apple.vc — Audited Risk-Control Plan

What This Folder Is

• This is not a built product repository.
• The folder contains legal-risk framing and defensive policy drafts for the domain itself.

Evidence From The Folder

• legal-guardrails.md frames the domain primarily as a legal-risk management problem.
• terms-draft.md is a defensive terms draft focused on non-affiliation and controlled use.
• There is no visible application code, deployment config, or runtime implementation in this folder.

Actual Planning Priority

• The primary issue is trademark and confusion risk, not infrastructure.
• The first plan should be domain-risk containment and migration readiness.
• Infrastructure decisions should stay secondary until there is a justified safe use case.

Safe Direction

• Use only for narrow private intake, if used at all.
• Avoid public branding, SEO growth, or anything that increases confusion risk.
• Keep a clean replacement domain ready.
• Build any real public product on a non-conflicting domain.

Cloudflare Use, If Any

• Cloudflare can still be used for the delivery layer if the domain remains active.
• The right Cloudflare posture here is defensive:
• Pages or static Worker delivery for a minimal controlled page
• Access for any restricted workflow
• WAF and rate limiting
• fast switch-over to a replacement domain

What Should Not Be Assumed

• Do not treat this as a normal product-build domain.
• Do not invest in a full application architecture here before deciding whether the domain should even remain active.
• Do not push public growth, search traffic, or brand acquisition through this domain.

Implementation Sequence

• Decide whether the domain should be retired, held, or used only for narrow intake.
• Keep any public page minimal and legally defensive.
• Maintain a migration-ready replacement domain.
• If any workflow is kept, put it behind Cloudflare Access and non-indexed delivery.

Definition of Done

• The plan reflects that legal risk is the primary constraint.
• Any infrastructure choice is subordinate to risk reduction.
• The domain can be shut down, redirected, or replaced quickly if challenged.

⚙ HARD CONSTRAINTS (enforced for all sites)

This domain MUST operate within these constraints — no exceptions:

• 100% Cloudflare serverless — Workers + D1 + R2 + KV + Workers AI + Vectorize. NEVER PM2, NEVER VPS, NEVER Docker in production path.
• 100% AI-automated — every customer interaction, every moderation decision, every transaction reconcile = AI. No manual queue, no live human chat support, no physical fulfillment.
• 1-operator solo — one person can run the entire operation from a phone. No team meetings, no shared inbox, no shift rotation.
• WhatsApp AI bot for all support (24/7, instant response, no SLA promises that need humans).
• Mayar QRIS for all Indonesian payments (subscription auto-renew, no manual invoicing).
• Indonesian UI primary — bahasa-first, English fallback only where unavoidable.
• Privacy — opt-in only, delete-on-request honored within 24h (cron-driven).
• No physical goods, no inventory — digital products + affiliate referrals only.

If the plan above describes any flow that violates these constraints, treat the plan as ASPIRATIONAL only and rework before building. The constraint trifecta wins.