Last Updated January 2017

Law Enforcement and Government Demands Policy

Purpose

This Policy addresses situations where law enforcement officials or other competent government authorities (“Government Authority”) seek records from Krush Technologies, LLC or Krush Technologies, Inc. (collectively “Krush”). It is the responsibility of every Krush employee to maintain the confidentiality of customer, employee, and other information contained in Krush’s business records (“Business Records”), and to only disclose those Business Records consistent with the terms of this Policy.

Policy Statement

Krush is headquartered in the United States. In accordance with United States law, Krush will produce Business Records when compelled by court authorized warrants, subpoenas, and orders. Krush may also provide Business Records to an authorized user with that user’s written consent. The user will bear responsibility for any costs to the extent permitted by law. Krush accepts e-mail (law.enforcement@krush.com) of a valid subpoena. For stored content, including text messages, media history, and video call history, the Stored Communications Act, 18 U.S.C. § 2701 et seq specifies the legal requirements governing these disclosures.

Child Safety

In responding to a matter involving imminent harm to a child or risk of death or serious physical injury to any person that requires disclosure of information without delay, Krush will only respond to messages from a Government Authority. Non-law enforcement officials or other users aware of an emergency situation should immediately and directly contact local law enforcement officials.

NCMEC

We report all apparent occurrences of child exploitation appearing on our service from anywhere in the world to the National Center for Missing and Exploited Children (NCMEC), including content drawn to our attention by requests from Government Authorities. NCMEC coordinates with the International Center for Missing and Exploited Children and law enforcement authorities from around the world. If a request relates to a child exploitation or safety matter, please specify those circumstances (and include relevant NCMEC report identifiers) in the request to ensure that we are able to address these matters expeditiously.

User Notice

Law enforcement officials who believe that notification of a user would jeopardize an investigation should obtain an appropriate court order or other appropriate process establishing that notice is prohibited. If Krush is prohibited by law from notifying the user Krush will not notify the user. If a Government Authority’s data request draws attention to an ongoing violation of our Terms of Use, we may take action to prevent further abuse, including actions that may notify the user that we are aware of their misconduct.

Process and Procedure

When a Government Authority presents a request for Business Records to a Krush employee or representative, it is the policy of Krush to conform to the following procedures:

  1. Review Process.

    If a court order or other legal demand compelling the production of the Business Records (“Order”) is presented, Krush will review it, with the assistance of counsel, for any legal defect, including: (i) the manner in which it was served, (ii) the breadth of the request, (iii) its form, or (iv) failure to conform to the Stored Communications Act and other applicable legal requirements. If a defect exists, Krush will consider the best method to proceed or resist the Order.
  2. Non-US Demands Process.

    It is the policy of Krush not to respond to an Order that exceeds the jurisdictional reach of the requesting Government Authority, and not to violate applicable privacy laws, anti-investigatory or “blocking” statutes, or other foreign data transfer restrictions (“Data Restrictions”) when responding to Orders. In “conflict” situations, where an applicable Order without legal defect would require the production of Business Records contrary to applicable Data Restrictions, Krush will determine how to respond with the assistance of counsel. The Government Authority must use the Mutual Legal Assistance Treaty request process or other comparable arrangements that would facilitate the production of information consistent with any applicable Data Restrictions.
  3. Strict Scope Limitations.

    If proper to produce Business Records in response to an Order, Krush will oversee the review of information that may be required to be produced in response to the Order before releasing the Business Records, and will follow the Order strictly. Krush’s policy is to withhold any information that is not specifically required in an Order, including by redacting portions of the Business Records, where appropriate. Krush may also consider whether to seek a reduction in the Order’s scope with the Government Authority.
  4. Protective Orders.

    If disclosure is required, Krush may ask the Government Authority or any relevant court to enter a protective order to keep Business Records confidential, and limit their use.

Penalties for Violation of this Policy

To the extent permitted by applicable law, employees are responsible for intentional or willful violations of this Policy, and may be terminated for cause when intentionally or willfully violating this Policy.