We expect to receive requests to take action towards some of our users' accounts.
Foreign governmental entities, corporations, private individuals or internet security organizations are some of the third parties we expect to receive potential requests from.
As a privacy-first service, we can't see the unencrypted contents of our users' documents, notes, photos or files. We only have access to fully encrypted pieces of these information, which as we state in our security section is military-grade encrypted, we do not have the ability to open, and it would take a supercomputer millions of years to crack open.
You can read more about what we can and can't see, what we have access to and more information on our security / privacy and encryption systems in our security page.
Even if we receive any requests through legal channels to take action, the only two things we may be legally obligated to do are either to provide the encrypted data, or to retain user data. These requests will typically come from the police when they're asked to assist in a domestic or international investigation. In these rare circumstances, we may be asked to permanently retain a copy of user data to prevent the destruction of evidence in an ongoing criminal investigation. However for these requests, the data is only retained, and is NOT handed over to any third parties.
We may also sometimes act upon other types of requests. If presented with overwhelming evidence that the account in question is being used for illegal purposes against our Terms and Conditions, we will shut down the offending account immediately. Legality is defined based on Estonian law, and illegal purposes include activities such as phishing, ransomware, identity theft etc. However even if we shut down an account, we will under no circumstances hand over data, as it would be illegal to do so without a court order.
At this time we have nothing to report, however we will update this section as frequently as we can once we start receiving requests.