Last Updated February 2016

Law Enforcement and Government Demands Policy

Purpose

This Policy addresses situations where law enforcement officials or other competent government authorities (“Government Authority”) seek records from Krush Technologies, LLC or Krush Technologies, Inc. (collectively “Krush”). It is the responsibility of every Krush employee to maintain the confidentiality of customer, employee, and other information contained in Krush’s business records (“Business Records”), and to only disclose those Business Records consistent with the terms of this Policy.

Policy Statement

Krush is headquartered in the United States. In accordance with United States law, Krush will produce Business Records when compelled by court authorized warrants, subpoenas, and orders. Krush may also provide Business Records to an authorized user with that user’s written consent. The user will bear responsibility for any costs to the extent permitted by law. Krush accepts e-mail (law.enforcement@krush.com) of a valid subpoena. For stored content, including text messages, media history, and video call history, the Stored Communications Act, 18 U.S.C. § 2701 et seq specifies the legal requirements governing these disclosures.

Child Safety

In responding to a matter involving imminent harm to a child or risk of death or serious physical injury to any person that requires disclosure of information without delay, Krush will only respond to messages from a Government Authority. Non-law enforcement officials or other users aware of an emergency situation should immediately and directly contact local law enforcement officials.

NCMEC

We report all apparent occurrences of child exploitation appearing on our service from anywhere in the world to the National Center for Missing and Exploited Children (NCMEC), including content drawn to our attention by requests from Government Authorities. NCMEC coordinates with the International Center for Missing and Exploited Children and law enforcement authorities from around the world. If a request relates to a child exploitation or safety matter, please specify those circumstances (and include relevant NCMEC report identifiers) in the request to ensure that we are able to address these matters expeditiously.

User Notice

Before making disclosures, our policy is to notify Krush users whenever we receive a request for their information, unless we are prohibited by law from doing so. We deviate from this policy only in exceptional circumstances, such as child exploitation cases, emergencies, or when notice to our user would be counterproductive. We will provide delayed notice upon expiration of a specific non-disclosure period in a court order, and where we have a good faith belief that exceptional circumstances no longer exist. Law enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other appropriate process establishing that notice is prohibited. If a Government Authority’s data request draws attention to an ongoing violation of our Terms of Use, we may take action to prevent further abuse, including actions that may notify the user that we are aware of their misconduct.

Process and Procedure

When a Government Authority presents a request for Business Records to a Krush employee or representative, it is the policy of Krush to conform to the following procedures:

  1. Review Process.

    If a court order or other legal demand compelling the production of the Business Records (“Order”) is presented, Krush will review it, with the assistance of counsel, for any legal defect, including: (i) the manner in which it was served, (ii) the breadth of the request, (iii) its form, or (iv) failure to conform to the Stored Communications Act and other applicable legal requirements. If a defect exists, Krush will consider the best method to proceed or resist the Order.
  2. Non-US Demands Process.

    It is the policy of Krush not to respond to an Order that exceeds the jurisdictional reach of the requesting Government Authority, and not to violate applicable privacy laws, anti-investigatory or “blocking” statutes, or other foreign data transfer restrictions (“Data Restrictions”) when responding to Orders. In “conflict” situations, where an applicable Order without legal defect would require the production of Business Records contrary to applicable Data Restrictions, Krush will determine how to respond with the assistance of counsel. The Government Authority must use the Mutual Legal Assistance Treaty request process or other comparable arrangements that would facilitate the production of information consistent with any applicable Data Restrictions.
  3. Strict Scope Limitations.

    If proper to produce Business Records in response to an Order, Krush will oversee the review of information that may be required to be produced in response to the Order before releasing the Business Records, and will follow the Order strictly. Krush’s policy is to withhold any information that is not specifically required in an Order, including by redacting portions of the Business Records, where appropriate. Krush may also consider whether to seek a reduction in the Order’s scope with the Government Authority.
  4. Protective Orders.

    If disclosure is required, Krush may ask the Government Authority or any relevant court to enter a protective order to keep Business Records confidential, and limit their use.

Penalties for Violation of this Policy

To the extent permitted by applicable law, employees are responsible for intentional or willful violations of this Policy, and may be terminated for cause when intentionally or willfully violating this Policy.