← Help Center

Help Center / Common first-week mistakes

Onboarding · Field guide

Common first-week mistakes

What to avoid in your first month with Checkstep - a field guide for new Trust & Safety teams.

5 min readFor new T&S teams

Going live with content moderation is the easy part. The first-week mistakes are what separate the teams that nail it from the teams that fight their tools for the next six months.

Every item below comes from a Pro tip, Watch For, or Callout block scattered across the existing Checkstep help articles. They're pulled into one place because the second week is too late to find them.

Print this. Post it where your team can see it during their first month. Each mistake links back to the depth in the help center if you want the long version.

Policy mistakes

Most policy mistakes are about confusing the layers of a policy or treating them as interchangeable. The Checkstep policy has three layers - Description, Internal Guidelines, Rules - and each one does a different job.

Copying policy text into your LLM labels

What happens: The label becomes circular. It tells the model to look for X by describing X. False positives surge and accuracy drops within the first week.

Fix: Write labels as behaviors the LLM can actually detect. "False promises of guaranteed investment returns, deceptive loan offers, unsolicited cryptocurrency promotions" beats "Financial spam" every time. The strong label describes observable content; the weak label describes a category.

Source: Advanced Policy & ModBot - Writing better LLM labels

Treating Strategies and rules as the same thing

What happens: New users add labels to strategies but no rules - the strategies tag content but nothing happens. Or they add rules with labels that aren't on any active strategy - references break silently.

Fix: Strategies live under Settings → Strategies and are configured globally. Rules live inside individual policies. Strategies produce labels; rules decide what to do with them. If you remember nothing else from your first week, remember this distinction.

Source: Building Your Policies - Understanding strategies

Setting thresholds once and forgetting them

What happens: A 70% confidence score from AWS Rekognition means something genuinely different from a 70% from an LLM classifier. Setting the same threshold across both models produces unpredictable results.

Fix: Plan a tuning session with your account manager one to two weeks after going live. Your day-one thresholds are starting points, not final settings. Different models need different thresholds; you can't infer the right numbers without observed data.

Source: Building Your Policies - Thresholds & confidence scores

Writing Internal Guidelines as restatements of the public policy

What happens: Moderators (and ModBot) need more context than your users do. If your internal guidelines simply restate the public-facing policy, edge cases land inconsistently and you'll see disagreement between moderators within the first few days.

Fix: Internal guidelines should cover what users don't see: regional exceptions, age-related thresholds, edge cases, escalation criteria, and paired examples (content that looks similar but lands on opposite sides of the line).

Source: Building Your Policies - Internal guidelines

AI tuning mistakes

These are about working with the AI rather than against it. The reflex when something's wrong is often to adjust the model. Almost always, the actual fix is upstream.

Writing macro labels instead of micro behaviors

What happens: A label like "political content" can't be matched against actual posts. It's too broad and too interpretive - the LLM produces noisy results because the target is fuzzy.

Fix: Break the macro into micros. "Political content" becomes "debates about election outcomes, partisan attacks on named figures, discussion of specific policy legislation." Each micro is something the model can actually decide on.

Source: Advanced Policy & ModBot - Writing better LLM labels

Adding a new label and immediately creating a rule for it

What happens: You're acting on a signal before you know whether the signal is good. A bad threshold combined with a poorly-defined label produces enforcement actions you'll have to clean up via appeals.

Fix: Add the label first. Let it run for a few days. Review what it's tagging in your dashboard. Refine the label description if needed. Only create a rule once the label is reliably catching the right content.

Source: Advanced Policy & ModBot - Labels you can experiment with safely

Blaming the AI when ModBot makes a wrong call

What happens: The reflex is to dig into model tuning. The actual issue is usually ambiguous policy text - ModBot followed your instructions correctly; the instructions just didn't cover this case.

Fix: When ModBot gets it wrong, read the rationale it wrote. Look at which policy clause it cited. The fix is almost always in the policy or internal guidelines, not the AI. ModBot is a capable but literal team member that does exactly what your written instructions say.

Source: Advanced Policy & ModBot - Tuning policies for ModBot

Operational mistakes

Operational mistakes are usually about not letting the system tell you what it knows. The platform surfaces signals about its own health - ignoring them in week one means cleaning up bigger problems in week three.

Going live with auto-enforcement turned on from day one

What happens: Untested thresholds plus auto-enforcement equals false positives that upset real users. Fixing it after the fact is much harder than just observing first.

Fix: Run in review-only mode for the first week. Watch what the AI flags. Confirm the labels are accurate and the thresholds are sane. Then turn on auto-enforcement, one policy at a time.

Source: Setup Checklist - Step 2 Pro tip

Ignoring the human review queue size signal

What happens: Queue grows faster than your team can clear it. Backlog builds invisibly until someone flags it in week three - and by then there's a triage problem on top of the original tuning problem.

Fix: Queue size is the earliest signal that your thresholds need adjustment. Watch it daily for the first month. A consistently growing queue means you're sending too much for review (loosen thresholds) or you need more moderators.

Source: Measuring What Matters - Crawl stage metrics

Treating a high dismiss rate as a productivity number

What happens: If 50% of the items your moderators review get dismissed (no violation found), that's not throughput - that's your team spending half their day on content that didn't need them.

Fix: Above 40–50% dismiss rate in the review queue is a strong signal your thresholds need raising. The right metric is the share of reviewed items that result in real action.

Source: Measuring What Matters - False positive rate

Optimizing thresholds before there's enough data to know what normal looks like

What happens: Adjusting thresholds in week one based on three days of data produces wild swings. You're reacting to noise rather than signal.

Fix: Two weeks of baseline data before any meaningful tuning. Crawl-stage metrics in the first month are about understanding what normal looks like for your platform - not about optimizing.

Source: Measuring What Matters - Crawl stage

Compliance and integration mistakes

These are smaller in number but bigger in blast radius. A compliance mistake doesn't inconvenience your team - it creates a regulatory or security incident.

Sharing Transparency Portal redirect URLs

What happens: Redirect URLs contain unique authentication tokens. Sharing one outside the content's author is a privacy and security incident. The token expires after six hours - but a screenshot in a Slack channel doesn't.

Fix: Never share redirect URLs. They're for the content's author only. If you need to discuss a case internally, use the case ID and the moderation dashboard, not the user-facing redirect link.

Source: API Integration Guide - Transparency

Turning off webhook retries during a downstream incident

What happens: Your downstream system is down, webhooks pile up, somebody on the team turns retries off to "stop the noise." Real moderation events disappear into the gap.

Fix: Let retries run. If your downstream system will be down for longer than the standard three attempts, contact Checkstep support to request extended retry handling. Turning them off is almost never the right move.

Source: API Integration Guide - Error handling and retries

Skipping HMAC payload signing on webhooks

What happens: Without signing, anyone who knows your webhook endpoint URL could spoof a moderation event. It's a credential-free attack surface most teams forget about.

Fix: Enable signing during initial setup. The 24-hour key rotation window means you can rotate keys later without downtime; there's no good reason to skip this.

Source: API Integration Guide - Payload signing

Not testing the appeals flow before going live

What happens: The DSA and the OSA both require functional appeals processes. If yours breaks the first time a real user submits one, you have a compliance incident on top of an angry user.

Fix: Run a test appeal through the Transparency Portal before going live. Verify it lands in the moderation queue, that your reviewers can see the original content + the appeal note, and that the decision flows back through your downstream notification system.

Source: Setup Checklist - Step 6

How to use this list

Print it. Tape it to a wall your Trust & Safety team will see during their first month of operations. Talk through each item once during your team's first onboarding meeting.

Every mistake above links back to a fuller treatment in the Checkstep help center. The point of this guide isn't to be exhaustive - it's to be visible at the moment when most of these mistakes get made.

If your team hits a mistake we don't cover here, send it to your account manager. The next version of this list should include it.