Law Enforcement Guidelines
These guidelines are intended for law enforcement authorities seeking information about a Hippobyte account.
Requesting Hippobyte User Information
Safeguarding our users’ data is vital to the trust our users place in our service to keep their data secure. For the most part, Hippobyte’s ability to disclose user information is governed by the Electronic Communications Privacy Act, 18 U.S.C. §2701, et seq. (“ECPA”). ECPA mandates that Hippobyte disclose certain user information to law enforcement only in response to specific types of legal process, including subpoenas, court orders, and search warrants.
We can’t process overly broad or vague requests. If your inquiry alerts us to a violation of our policies or Terms of Service, we will handle it via our usual abuse procedures, which may include contacting the user regarding their misconduct or suspending the site entirely.
What Information Is Available?
Our Privacy Policy describes the information that we collect in more detail. In general, we have:
- The email address currently assigned to the account.
- The IP address from which a user created an account.
- The date and time at which a user created an account.
- First name, last name, and phone number (if a user elects to provide this information).
- The contents of the account itself (if the user has not deleted the account).
We cannot guarantee that we will have any given set of information for any particular user.
The length of time data is retained varies based on the type of information and actions of the user. Generally, Account contents are purged immediately upon deletion by the customer. Hippobyte accounts can contain various information, which is unverified and is provided at the user’s discretion.
Before revealing information to anyone who is not the account owner, we require a valid subpoena, warrant, or court order that specifically requests it, unless we have a good faith belief that there is an emergency involving death or serious physical injury. See below for more details.
What Information Is Unavailable?
Here are some examples of data which we are unable to provide:
- Connection Logs.
- Credit Card information.
- Telephone or instrument numbers.
- Records of session times and durations.
- MAC addresses.
Requests from Government Agencies/Law Enforcement
- Except in emergencies (see more below), Hippobyte turns over protected user information only upon receipt of a valid subpoena, ECPA US court order, or search warrant. Additionally, we will notify affected users about any requests for their account information, unless prohibited from doing so by law or court order (see more below).
- Upon receipt of a valid subpoena, if these pieces of information are available, we can provide user registration information such as the first and last names, phone number, email address, the date/time stamped IP address from which an account was last accessed, the physical address, and the PayPal / Stripe transaction information.
- Upon receipt of a valid ECPA court order, if these pieces of information are available, we can provide access logs which might reveal a user’s movements over a period of time, account or private repository settings (for example, which users use certain services, etc.), security access logs other than account creation or for a specific time and date.
- Upon receipt of a valid search warrant, if these pieces of information are available, we can disclose content of customer accounts, the content of user communications with customer support, or other forms of content data.
- For legal requests from government agencies/law enforcement outside of the United States, we require that the request be served via (1) a United States court, (2) an enforcement agency under the procedures of an applicable mutual legal assistance treaty (MLAT), or (3) an order from a foreign government that is subject to an executive agreement that the Attorney General of the United States has determined and certified to Congress satisfies the requirements of 18 U.S.C. 2523.
Emergency Requests
As US law permits, we may disclose user information to law enforcement without a subpoena or warrant when we believe that doing so without delay is necessary to prevent death or serious physical harm to an identifiable victim. We require emergency requests to be made in writing via email and include all the information available so that we may evaluate the urgency of the request. Please see the example imminent harm request below for emergency process details.
Notification to Hippobyte Users
Hippobyte’s policy is to notify users of requests for their account content, which includes a copy of the request, as soon as we are able (e.g., prior to or after disclosure of account information) unless we are prohibited from doing so (e.g., an order under 18 U.S.C. § 2705(b)). We ask that any non-disclosure provisions include a specified duration (e.g., 90 days) during which Hippobyte is prohibited from notifying the user. Exceptions to user notice may include exigent or counterproductive circumstances, such as emergencies regarding imminent threat to life, child sexual exploitation, or terrorism.
Preservation Requests for Hippobyte Accounts
Hippobyte honors requests from law enforcement to preserve information in accordance with 18 U.S.C. § 2703(f). Upon receiving a valid preservation request, Hippobyte will preserve available account information associated with the username listed in the request in an offline file for up to 90 days and will extend the preservation for one additional 90-day period on a renewed request. Preservation of data is restricted to what is specifically and explicitly requested.
Submitting Legal Requests
Any legal request for user account information (routine and emergency, including preservations, must include a valid email address for us to return the requested information or contact with questions. Hippobyte communicates only via email with a confirmed receipt.
Where permitted, Hippobyte prefers to receive service via email to legal@hippobyte.com.
Legal process can be served by mail to:
Hippobyte, Inc
Attn: Legal Department
1535 Bellevue Ave, Suite 823
Seattle, WA 98122
Do make your requests specific and narrow, including the following information:
- Full information about authority issuing the request for information
- The name and identification number of the requesting agent
- An official email address and contact phone number
- The account name, date range of interest
- The description of the types of records you seek
Please allow two weeks for us to review your request. Hippobyte reserves the right to make changes to any of the foregoing practices in its sole discretion.
Emergency and Imminent Harm Request
Hippobyte evaluates emergency disclosure requests on a case-by-case basis in compliance with relevant law (e.g.,18 U.S.C. § 2702(b)(8) and Section 8 Irish Data Protection 1988 and 2003). If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information necessary to prevent that harm, if requested information is in our possession.
All requests must be on investigating agency or department letterhead sent from an official government email address. Use email subject “Legal Emergency Disclosure Request”.
It is Hippobyte’s policy to notify a customer of the emergency law enforcement requests 90 days after the request is received.
Example Emergency Disclosure Request.
I request release of records for the Hippobyte account associated with _________________ [account name, time range] on an emergency basis pursuant to 18 U.S.C. § 2702(b)(8) and § 2702(c)(4).
I have provided below answers to the following questions in enough detail as I am able in order to provide a good-faith basis for releasing records on an emergency basis:
- What is the nature of the emergency involving a danger of death or serious physical injury?
- Whose death or serious physical injury is threatened?
- What specific information in Hippobyte’s possession related to the emergency are you requesting?
_________________
Signature of Sworn Officer
_________________
Printed Name of Sworn Officer
_________________
Printed Name of Requesting Agency
_________________
Date and Time of Request
Preservation Request
All requests must be on investigating agency or department letterhead sent from an official government email address. Use email subject “Legal Preservation Request”.
Example Preservation Request.
The account listed below is the subject of an ongoing criminal investigation. It is requested pursuant to 18 U.S.C. § 2703(f) that the subscriber information associated with said account be preserved pending the issuance of a search warrant or other legal process seeking disclosure of such information:
[Specify account information and date of account to be preserved]
Thank you for your assistance in this matter.
_________________
Signature of Sworn Officer
_________________
Printed Name of Sworn Officer
_________________
Printed Name of Requesting Agency
_________________
Date and Time of Request