We also provide a Simplified Chinese version of this document.
This paper is based on the EU General Data Protection Regulation and its related policy documents, where the principle of data sharing exemptions is intended to safeguard the interests of other users or society as a whole, as well as order.
Generally, when we carry out data processing, your personal data will only be processed by automated processes, i.e. no organization or individual will have access to any of your data while it is being processed, and this article sets out when we may process or transfer your personal data without notifying you.
While we take the privacy of our users seriously, we recognize that in some cases law enforcement can legally and compliantly request data necessary to ensure the safety of our users and us and to prevent misuse of our technology, and we strive to find the best possible balance between lawfulness and privacy.
Amount of data disclosed
As of today, the total amount of each data we have disclosed to law enforcement agencies is zero.
Transparency reports
We publish transparency reports each quarter (or not if there are no data requests for that quarter) that contain the total number of data requests, denials, and eventual disclosures from law enforcement in each region.
Even if the relevant data request is accompanied by a confidentiality order, we will add it to the total number of data requests, with the difference that data requests accompanied by a confidentiality order may be delayed in disclosure to the relevant data subject.
Strict scrutiny of the identity of the requester
We strictly examine the identity of the requestor and the legitimacy of the request, and we do not accept data requests from any individual or business.
Our Compliance Department only accepts data requests from certified law enforcement agencies in connection with criminal cases. Each request is subject to rigorous review by the Compliance Department and will be disclosed to the relevant data subject after the fact. Depending on the type of data requested, we require a written search warrant or court subpoena from the requesting party.
For non-content data (referred to in the law as non-content data)
Required: Summons or local document of the same legal nature.
For content data (referred to in the law as content data)
Required: Search warrant, court order or local document of the same legal nature.
In addition, we clearly delineate the boundaries of data provision to governments in strict compliance with relevant national laws and international human rights standards. We also challenge requests when there is a legitimate basis for doing so, to ensure that the rights of data subjects are safeguarded.
Transparency policy
For general data requests, we will send a data disclosure notice to the data subject. (If the data request is accompanied by a confidentiality order, the disclosure notice may be delayed.)
Strict control over the scope of data disclosure
When disclosing data, we follow the principle of data minimization and, as far as possible, provide only the necessary information.
We have zero tolerance for any illegal pornography of children, and we routinely share non-sensitive, anonymous data with the National Center for Missing and Exploited Children (NCMEC) and relevant law enforcement agencies in a legally compliant manner.
We cite Directive 2002/58/EC of the European Union Regulation (EU) 2021/1232. For video and image files stored on our servers or other cloud resources, we use an automated process to compare the relevant file fingerprints (i.e., file hashes) to the NCMEC-reported set of child sexual exploitation and abuse image hashes to prevent users from storing or distributing illegal content using our services.
It is important to note that this check only involves image and video files and is identified by file fingerprints (i.e., irreversible “hashes”), and the verification steps will be performed locally and securely, so that no one has the right to view the original files without your permission; at the same time, because the hash sets provided by NCMEC are dynamically updated, we may scan back your uploaded images and video files at certain time intervals to ensure the security of the service. At the same time, as the hash set provided by NCMEC will be updated dynamically, we may scan back the images and video files uploaded by you in a specific time cycle to ensure the security of the service.