About kiflat
kiflat started as a favour for people I knew. It grew because the favour didn't stop being needed.
How it actually started
I'd known a few creators for a while, some still active, some who'd stopped posting years ago, through working on tooling for the space. When one of them got a paid set mirrored across a leak forum, she asked if I could help track it down, not file a case, just find where it had spread. I sat down and pulled every link I could find by hand in one evening.
It happened again a few weeks later. So instead of repeating the same manual search, I wrote a scraper to do it for me. Then I wired up takedown requests so I wasn't drafting the same notice from scratch every time. That was the entire plan at first: stop doing the boring part by hand.
My background is in automation and the kind of cyber security work where the job is finding people who'd rather not be found, and recognizing the same account behind a new alias. Chasing reposts turned out to be the same skillset, aimed somewhere else. So the tooling kept growing past simple takedowns, into watching for patterns across repeat offenders.
Word got around. A friend of a friend, then someone neither of us knew personally, asked if I could do the same thing for them. At some point it stopped being a thing I did occasionally for people I knew, and became something worth building properly so it didn't depend on me personally being available. That's kiflat.
What we actually believe
Six things we don't compromise on.
Your data doesn't leave this building.
Dashboard, content, sources: encrypted and siloed per account. We don't sell it, share it, or train on it. If we're ever compelled to hand something over, we tell you the moment we're legally able to.
Same person, every time.
You're not routed through a queue. The person who responds at 1am because something just dropped is the same person who already knows your case, so you're not re-explaining it from zero.
We turn down work we can't do well.
Some jurisdictions and content categories are hard to enforce in. If that's your situation, we say so on the first call instead of taking the money and underdelivering quietly.
The first 72 hours decide most of it.
We scan on an ongoing basis, not on a daily sweep. The point isn't more dashboards, it's catching a leak early enough that it hasn't finished spreading yet.
Threat profiles, not public callouts.
Leaker Search and the risk registry track repeat reposters and problem buyers, cross-referencing breach data to link aliases to the same person. That's for building a case and warning other creators, not for publishing names.
Leaving should be one click.
Cancel whenever, export everything you gave us on the way out. If you go, it should be because we didn't earn it, not because we made the door hard to find.
Where this is going
kiflat is what the manual version turned into once it had to work for people who'd never met me: the scraping, the monitoring, the takedown pipelines, the threat profiles, built so any creator can run it without needing to know me personally first.
The job hasn't changed since the first evening I spent pulling links by hand: get the work off sites it doesn't belong on, make it expensive for the people reposting it, and let creators spend their time on the part they actually signed up for.
Ready to take back your content?
Start protecting your work in minutes. No credit card required to start.