Government Request Policy
Last updated: March 14, 2022
At Pax8, we value the privacy and security of our partners, their customers, and their data. Therefore, we have taken precautions designed to ensure that we are safeguarding the information entrusted to us by our users from any unlawful access or intrusions. This policy was created to provide greater transparency regarding the guidelines used by Pax8 to determine how and when we will process demands received from law enforcement, national security, and other regulatory bodies (“Government”) for information about our partners, their customers, their employees, and/or their users (“Partner Information”).
In addition, it is important to note that while this policy is not specifically intended to address requests for Partner Information arising from private or commercial disputes, Pax8 will, to the extent applicable, take the same precautions specified herein for such requests.
Safeguarding Partner Information
Upon receipt of a Government request for Partner Information, Pax8 takes the following steps into consideration before responding:
- Subject. Wherever possible, Pax8 believes that the Government should first seek to obtain the information that they are seeking directly from the partner, their customer, or end user who is the subject of the investigation before requesting such Information from Pax8.
- Authority. Pax8 will only provide Partner Information if the Government has appropriate authority under applicable law to request such information. Absent a valid warrant, subpoena, court order, equivalent legal process, or emergency situation, it is Pax8’s position not to provide Partner Information to the Government.
- Scope. Wherever possible, Pax8 will seek to ensure that any request for Partner Information is limited to a clear and reasonable scope about a specific customer account, request additional context if the nature of the investigation is not clear, and may push back on the request for other reasons. In the event Pax8 does provide information, it will be the minimum amount of information required to comply with the demand.
- Notice. Except in circumstances where Pax8 has been advised by the Government not to notify, is prohibited from doing so, or there is a clear indication of illegal conduct or risk of harm, Pax8 will notify the customer of a request before disclosing any Partner Information so that the partner or their customer may seek available legal remedies.
Information We Can Provide
The vast majority of requests we receive are for basic customer account-level information in connection with a Government investigation of potential fraud, a violation of law, or suspected bad actors who may be using our products or services.
The categories of Partner Information that may be hosted and retained by Pax8 depend on which Pax8 products or services are used. We strongly encourage Government officials to review our product and service offerings before preparing and submitting any warrant, subpoena, court order, or equivalent legal request.
Information Governments Must Provide
Government officials are asked to ensure that any requests for Partner Information be reasonable in scope and narrowly tailored to request only the information needed to complete their investigation. Each request must include contact information for the authorized Government official, including:
- Agency name
- Agent name and badge/identification number
- Agent employer-issued email address
- Agent phone number, including any extension
- Agent mailing address
- Requested response date
Where to Submit a Request
Pax8 accepts Government requests via email at [email protected]. While we agree to accept requests by this method, neither Pax8 nor our customers waive any legal rights based on this accommodation. Additionally, e-mail requests must be made from an official Government e-mail address.
All Government requests must be issued pursuant to applicable laws and made through official channels (e.g., executed order, Government e-mail address, etc.). In addition, requests must be made under appropriate legal basis, and a Mutual Legal Assistance Treaty request, a request from a country meeting the obligations under the U.S. CLOUD Act, letter rogatory, or other form of domestication may be required to establish the legal basis of the request.
We will review all international Government requests on a country-by-country and case-by-case basis in order to consider and balance our local legal obligations against our commitments to promote users’ safety and privacy. We may choose to respond differently to requests from different countries where these commitments conflict with local law.