Security Portal Guidelines for Law Enforcement Requests

Effective starting: January 10, 2017

These operational guidelines are a reference for law enforcement officials seeking customer account records and customer content (“Customer Information”) from Security Portal.

These guidelines are created as a courtesy and do not create obligations concerning how Security Portal will respond in any particular case.

Security Portal’s policy on responding to law enforcement requests

Security Portal respects the rules and laws of the jurisdiction in which it operates as well as the privacy and rights of its customers. Consequently, Security Portal provides Customer Information in response to law enforcement requests only when we reasonably believe that we are legally required to do so. To protect our customers’ rights, we scrutinize all requests to ensure that they comply with the law.

To obtain Customer Information from Security Portal, law enforcement officials must provide legal process sufficient to compel production of the type of information sought, such as a subpoena, court order, or a warrant.

For example, Security Portal will not provide non-public customer content unless served with a valid search warrant, issued on a showing of probable cause by a federal or state court authorized to issue search warrants, which requires Security Portal to disclose the content.

What Security Portal customer information may be available in response to a lawful request?

Security Portal may have the following information available in response to a valid, enforceable government demand:

Customer Account Records

    • Email address; other optional fields may be available if voluntarily supplied by the customer, including: name, phone number, screen name, department, position, homepage URL, location, country of origin, about me, avatar type, avatar URL, and instant messenger ID.
    • IP addresses associated with log-ins to a specific customer instance or user account
    • URLs accessed and time/date of that access
    • Billing contact information (name and billing address) in connection with paid accounts

SPAccess

    • User ID, name, email, other contact details
    • Time and date that a user account was created and last accessed
    • IP addresses associated with log-ins to a user account
    • Types of devices associated with an account
    • User access information for each customer instance
    • Customer content and attachments
    • Uploaded files

Will Security Portal preserve customer information?

Yes. Security Portal will preserve customer information for 90 days upon receipt of a valid request. Security Portal will preserve information for an additional 90-day period upon receipt of a valid request to extend the preservation. If Security Portal does not receive formal legal process for the preserved information before the end of the preservation period, the preserved information may be deleted when the preservation period expires.

Preservation requests must be sent on official law enforcement letterhead, signed by a law enforcement official, and must include:

    • The relevant account information identified below (“What Security Portal customer information must I include in my request?”) for the customer whose information is requested to be preserved
    • A valid return email address
    • A statement that steps are being taken to obtain a court order or other legal process for the data sought to be preserved

Preservation requests may be sent via the service methods described below (“How do I serve a data request on Security Portal?”).

How do I serve a data request on Security Portal?

A preservation request or request for production of documents may be sent via email, certified mail or express courier, or delivered in-person to our U.S. corporate headquarters:

Security Portal SRL
Attn: Legal Department
5th Faget Street, Bl. 12H, Ap. 35
Ploiesti, PH, 100271
Romania
lawenforcement@securityportal.ro

Requests seeking testimony must be personally served on our registered agent for service of process. We do not accept those requests in person or via email.

While we agree to accept service of law enforcement requests by these methods, neither Security Portal nor our customers waive any legal rights based on this accommodation.

Each request must include contact information for the authorized law enforcement agency official submitting the request, including:

    • Requesting agency name
    • Requesting agent name and badge/identification number
    • Requesting agent employer-issued email address
    • Requesting agent phone contact, including any extension
    • Requesting agent mailing address (P.O. Box will not be accepted)
    • Requested response date (see details below for emergency requests)

What Security Portal customer information must I include in my request?

When requesting customer information, please provide as much of the following information that is available at the time of the request. Failure to provide the following information may hinder Security Portal’s ability to respond in a timely manner or to provide responsive records.

    • User details:  username / email address / account ID
    • Customer details: Client name / client email / account ID

Will Security Portal notify customers of requests for account data?

Yes.

Security Portal’s policy is to notify customers of requests for their data and give them the opportunity to object to the disclosure 7-10 days prior to production unless such notification is prohibited by law.  Security Portal may shorten the notice period in its discretion, but generally only does so in emergency situations. Law enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other process that specifically prohibits customer notification, such as an order issued under 18 U.S.C. Section 2705(b).

Further, if your request places Security Portal on notice of an ongoing or prior violation of our terms of use, we will take action to prevent further violation, including account termination and other actions that may notify the user that we are aware of their misconduct. If you believe in good faith that taking such actions will jeopardize your ongoing investigation, you may request that Security Portal defer such action in your request and Security Portal will take your request for deferment under advisement. It is the responsibility of the requesting law enforcement official to make this request, as it is Security Portal’s policy to enforce its terms of use.

Are there additional requirements for international requests?

Yes.  Security Portal will respond to requests for Customer Information from foreign law enforcement agencies that are issued for their citizens or via a court order either by way of a Mutual Legal Assistance Treaty request or letter rogatory.  It is our policy to respond to such court ordered requests when properly served.

Costs

Security Portal reserves the right to seek reimbursement for the costs associated with responding to law enforcement data requests, where appropriate.

What should I do if I have an emergency request for data?

Security Portal evaluates emergency requests on a case-by-case basis. If you provide information that gives us a good faith belief that there is an emergency involving imminent harm to a child or the risk of death or serious physical injury to a person, we may provide information necessary to prevent that harm if we are in a position to do so.

You may submit an emergency request via email to lawenforcement@securityportal.ro with the subject line: Emergency Disclosure Request.

Please include all of the following information:

    • Identify the person who is in danger of death or serious physical injury, or the child who is at risk of imminent harm or otherwise provide information sufficient to support a claim that a person is in danger of death or serious physical injury;
    • The nature of the emergency;
    • The relevant account information identified above (“What Security Portal customer information must I include in my request?”) for the customer whose information is necessary to prevent an emergency;
    • The specific information requested and why that information is necessary to prevent the emergency; and
    • All other available details or context regarding the particular circumstances.