At Code42, we take seriously both our customers’ expectations of confidentiality and law enforcement’s duties. Below are responses to some of the questions that our customers frequently ask about how we handle law enforcement requests for customer information.
If you are a law enforcement official or from a governmental entity and have a question, please contact us at firstname.lastname@example.org.
We answer the following questions:
- What does Code42 do when it receives a request from U.S. law enforcement for information about a customer or for customer data?
- Does Code42 notify customers of law enforcement requests?
- What kind of information may Code42 be required to produce in response to a law enforcement request?
- How does Code42 handle requests from law enforcement agencies outside the U.S.?
Questions and responses
Government entities must follow applicable laws when requesting information about our customers. When a request addresses one of our customers, we always attempt to redirect the government to obtain the information directly from our customer.
The Code42 legal team reviews law enforcement requests to ensure they meet the applicable legal requirements. If our legal team believes that a request is overbroad, we will seek to narrow it. Only if our legal team determines that the request has a valid legal basis will we provide customer information in response.
We notify customers by email before producing customer information in response to law enforcement requests, unless we are prohibited from doing so by statute or court order. We may also withhold notice in certain exceptional circumstances (for example, if necessary to prevent an imminent danger of death or serious physical harm). If we are prohibited from notifying a customer before producing information, we will notify the customer when the prohibition expires. We may not notify customers of requests to preserve information, but will provide notice as explained above before producing preserved information.
We may be required to produce non-content information in response to subpoenas or court orders. Non-content information includes data such as customer name, address, billing information, and certain service usage information (e.g. dates and times of activity). It does not include the content of customer backup data files stored in the Code42 cloud.
Code42 may be required to produce the content of backup data files stored in the Code42 cloud in response to a valid search warrant. A valid search warrant requires court approval based on a showing of probable cause that a crime has been committed and that information related to the crime is presently in the specific place to be searched. Customer backup data files are encrypted with a customer-controlled encryption key before transmission to Code42. If we are required to produce a customer’s backup data files in response to a valid search warrant, we will produce encrypted data files.
Code42 handles requests from law enforcement agencies outside the U.S. pursuant to applicable law, which in some circumstances may require Code42 to produce customer information.