We may some day receive requests to take action towards some of our users' accounts.
Foreign governmental entities, corporations, private individuals or internet security organizations are some of the third parties we expect to receive potential requests from.
As a privacy-first service, Cryptee is engineered so that we can't see the unencrypted contents of our users' files. We only have access to fully encrypted pieces of your files, which as we state in our security section are encrypted using AES256 on your device, we do not have the mathematical ability to open, and it would take a supercomputer millions of years to crack open by force-guessing.
Even if we receive any requests through legal channels to take action, the only two things we may be legally obligated to do are either to provide the encrypted data, or to retain user data. These requests will typically come from the police when they're asked to assist in a domestic or international investigation. In these rare circumstances, we may be asked to permanently retain a copy of user data to prevent the destruction of evidence in an ongoing criminal investigation. However for these requests, the data is only retained, and is NOT handed over to any third parties.
We may also sometimes act upon other types of requests. If presented with overwhelming evidence that the account in question is being used for illegal purposes against our Terms and Conditions, we will shut down the offending account immediately. The definition of legality is based on Estonian law, and illegal purposes include activities such as phishing, ransomware, identity theft etc. However even if we take action and shut down an account, we will under no circumstances hand over data, as it would be illegal to do so without a court order.
At this time we have nothing to report. We will update this section as frequently as we can if / once we start receiving requests.