Law Enforcement / Legal Requests Policy

1. General Approach

DocuProof respects privacy, due process, and the confidentiality of customer information.

We do not voluntarily disclose customer content or account data to law enforcement, private parties, or government agencies except:

where required by applicable law;

in response to valid and binding legal process;

where necessary to prevent imminent harm, fraud, abuse, or threats to safety, where permitted by law; or

where a customer has expressly authorized the disclosure.

When we receive a request, we review it for facial validity, scope, jurisdiction, and legal sufficiency before responding.

2. Scope of This Policy

This Policy applies to requests seeking access to information that may be held by DocuProof in connection with our Services, including, where applicable:

subscriber or account registration information;

billing and transaction records;

login history and security logs;

metadata associated with files, communications, or verification events;

hashes, timestamps, certificates, and chain-of-custody records;

audit trail records;

customer support records;

preserved records;

customer-submitted content, uploaded files, attachments, or other stored materials.

Availability of any category of information depends on the customer’s configuration, service plan, storage model, retention settings, and whether the information is actually possessed or controlled by DocuProof.

3. Storage Model and Data Availability

DocuProof may operate using different storage models, including customer-hosted or third-party-connected storage environments.

As a result:

we may not possess or control all original files or communications associated with a verification record;

some data may reside only in a customer’s connected cloud storage, email, messaging, or third-party systems;

in some cases, we may hold only metadata, cryptographic hashes, timestamps, certificates, audit logs, or limited system records rather than the underlying content itself; and

data that has been deleted, expired, or never stored by DocuProof may not be available for disclosure.

Where requested data is not in our possession, custody, or control, we may be unable to produce it.

4. Required Form of Request

We generally require requests for customer information to be made through valid legal process, such as:

a subpoena;

court order;

search warrant;

production order;

regulatory demand with lawful authority; or

other legally binding request issued under applicable law.

Requests should be narrowly tailored and include enough information for us to identify the relevant account, user, record, or transaction.

We may reject, challenge, narrow, or seek clarification of requests that are:

overbroad;

vague or incomplete;

inconsistent with applicable law;

issued by a body lacking jurisdiction;

defective on their face; or

seeking information outside our possession, custody, or control.

5. Requests from Private Parties

We do not disclose customer information to private parties, civil litigants, employers, insurers, investigators, or other non-governmental persons solely based on informal requests.

If you are a private party seeking records, you must use the legally recognized process available in the relevant jurisdiction, such as a subpoena, court order, discovery request directed to the proper party, or other compulsory process.

In many cases, the most appropriate source of the requested information is the customer or account holder, not DocuProof.

6. Customer Notice

Unless prohibited by law, court order, or exceptional circumstances, we may notify the affected customer before disclosing their information in response to legal process.

We may decline to provide notice where:

notice is legally prohibited;

the request relates to an emergency involving danger to life, safety, or serious harm;

notice would create a risk of evidence destruction, flight, fraud, or obstruction;

the request is sealed or non-disclosure obligations apply; or

we reasonably believe notice would be unlawful or inappropriate.

Where appropriate, we may provide the customer an opportunity to seek legal relief before disclosure.

7. Emergency Requests

We may disclose limited information without prior legal process where we reasonably believe, in good faith, that disclosure is necessary to prevent imminent death, serious physical harm, or another emergency involving immediate danger, to the extent permitted by law.

Emergency requests should:

identify the requesting agency and authorized officer;

describe the nature of the emergency;

explain why the request is urgent;

specify the exact information sought; and

include sufficient identifiers to locate the relevant account or records.

Emergency disclosure decisions are made case by case. We may require follow-up legal process where appropriate.

8. Preservation Requests

We may, where legally appropriate and operationally feasible, preserve existing records for a limited period pending receipt of formal legal process.

A preservation request should:

be made by a person or authority with a legitimate legal basis;

identify the relevant account, claim, record, certificate, or other target with sufficient specificity; and

describe the basis for preservation.

A preservation request does not require us to disclose records, create new records, retain information indefinitely, or preserve information not already in our possession or control.

Unless otherwise required by law, preserved data may be retained only for a limited period.

9. Types of Information That May Be Disclosed

Subject to valid legal process, applicable law, and data availability, information disclosed may include:

A. Subscriber and account information

account name

organization name

email address

billing details

account creation date

subscription information

B. Transactional and system information

service usage records

login timestamps

IP logs

device or session logs

support tickets

configuration history

C. Verification-related information

certificate identifiers

hash values

timestamp metadata

audit logs

verification history

chain-of-custody entries

D. Stored content

files

attachments

communications

notes

metadata

records associated with a customer’s account

We will generally disclose only the information we determine is reasonably responsive and legally required.

10. What We Generally Do Not Do

Unless legally required, DocuProof generally does not:

provide voluntary bulk access to customer data;

produce data on informal request;

authenticate disputed facts beyond the actual platform records;

interpret legal significance of records for requesting parties;

provide legal advice;

create expert opinions or forensic conclusions solely because records were generated through the platform;

recover data that has already been deleted and is no longer available; or

alter normal security practices to accommodate informal requests.

11. International Requests

If we receive a request from an authority outside the jurisdiction where the data is stored or controlled, we may require that the request be made through an appropriate mutual legal assistance process, local court recognition process, or other lawful cross-border mechanism.

We may also evaluate whether compliance would conflict with applicable privacy, data protection, blocking, or secrecy laws.

12. Fees and Costs

We may charge reasonable fees, where permitted by law, for costs associated with responding to legal requests, including:

search and retrieval time;

legal review;

production preparation;

certification of records; and

extraordinary technical effort.

We may require advance payment where allowed.

13. Record Authentication and Certifications

Where appropriate and legally permitted, DocuProof may provide declarations, business records certificates, or similar administrative certifications regarding records maintained in the ordinary course of business.

Any such certification is limited to the scope of the records actually maintained by DocuProof and does not constitute:

legal advice;

a guarantee of evidentiary admissibility;

an expert forensic opinion;

or a statement that the underlying content is truthful or complete.

14. Challenges to Requests

Where appropriate, DocuProof may object to, move to quash, narrow, or otherwise challenge requests that we believe are unlawful, overbroad, procedurally defective, inconsistent with our obligations, or seek protected information.

Nothing in this Policy requires us to waive objections or privileges.

15. Data Retention and Non-Availability

Our ability to respond depends on whether the requested information exists and is retained at the time of the request.

We do not guarantee that any particular data will be available, and we are not obligated to retain data beyond our normal retention practices, contractual commitments, or legal obligations.

Data may be unavailable because it:

was never collected;

was stored only by a third party;

was deleted by the customer;

expired under retention settings;

was not preserved in time; or

is not accessible in the requested format.

16. Requests for User Information by Customers

Customers sometimes seek information about other users, participants, or connected parties through the platform.

Unless expressly permitted by product functionality, applicable law, and the governing contract, we generally do not disclose one customer’s or user’s non-public information to another customer or private party without valid legal process or clear authorization.

17. Security and Confidentiality

All legal requests should be submitted using secure contact channels designated by DocuProof.

We may require identity verification of the requester and may refuse to act on requests that appear fraudulent, insecure, or unauthorized.

We may keep records of requests, related correspondence, and disclosure decisions for compliance, audit, security, and legal purposes.

18. No Promise of Notification or Disclosure

Although we may provide notice to customers where appropriate, we are not obligated to provide notice in every case.

Likewise, receipt of a request does not guarantee that we will produce records. Disclosure depends on legal sufficiency, scope, availability, technical feasibility, and applicable law.

19. Transparency Reporting

DocuProof may publish aggregate transparency information about the number or types of law enforcement or legal requests received, to the extent legally permitted and operationally appropriate.

Any such reporting may be delayed, aggregated, anonymized, or limited.

20. How to Submit Requests

Legal requests should be sent to:

Legal Requests Contact

[Company Legal Name] / DocuProof

[Legal Department Address]

[Legal Request Email]

[Secure Submission Method, if any]

Emergency requests should be clearly marked:

URGENT EMERGENCY DISCLOSURE REQUEST

Preservation requests should be clearly marked:

PRESERVATION REQUEST

21. Required Information for Requests

To help us process a request, please include:

the name of the requesting agency, court, firm, or authority;

the name and contact information of the responsible officer or representative;

the legal basis for the request;

the specific records sought;

the relevant account, organization, certificate ID, claim number, email address, or other identifiers;

the applicable time period;

the deadline for response; and

and a copy of the signed legal process, where applicable.

22. Changes to This Policy

We may update this Policy from time to time by posting a revised version and updating the “Last Updated” date.

23. Important Disclaimer

This Policy describes DocuProof’s general practices only. It does not create legal rights for any person and does not limit our ability to respond as required or permitted by law.