/why-am-i-seeing-this

Pages also include the appropriate <meta> tags (<meta name="robots" content="noindex,nofollow,noarchive">).

The Worker exposes a /takedown endpoint and a /why-am-i-seeing-this endpoint that are served from a small fixed set of templates — they do not need per-tenant rendering.

6. Automatic Deletion (90 days)

The Preview registry stores a created_at timestamp. A scheduled Worker (cron) iterates daily and:

1. flags previews older than 75 days for "warning email" to the business's primary public address with a "you can claim this site" CTA and a "we are about to delete it" notice;
2. flags previews older than 90 days for deletion — the slug is removed from the registry and the underlying R2 objects are deleted within 24 hours of the flag;
3. records the deletion in an audit log;
4. preserves the suppression-list entry permanently (so we never re-target a business after a takedown).

The 90-day window may be shortened at any time on takedown request. It may be extended only by an explicit business decision (e.g., the recipient asked for more time to evaluate); extensions are recorded and require an extended_until timestamp not more than 30 days into the future.

7. What This Document is Not

This is not a license. It is a disclosure. It does not:

• give us any greater right to use a business's brand than we already have under nominative fair use;
• give us any greater right to copy a business's content than we already have under U.S. and EU copyright law;
• bind a business to anything at all.

If a business or rights-holder asks for the preview to come down, it comes down. Period.

8. Internal SOP — How an Employee Handles a Takedown Request

(See legal/internal/takedown-sop.md for full detail. Summary:)

1. Acknowledge the request within 24 hours by automated reply.
2. Disable the preview in the Worker registry within 24 hours; this returns 451 immediately.
3. Delete the preview's R2 objects within a further 24 hours.
4. Add the email's domain to the outreach suppression list permanently.
5. Log the request, the action, and the timestamps to the audit trail.
6. Reply to the requester confirming completion within 48 hours total.
7. If the requester also references DMCA, route a parallel notice through legal/dmca.md Section 3.

There is no "review committee", no "verify the request", no "would you reconsider?". Latency to action is the most important metric we track for this workflow.

Document version 1.0.0 — effective 2026-05-02.